Apple Security Advisory

macOS Ventura 13.1 Security Content iOS 16.2 and iPadOS 16.2 Security Content iOS 15.7.2 and iPadOS 15.7.2 Security Content watchOS 9.2 Security Content tvOS 16.2 Security Content macOS Big Sur 11.7.2 Security Content macOS Monterey 12.6.2 Security Content Safari 16.2 Security Content iCloud for Windows 14.1 Security Content

National Cyber Awareness System

Samba Releases Security Updates FBI, FDA OCI, and USDA Release Joint Cybersecurity Advisory Regarding Business Email Compromise Schemes Used to Steal Food CISA Releases Forty-One Industrial Control Systems Advisories Drupal Releases Security Updates to Address Vulnerabilities in H5P and File (Field) Paths CISA Consolidates Twitter Accounts CISA Adds One Known Exploited Vulnerability to Catalog Apple Releases Security Updates for Multiple Products Microsoft Releases December 2022 Security Updates CISA Updates Advisory on #StopRansomware: Cuba Ransomware Citrix Releases Security Updates for Citrix ADC, Citrix Gateway Mozilla Releases Security Updates for Thunderbird and Firefox VMware Releases Security Updates for Multiple products CISA Adds Five Known Exploited Vulnerabilities to Catalog NSA, CISA, and ODNI Release Guidance on Potential Threats to 5G Network Slicing CISA Releases Three Industrial Control Systems Advisories Fortinet Releases Security Updates for FortiOS

Mozilla Security Advisories

Security Vulnerabilities fixed in Firefox 108 mfsa2022-51 Security Vulnerabilities fixed in Firefox ESR 102.6 mfsa2022-52 Security Vulnerabilities fixed in Thunderbird 102.6 mfsa2022-53

Ubuntu Security Notices

USN-5783-1: Linux kernel (OEM) vulnerability USN-5782-1: Firefox vulnerabilities USN-5781-1: Emacs vulnerability USN-5780-1: Linux kernel (OEM) vulnerabilities USN-5779-1: Linux kernel (Azure) vulnerabilities USN-5778-1: X.Org X Server vulnerabilities USN-5777-1: Pillow vulnerabilities USN-5776-1: containerd vulnerabilities USN-5775-1: Vim vulnerabilities USN-5774-1: Linux kernel (Azure) vulnerabilities USN-5756-3: Linux kernel (Azure) vulnerabilities USN-5773-1: Linux kernel (OEM) vulnerabilities USN-5754-2: Linux kernel (Azure) vulnerabilities USN-5772-1: QEMU vulnerabilities USN-5771-1: Squid regression

Red Hat Security Advisory

(RHSA-2022:8893) Moderate: OpenShift Container Platform 4.11.20 security update (RHSA-2022:9082) Important: kpatch-patch security update (RHSA-2022:9080) Important: thunderbird security update (RHSA-2022:9079) Important: thunderbird security update (RHSA-2022:9078) Important: thunderbird security update (RHSA-2022:9077) Important: thunderbird security update (RHSA-2022:9076) Important: thunderbird security update (RHSA-2022:9075) Important: thunderbird security update (RHSA-2022:9073) Moderate: nodejs:16 security, bug fix, and enhancement update (RHSA-2022:9072) Important: firefox security update (RHSA-2022:9071) Important: firefox security update (RHSA-2022:9070) Important: firefox security update (RHSA-2022:9069) Important: firefox security update (RHSA-2022:9068) Important: firefox security update (RHSA-2022:9067) Important: firefox security update (RHSA-2022:9066) Important: firefox security update (RHSA-2022:9065) Important: firefox security update (RHSA-2022:9058) Important: prometheus-jmx-exporter security update (RHSA-2022:9032) Important: Red Hat build of Eclipse Vert.x 4.3.4 security update (RHSA-2022:9047) Moderate: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update (RHSA-2022:9040) Important: Red Hat Advanced Cluster Management 2.6.3 security update (RHSA-2022:9029) Important: Red Hat Virtualization Host security update [ovirt-4.5.3-3] (RHSA-2022:8761) Moderate: Red Hat support for Spring Boot 2.7.2 update (RHSA-2022:9023) Important: Red Hat build of Quarkus 2.13.5 release and security update (RHSA-2022:8989) Important: kpatch-patch security update (RHSA-2022:8980) Important: thunderbird security update (RHSA-2022:8977) Moderate: dbus security update (RHSA-2022:8978) Moderate: grub2 security and bug fix update (RHSA-2022:8979) Important: firefox security update (RHSA-2022:8974) Important: kernel-rt security and bug fix update (RHSA-2022:8976) Moderate: 389-ds-base security update (RHSA-2022:8971) Moderate: usbguard security update (RHSA-2022:8973) Important: kernel security and bug fix update (RHSA-2022:8965) Important: Red Hat Single Sign-On 7.6.1 security update (RHSA-2022:8964) Important: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images (RHSA-2022:8963) Important: Red Hat Single Sign-On 7.6.1 security update on RHEL 9 (RHSA-2022:8962) Important: Red Hat Single Sign-On 7.6.1 security update on RHEL 8 (RHSA-2022:8961) Important: Red Hat Single Sign-On 7.6.1 security update on RHEL 7 (RHSA-2022:8959) Important: rh-maven36-bcel security update (RHSA-2022:8958) Important: bcel security update (RHSA-2022:8957) Important: Red Hat build of Quarkus Platform 2.7.6.SP3 and security update (RHSA-2022:8941) Important: kernel-rt security and bug fix update (RHSA-2022:8940) Important: kernel security and bug fix update (RHSA-2022:8938) Low: Release of OpenShift Serverless 1.26.0 (RHSA-2022:8932) Low: Release of OpenShift Serverless Client kn 1.26.0 (RHSA-2022:8913) Moderate: Red Hat JBoss Web Server 5.7.1 release and security update (RHSA-2022:8917) Moderate: Red Hat JBoss Web Server 5.7.1 release and security update (RHSA-2022:8915) Important: Red Hat Certificate System 9.7 security update

Node.js Security Advisories

OpenSSL 3.0.7 update assessment

Cisco Security Advisory

Cisco IOS Software for Cisco Integrated Services Routers Generation 2 Denial of Service Vulnerability Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial of Service Vulnerability Cisco IOS and Cisco IOS XE Software UDP Packet Processing Denial of Service Vulnerability Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability Cisco IOS and IOS XE Software Internet Key Exchange Denial of Service Vulnerability Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability Cisco IOS Software Network Address Translation Denial of Service Vulnerability Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerabilities Cisco IOS and IOS XE Software DHCP Version 4 Relay Denial of Service Vulnerability Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerability Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap Overflow Denial of Service Vulnerability Cisco RV132W and RV134W Remote Code Execution and Denial of Service Vulnerability Cisco IOS Software Simple Network Management Protocol GET MIB Object ID Denial of Service Vulnerability Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Arbitrary Command Execution Vulnerability Cisco IOS Software Login Enhancements Login Block Denial of Service Vulnerabilities Cisco IOS and IOS XE Software Internet Key Exchange Memory Leak Vulnerability Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities Cisco IOS and IOS XE Software DHCP Version 4 Relay Reply Denial of Service Vulnerability Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability Cisco Secure Access Control System Java Deserialization Vulnerability

Microsoft Security

Microsoft December 2022 Security Update Guide Chromium: CVE-2022-4440 Use after free in Profiles Chromium: CVE-2022-4439 Use after free in Aura Chromium: CVE-2022-4438 Use after free in Blink Frames Chromium: CVE-2022-4437 Use after free in Mojo IPC Chromium: CVE-2022-4436 Use after free in Blink Media Microsoft Office Graphics Remote Code Execution Vulnerability Microsoft Office Graphics Remote Code Execution Vulnerability Microsoft Office Graphics Remote Code Execution Vulnerability Microsoft Outlook for Mac Spoofing Vulnerability DirectX Graphics Kernel Elevation of Privilege Vulnerability Azure Network Watcher Agent Security Feature Bypass Vulnerability Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability Raw Image Extension Remote Code Execution Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Windows Error Reporting Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Windows Fax Compose Form Elevation of Privilege Vulnerability PowerShell Remote Code Execution Vulnerability Windows Graphics Component Information Disclosure Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability .NET Framework Remote Code Execution Vulnerability Microsoft Office Graphics Remote Code Execution Vulnerability Microsoft Office Graphics Remote Code Execution Vulnerability Microsoft Office Graphics Remote Code Execution Vulnerability Outlook for Android Elevation of Privilege Vulnerability Windows Kernel Denial of Service Vulnerability Microsoft Windows Sysmon Elevation of Privilege Vulnerability Windows Terminal Remote Code Execution Vulnerability Windows SmartScreen Security Feature Bypass Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Microsoft Office Visio Remote Code Execution Vulnerability Microsoft Office Visio Remote Code Execution Vulnerability Microsoft Office Visio Remote Code Execution Vulnerability Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft Office Graphics Remote Code Execution Vulnerability Microsoft Office OneNote Remote Code Execution Vulnerability Microsoft SharePoint Server Remote Code Execution Vulnerability Windows Kernel Elevation of Privilege Vulnerability Windows Hyper-V Denial of Service Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Information Disclosure Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability Windows Projected File System Elevation of Privilege Vulnerability Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Windows Bluetooth Driver Elevation of Privilege Vulnerability Windows Bluetooth Driver Information Disclosure Vulnerability Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability Windows Media Remote Code Execution Vulnerability Windows Media Remote Code Execution Vulnerability Windows Contacts Remote Code Execution Vulnerability Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability

Google Security Advisories

Chrome Releases: Stable Channel Update for Desktop Android Security Bulletin—December 2022 | Android Open Source Project

Jenkins Security Advisories

Jenkins Security Advisory 2022-12-07

Amazon AWS Security Advisories

Reported ECR Public Gallery Issue

Github Security Advisories

[GHSA-2c7v-qcjp-4mg2] .NET Remote Code Execution Vulnerability [GHSA-67fx-wx78-jx33] Helm vulnerable to denial of service through schema file [GHSA-53c4-hhmh-vw5q] Helm vulnerable to denial of service through through repository index file [GHSA-6rx9-889q-vv2r] Helm vulnerable to denial of service through string value parsing [GHSA-xqqc-c5gw-c5r5] Tendermint light client verification not taking into account chain ID [GHSA-g8q8-fggx-9r3q] Keycloak vulnerable to path traversal via double URL encoding [GHSA-97g8-xfvw-q4hg] Keycloak vulnerable to session takeover with OIDC offline refreshtokens [GHSA-rrfc-7g8p-99q8] Possible XSS vulnerability with certain configurations of rails-html-sanitizer [GHSA-9h9g-93gc-623h] Possible XSS vulnerability with certain configurations of rails-html-sanitizer [GHSA-mcvf-2q2m-x72m] Improper neutralization of data URIs may allow XSS in rails-html-sanitizer [GHSA-5x79-w82f-gw8w] Inefficient Regular Expression Complexity in rails-html-sanitizer [GHSA-3x8r-x6xp-q4vm] Uncontrolled Recursion in Loofah [GHSA-228g-948r-83gx] Improper neutralization of data URIs may allow XSS in Loofah [GHSA-486f-hjj9-9vhh] Inefficient Regular Expression Complexity in Loofah [GHSA-ppjq-qxhx-m25f] Authentication Bypass for WSFed [GHSA-8w3p-qh3x-6gjr] TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration [GHSA-c5wx-6c2c-f7rm] TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework [GHSA-mgj2-q8wp-29rr] TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset [GHSA-jfp7-79g7-89rf] TYPO3 CMS vulnerable to Weak Authentication in Frontend Login [GHSA-8c28-5mp7-v24h] TYPO3 CMS vulnerable to Denial of Service in Page Error Handling [GHSA-hvwx-qh2h-xcfj] TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting [GHSA-52h2-m2cf-9jh6] linux-loader reading beyond EOF could lead to infinite loop [GHSA-9v25-r5q2-2p6w] Candy Machine Set Collection During Mint Missing Check [GHSA-8r76-fr72-j32w] Creator Verification Error when Bubblegum Activate [GHSA-6jqm-3c9g-pch7] @cubejs-backend/api-gateway row level security bypass [GHSA-jv85-mqxj-3f9j] Sentry vulnerable to invite code reuse via cookie manipulation [GHSA-hh82-3pmq-7frp] Netty vulnerable to HTTP Response splitting from assigning header value iterator [GHSA-fx2c-96vj-985v] HAProxyMessageDecoder Stack Exhaustion DoS [GHSA-mjmj-j48q-9wg2] SnakeYaml Constructor Deserialization Remote Code Execution [GHSA-j8x2-2m5w-j939] Amazon CloudWatch Agent for Windows has Privilege Escalation Vector

CISA Known Exploted Vulnerabilities

Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability CVE-2022-42475 Microsoft Defender SmartScreen Security Feature Bypass Vulnerability CVE-2022-44698 Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability CVE-2022-27518 Veeam Backup & Replication Remote Code Execution Vulnerability CVE-2022-26500 Veeam Backup & Replication Remote Code Execution Vulnerability CVE-2022-26501 Apple iOS Type Confusion Vulnerability CVE-2022-42856

The known exploited vulnerabilities list contains vulnerabilities that are known to be activly exploited. They may not be new or recently discovered. Vulnerabilities listed here were added to this list in the past week.