AdvisoryWeek
Subscribe
Archives
2022-6 - Apple, Adobe, Mozilla, Canonical, Red Hat, Microsoft, Jenkins, GitHub
Published on February 14, 2022
Email address
Subscribe
Advisory Week
Week 6, 2022
Apple Security Advisory
iOS 15.3.1 and iPadOS 15.3.1 Security Content
macOS Monterey 12.2.1 Security Content
Safari 15.3 Security Content
Adobe Security Bulletins and Advisories
Security updates available for Adobe Photoshop | APSB21-28 APSB22-08
Security Updates Available for Adobe Illustrator | APSB21-12 APSB22-07
Security update available for Adobe Creative Cloud Desktop Application | APSB21-18 APSB22-11
Mozilla Security Advisories
Security Vulnerabilities fixed in Thunderbird 91.6 mfsa2022-06
Security Vulnerabilities fixed in Firefox 97 mfsa2022-04
Security Vulnerabilities fixed in Firefox ESR 91.6 mfsa2022-05
Ubuntu Security Notices
USN-5280-1: Speex vulnerability
USN-5279-1: util-linux vulnerabilities
USN-5278-1: Linux kernel (OEM) vulnerabilities
USN-5267-2: Linux kernel regression
USN-5276-1: NVIDIA graphics drivers vulnerabilities
USN-4754-5: Python vulnerability
USN-5275-1: BlueZ vulnerability
USN-5269-2: Django vulnerabilities
Red Hat Security Advisory
(RHSA-2022:0507) Important: Red Hat JBoss Data Virtualization 6.4.8.SP2 security update
(RHSA-2022:0339) Important: OpenShift Container Platform 4.9.19 security update
(RHSA-2022:0501) Moderate: Red Hat Integration - Service Registry release and security update [2.0.3.GA]
(RHSA-2022:0500) Important: .NET 6.0 on RHEL 7 security and bugfix update
(RHSA-2022:0499) Important: .NET 5.0 on RHEL 7 security and bugfix update
(RHSA-2022:0497) Important: Red Hat JBoss Data Virtualization 6.4.8.SP1 security update
(RHSA-2022:0495) Important: .NET 5.0 security and bugfix update
(RHSA-2022:0496) Important: .NET 6.0 security and bugfix update
(RHSA-2022:0477) Important: Red Hat OpenShift GitOps security update
(RHSA-2022:0476) Important: Red Hat OpenShift GitOps security update
(RHSA-2022:0482) Important: Red Hat Ansible Ansible Tower 3.8 security update
(RHSA-2022:0475) Low: RHV Manager (ovirt-engine) security update [ovirt-4.4.10-1]
(RHSA-2022:0474) Important: Red Hat Ansible Automation Platform 2.0 ansible-runner security update
(RHSA-2022:0473) Important: aide security update
(RHSA-2022:0472) Important: aide security update
(RHSA-2022:0469) Important: Red Hat AMQ Streams 2.0.1 release and security update
(RHSA-2022:0467) Important: Red Hat AMQ Streams 1.6.7 release and security update
(RHSA-2022:0464) Important: aide security update
(RHSA-2022:0460) Important: Red Hat Ansible Automation Platform 2.1 ansible-runner security update
(RHSA-2022:0457) Critical: samba security update
(RHSA-2022:0458) Critical: samba security update
(RHSA-2022:0456) Important: aide security update
(RHSA-2022:0447) Important: Red Hat Single Sign-On 7.5.1 security update on RHEL 7
(RHSA-2022:0448) Important: Red Hat Single Sign-On 7.5.1 security update on RHEL 8
(RHSA-2022:0450) Moderate: Red Hat Single Sign-On 7.5.1 for OpenShift image security and enhancement update
(RHSA-2022:0449) Moderate: Red Hat Single Sign-On 7.5.1 security update
(RHSA-2022:0446) Moderate: Red Hat Single Sign-On 7.4.10 security update
(RHSA-2022:0445) Moderate: Red Hat Single Sign-On 7.4.10 on OpenJ9 for OpenShift image security update
(RHSA-2022:0444) Moderate: Red Hat Single Sign-On 7.4.10 on OpenJDK for OpenShift image security update
(RHSA-2022:0443) Important: RHV-H security update (redhat-virtualization-host) 4.3.21
(RHSA-2022:0442) Important: log4j security update
(RHSA-2022:0440) Important: aide security update
(RHSA-2022:0441) Important: aide security update
Microsoft Security
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Outlook for Mac Security Feature Bypass Vulnerability
Azure Data Explorer Spoofing Vulnerability
Microsoft OneDrive for Android Security Feature Bypass Vulnerability
Microsoft Office Information Disclosure Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office ClickToRun Remote Code Execution Vulnerability
Microsoft Office Graphics Remote Code Execution Vulnerability
Windows User Account Profile Picture Denial of Service Vulnerability
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Common Log File System Driver Information Disclosure Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
Windows DWM Core Library Elevation of Privilege Vulnerability
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
Windows Mobile Device Management Remote Code Execution Vulnerability
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
.NET Denial of Service Vulnerability
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Microsoft Excel Information Disclosure Vulnerability
Named Pipe File System Elevation of Privilege Vulnerability
Microsoft SharePoint Server Security Feature BypassVulnerability
SQL Server for Linux Containers Elevation of Privilege Vulnerability
Microsoft Dynamics GP Remote Code Execution Vulnerability
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
Microsoft Dynamics GP Spoofing Vulnerability
Microsoft Power BI Elevation of Privilege Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft SharePoint Server Spoofing Vulnerability
Windows Hyper-V Denial of Service Vulnerability
Windows Common Log File System Driver Denial of Service Vulnerability
VP9 Video Extensions Remote Code Execution Vulnerability
Microsoft Teams Denial of Service Vulnerability
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
HEVC Video Extensions Remote Code Execution Vulnerability
HEVC Video Extensions Remote Code Execution Vulnerability
HEVC Video Extensions Remote Code Execution Vulnerability
Roaming Security Rights Management Services Remote Code Execution Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Runtime Remote Code Execution Vulnerability
Jenkins Security Advisories
Jenkins Security Advisory 2022-02-09
Github Security Advisories
[GHSA-47wr-426j-fr82] Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer
[GHSA-38r5-34mr-mvm7] "catalog's registry v2 api exposed on unauthenticated path in Harbor"
[GHSA-w3wf-cfx3-6gcx] SAML authentication vulnerability due to stdlib XML parsing
[GHSA-xhqq-x44f-9fgg] Authentication Bypass in github.com/russellhaering/gosaml2
[GHSA-h2fg-54x9-5qhq] Nil dereference in NATS JWT, DoS of nats-server
[GHSA-4w5x-x539-ppf5] Incorrect handling of credential expiry by NATS Server
[GHSA-fqfh-778m-2v32] GitHub CLI can execute a git binary from the current directory
[GHSA-h2x7-2ff6-v32p] Incorrect routing of some HTTP requests when using httpauth
[GHSA-4g4p-42wc-9f3m] Git LFS can execute a Git binary from the current directory
[GHSA-hv53-vf5m-8q94] Validation bypass vulnerability
[GHSA-742w-89gc-8m9c] containerd v1.2.x can be coerced into leaking credentials during image pull
[GHSA-f5pg-7wfw-84q9] CBC padding oracle issue in AWS S3 Crypto SDK for golang
[GHSA-76wf-9vgp-pj7w] Unencrypted md5 plaintext hash in metadata in AWS S3 Crypto SDK for golang
[GHSA-7f33-f4f5-xwgw] In-band key negotiation issue in AWS S3 Crypto SDK for golang
[GHSA-6qq8-5wq3-86rp] Open redirect in Traefik
[GHSA-5x29-3hr9-6wpw] TPM 1.2 key authorization values vulnerable to TPM transport eavesdropper in go-tpm
[GHSA-q9x4-q76f-5h5j] Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030)
[GHSA-33p6-fx42-7rf5] Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788)
[GHSA-rmj8-8hhh-gv5h] Information Exposure with Puma when used with Rails
[GHSA-wh98-p28r-vrc9] Possible exposure of information vulnerability in Action Pack
[GHSA-45w3-v3g4-54pm] Potential segfault in SPIFFE authenticator
[GHSA-qh73-qc3p-rjv2] Uncaught Exception in fastify-multipart
[GHSA-9jq9-c2cv-pcrj] Cross-site Scripting by SVG upload in xwiki-platform
[GHSA-vh5c-jqfg-mhrh] Cross-Site Request Forgery in xwiki-platform
[GHSA-v3mr-gp7j-pw5w] Possible SQL injection in tablelookupwizard Contao Extension
[GHSA-5mv2-rx3q-4w2v] Code injection in Twig
[GHSA-gjqc-q9g6-q2j3] `CHECK`-failures in binary ops in Tensorflow
[GHSA-4j82-5ccr-4r8v] `CHECK`-failures in `TensorByteSize` in Tensorflow
[GHSA-5f2r-qp73-37mr] `CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow
[GHSA-8r7c-3cm2-3h8f] Memory leak in Tensorflow
[GHSA-c94w-c95p-phf8] Integer overflow in Tensorflow
[GHSA-wm93-f238-7v37] Integer overflow in Tensorflow
[GHSA-8cxv-76p7-jxwr] Null-dereference in Tensorflow
[GHSA-87v6-crgm-2gfj] Division by zero in Tensorflow
[GHSA-gcvh-66ff-4mwm] `CHECK`-failures in Tensorflow
[GHSA-98j8-c9q4-r38g] Memory exhaustion in Tensorflow
[GHSA-c582-c96p-r5cq] Memory exhaustion in Tensorflow
[GHSA-m4hf-j54p-p353] Type confusion leading to segfault in Tensorflow
[GHSA-34f9-hjfq-rr8j] Overflow and uncaught divide by zero in Tensorflow
[GHSA-v3f7-j968-4h5f] Division by zero in Tensorflow
[GHSA-24x4-6qmh-88qg] Use after free in `DecodePng` kernel
[GHSA-5qw5-89mw-wcg2] Out of bounds write in Tensorflow
[GHSA-8rcj-c8pj-v3m3] Reachable Assertion in Tensorflow
[GHSA-wc4g-r73w-x8mm] Insecure temporary file in Tensorflow
[GHSA-qx3f-p745-w4hr] Integer overflow in Tensorflow
[GHSA-9c78-vcq7-7vxq] Out of bounds write in TFLite
[GHSA-4hvf-hxvg-f67v] Read and Write outside of bounds in TensorFlow
[GHSA-98p5-x8x4-c9m5] Integer overflow in TFLite
[GHSA-9gwq-6cwj-47h3] Integer overflow in TFLite array creation
[GHSA-4v5p-v5h9-6xjx] `CHECK`-failures in Tensorflow
[GHSA-gf2j-f278-xh4v] Division by zero in TFLite
[GHSA-428x-9xc2-m8mj] Division by zero in TFLite
[GHSA-44qp-9wwf-734r] Heap overflow in Tensorflow
[GHSA-3mw4-6rj6-74g5] Null pointer dereference in TensorFlow
[GHSA-x4qx-4fjv-hmw6] Integer overflow leading to crash in Tensorflow
[GHSA-f2vv-v9cg-qhh7] Assertion failure based denial of service in Tensorflow
[GHSA-pfjj-m3jj-9jc9] Undefined behavior in `SparseTensorSliceDataset`
[GHSA-rrx2-r989-2c43] Integer overflows in Tensorflow
[GHSA-6445-fm66-fvq2] Integer overflows in Tensorflow
[GHSA-qj5r-f9mv-rffh] `CHECK`-fails when building invalid tensor shapes in Tensorflow
[GHSA-h6gw-r52c-724r] NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow
[GHSA-43q8-3fv7-pr5x] Improper Validation of Integrity Check Value in TensorFlow
[GHSA-wcv5-vrvr-3rx2] Integer Overflow or Wraparound in TensorFlow
[GHSA-9p77-mmrw-69c7] Null-dereference in Tensorflow
[GHSA-fpcp-9h7m-ffpx] Null pointer dereference in TensorFlow
[GHSA-9x52-887g-fhc2] Out of bounds read in Tensorflow
[GHSA-gwcx-jrx4-92w2] Segfault in `simplifyBroadcast` in Tensorflow
[GHSA-vq36-27g6-p492] Out of bounds read in Tensorflow
[GHSA-247x-2f9f-5wp7] Stack overflow in TensorFlow
[GHSA-pqrv-8r2f-7278] Crash due to erroneous `StatusOr` in TensorFlow
[GHSA-9px9-73fg-3fqp] Null pointer dereference in Grappler's `IsConstant`
[GHSA-j3mj-fhpq-qqjj] Reachable Assertion in Tensorflow
[GHSA-rww7-2gpw-fv6j] Crash when type cannot be specialized in Tensorflow
[GHSA-fx5c-h9f6-rv7c] `CHECK`-fails due to attempting to build a reference tensor
[GHSA-8jj7-5vxc-pg2q] Integer overflow in TensorFlow
[GHSA-43jf-985q-588j] Multiple `CHECK`-fails in `function.cc` in TensowFlow
[GHSA-q85f-69q7-55h2] Uninitialized variable access in Tensorflow
[GHSA-fq6p-6334-8gr4] Memory leak in decoding PNG images
[GHSA-gx6h-936c-vrrr] Cross site scripting in registration template in xwiki-platform
[GHSA-77gp-3h4r-6428] Out of bounds read and write in Tensorflow
[GHSA-227w-wv4j-67h4] Class Loading Vulnerability in Artemis
[GHSA-wpfr-6297-9v57] User object created with invalid provider data in GoTrue
[GHSA-5888-ffcr-r425] Prototype Pollution leading to Remote Code Execution in superjson
[GHSA-hcw3-j74m-qc58] Array literal misordering in github.com/open-policy-agent/opa
[GHSA-2jhm-qp48-hv5j] Missing authorization in xwiki-platform
[GHSA-7ph6-5cmq-xgjq] Path traversal in xwiki-platform-skin-skinx
[GHSA-35fg-hjcr-j65f] Information exposure in xwiki-platform
[GHSA-jp55-vvmf-63mv] URL Redirection to Untrusted Site ('Open Redirect')
[GHSA-gf7x-2j2x-7f73] Missing authorization in xwiki-platform
[GHSA-mgjw-2wrp-r535] Remote code execution in xwiki-platform
[GHSA-f4cj-3q3h-884r] Partial authorization bypass on document save in xwiki-platform
[GHSA-vjg4-v33c-ggc4] Out of bounds read in Tensorflow
[GHSA-6gmv-pjp9-p8w8] Out of bounds read in Tensorflow
[GHSA-c6fh-56w7-fvjw] Integer overflow in Tensorflow
[GHSA-23hm-7w47-xw72] Out of bounds read in Tensorflow
[GHSA-qq97-vm5h-rrhg] OCI Manifest Type Confusion Issue
[GHSA-g6w6-r76c-28j7] Incorrect Authorization in NATS nats-server
[GHSA-mmj4-777p-fpq9] Validation bypass in frourio-express
[GHSA-8xxm-h73r-ghfj] Validation bypass in frourio
[GHSA-92x2-jw7w-xvvx] Cookie and header exposure in twisted
[GHSA-627q-g293-49q7] Abort caused by allocating a vector that is too large in Tensorflow
[GHSA-fq86-3f29-px2c] `CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow
[GHSA-ch68-7cf4-35vr] Limited ability to spoof SAML authentication with missing audience verification in Fleet
[GHSA-63qx-x74g-jcr7] Path traversal and dereference of symlinks in Argo CD