Advisory Week


Week 46, 2021
Ubuntu Security Notices
 
USN-5151-1: Mailman vulnerabilities
USN-5150-1: OpenEXR vulnerability
USN-5149-1: AccountsService vulnerability
USN-5148-1: hivex vulnerability
USN-5147-1: Vim vulnerabilities
Red Hat Security Advisory
 
(RHSA-2021:4743) Moderate: llvm-toolset:rhel8 security update
(RHSA-2021:4730) Moderate: devtoolset-11-binutils security update
(RHSA-2021:4729) Moderate: devtoolset-11-annobin security update
(RHSA-2021:4725) Moderate: OpenShift Virtualization 2.6.8 Images security and bug fix update
(RHSA-2021:4724) Moderate: devtoolset-10-annobin security update
(RHSA-2021:4723) Moderate: devtoolset-10-binutils security update
(RHSA-2021:4722) Moderate: OpenShift Virtualization 2.6.8 RPMs security and bug fix update
(RHSA-2021:4032) Low: Openshift Logging 5.2.3 bug fix and security update
(RHSA-2021:4628) Low: Openshift Logging 5.1.4 bug fix and security update
(RHSA-2021:4626) Moderate: RHV Manager (ovirt-engine) security update [ovirt-4.4.9]
(RHSA-2021:4703) Important: RHV Engine and Host Common Packages security update [ovirt-4.4.9]
(RHSA-2021:4702) Moderate: Satellite 6.10 Release
(RHSA-2021:4694) Moderate: rust-toolset-1.54-rust security update
(RHSA-2021:4692) Important: kernel security update
(RHSA-2021:4687) Important: kernel security update
(RHSA-2021:4686) Moderate: webkit2gtk3 security update
(RHSA-2021:4679) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.2 security update
(RHSA-2021:4676) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.2 security update on RHEL 7
(RHSA-2021:4677) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.2 security update on RHEL 8
(RHSA-2021:4627) Moderate: Openshift Logging 5.3.0 bug fix and security update
(RHSA-2021:4669) Moderate: devtoolset-11-gcc security update
(RHSA-2021:4647) Important: kernel security update
(RHSA-2021:4650) Important: kernel security, bug fix, and enhancement update
(RHSA-2021:4644) Important: kpatch-patch security update
(RHSA-2021:4645) Important: kpatch-patch security update
(RHSA-2021:4649) Moderate: gcc-toolset-10-binutils security update
(RHSA-2021:4648) Important: kernel-rt security and bug fix update
(RHSA-2021:4646) Important: kernel-rt security and bug fix update
Cisco Security Advisory
 
Cisco Common Services Platform Collector SQL Injection Vulnerability
Cisco Common Services Platform Collector Stored Cross-Site Scripting Vulnerability
Cisco Common Services Platform Collector Improper Logging Restriction Vulnerability
Github Security Advisories
 
[GHSA-6c7m-qwxj-mvhp] Broken encryption in EdgeX Foundry
[GHSA-vf7h-6246-hm43] The disqualify lead action may be executed without CSRF token check
[GHSA-xx4c-jj58-r7x6] Inefficient Regular Expression Complexity in Validator.js
[GHSA-3pqh-p72c-fj85] Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki
[GHSA-gpqc-4pp7-5954] Authentication Bypass by CSRF Weakness
[GHSA-8xfw-5q82-3652] Authentication Bypass by CSRF Weakness
[GHSA-6mqr-q86q-6gwr] Authentication Bypass by CSRF Weakness
[GHSA-26xx-m4q2-xhq8] Authentication Bypass by CSRF Weakness
[GHSA-5629-8855-gf4g] Authentication Bypass by CSRF Weakness
[GHSA-xm34-v85h-9pg2] Authentication Bypass by CSRF Weakness
[GHSA-mc8v-mgrf-8f4m] Clarify Content-Type handling
[GHSA-5j5w-g665-5m35] Ambiguous OCI manifest parsing
[GHSA-77vh-xpmg-72qh] Clarify `mediaType` handling
[GHSA-wwgq-9jhf-qgw6] Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys
[GHSA-7h26-63m7-qhf2] HTML comments vulnerability allowing to execute JavaScript code
[GHSA-pvmx-g8h5-cprj] Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML
[GHSA-r7cj-8hjg-x622] DBAL 3 SQL Injection Security Vulnerability
[GHSA-cq58-r77c-5jjw] Cross-site scripting (XSS) from image block content in the site frontend
[GHSA-x7j7-qp7j-hw3q] Cross-site scripting (XSS) from writer field content in the site frontend
[GHSA-wmpv-c2jp-j2xg] ERC1155Supply vulnerability in OpenZeppelin Contracts
[GHSA-p9m8-27x8-rg87] Critical vulnerability found in cron-utils
[GHSA-4999-659w-mq36] Authentication bypass issue in the Operator Console
[GHSA-844m-cpr9-jcmh] Secure/signed cookies share secrets between sites in a multi-site application
[GHSA-35rf-v2jv-gfg7] Privilege escalation to cluster admin on multi-tenant environments