Advisory Week


Week 2, 2022
Apple Security Advisory
 
iOS 15.2.1 and iPadOS 15.2.1 Security Content
Adobe Security Bulletins and Advisories
 
Security Updates Available for Adobe Illustrator | APSB21-12 APSB22-02
Security Update Available for Adobe InDesign | APSB20-66 APSB22-05
Security Update Available for Adobe InCopy | APSB21-05 APSB22-04
Security Updates Available for Adobe Bridge | APSB21-23 APSB22-03
Security update available for Adobe Acrobat and Reader | APSB21-09 APSB22-01
Mozilla Security Advisories
 
Security Vulnerabilities fixed in Firefox 96 mfsa2022-01
Security Vulnerabilities fixed in Firefox ESR 91.5 mfsa2022-02
Security Vulnerabilities fixed in Thunderbird 91.5 mfsa2022-03
Ubuntu Security Notices
 
USN-5229-1: Firefox vulnerabilities
USN-5224-2: Ghostscript vulnerabilities
USN-5227-1: Pillow vulnerabilities
USN-5226-1: systemd vulnerability
USN-5210-2: Linux kernel regression
USN-5223-1: Apache Log4j 1.2 vulnerability
USN-5225-1: lxml vulnerability
USN-5224-1: Ghostscript vulnerabilities
USN-5222-1: Apache Log4j 2 vulnerabilities
USN-5043-2: Exiv2 regression
USN-5219-1: Linux kernel vulnerability
USN-5218-1: Linux kernel (OEM) vulnerabilities
USN-5217-1: Linux kernel (OEM) vulnerabilities
USN-5212-2: Apache HTTP Server vulnerabilities
Red Hat Security Advisory
 
(RHSA-2022:0138) Moderate: Red Hat AMQ Streams 2.0.0 release and security update
(RHSA-2022:0133) Important: Red Hat Virtualization Host security and bug fix update [ovirt-4.4.9] Async #2
(RHSA-2022:0127) Important: thunderbird security update
(RHSA-2022:0129) Important: thunderbird security update
(RHSA-2022:0128) Important: thunderbird security update
(RHSA-2022:0131) Important: thunderbird security update
(RHSA-2022:0132) Important: firefox security update
(RHSA-2022:0130) Important: firefox security update
(RHSA-2022:0126) Important: firefox security update
(RHSA-2022:0124) Important: firefox security update
(RHSA-2022:0125) Important: firefox security update
(RHSA-2022:0123) Important: thunderbird security update
(RHSA-2022:0026) Low: OpenShift Container Platform 4.6.53 security update
(RHSA-2022:0024) Moderate: OpenShift Container Platform 4.6.53 security update
(RHSA-2022:0108) Moderate: ansible-runner security and bug fix update
(RHSA-2022:0063) Moderate: kernel security and bug fix update
(RHSA-2022:0059) Moderate: webkitgtk4 security update
(RHSA-2022:0072) Moderate: kernel security update
(RHSA-2022:0082) Critical: Red Hat Process Automation Manager 7.11.1 security update
(RHSA-2022:0064) Moderate: openssl security update
(RHSA-2022:0065) Moderate: kernel-rt security and bug fix update
(RHSA-2022:0081) Low: virt:av and virt-devel:av security and bug fix update
(RHSA-2022:0076) Moderate: idm:DL1 security update
(RHSA-2022:0075) Moderate: webkit2gtk3 security update
(RHSA-2022:0074) Important: samba security update
(RHSA-2022:0073) Moderate: cpio security update
(RHSA-2022:0078) Moderate: kernel-rt security and bug fix update
(RHSA-2022:0047) Low: Red Hat OpenShift Enterprise Logging security and bug fix update (5.0.11)
(RHSA-2022:0044) Important: Red Hat OpenShift Enterprise Logging bug fix and security update (5.3.2)
(RHSA-2022:0043) Low: Red Hat OpenShift Enterprise Logging security and bug fix update (5.2.5)
(RHSA-2022:0042) Low: Red Hat OpenShift Enterprise Logging security and bug fix update (5.1.6)
Cisco Security Advisory
 
Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability
Cisco Security Manager Cross-Site Scripting Vulnerabilities
Cisco Enterprise Chat and Email Vulnerabilities
Cisco IP Phones Information Disclosure Vulnerability
Cisco Prime Infrastructure and Evolved Programmable Network Manager Vulnerabilities
Cisco Prime Access Registrar Appliance Cross-Site Scripting Vulnerability
Cisco Secure Network Analytics Cross-Site Scripting Vulnerability
Cisco Tetration Command Injection Vulnerability
Cisco Adaptive Security Device Manager Information Disclosure Vulnerability
Microsoft Security
 
Microsoft Exchange Server Remote Code Execution Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
DirectX Graphics Kernel Remote Code Execution Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows DWM Core Library Elevation of Privilege Vulnerability
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability
Windows IKE Extension Denial of Service Vulnerability
Windows IKE Extension Denial of Service Vulnerability
Microsoft Word Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Windows User Profile Service Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
Windows IKE Extension Remote Code Execution Vulnerability
Windows IKE Extension Denial of Service Vulnerability
Windows Kerberos Elevation of Privilege Vulnerability
Windows Defender Credential Guard Security Feature Bypass Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Hyper-V Denial of Service Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability
Workstation Service Remote Protocol Security Feature Bypass Vulnerability
Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass
DirectX Graphics Kernel Remote Code Execution Vulnerability
.NET Framework Denial of Service Vulnerability
Microsoft Cluster Port Driver Elevation of Privilege Vulnerability
Windows Installer Elevation of Privilege Vulnerability
HTTP Protocol Stack Remote Code Execution Vulnerability
Windows Defender Application Control Security Feature Bypass Vulnerability
Windows Hyper-V Security Feature Bypass Vulnerability
Windows GDI Information Disclosure Vulnerability
Windows GDI Elevation of Privilege Vulnerability
Windows DWM Core Library Elevation of Privilege Vulnerability
Windows Hyper-V Elevation of Privilege Vulnerability
Windows Hyper-V Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
Remote Desktop Protocol Remote Code Execution Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Modern Execution Server Remote Code Execution Vulnerability
Win32k Elevation of Privilege Vulnerability
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
Windows IKE Extension Denial of Service Vulnerability
Windows IKE Extension Denial of Service Vulnerability
Win32k Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows GDI+ Information Disclosure Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Geolocation Service Remote Code Execution Vulnerability
Storage Spaces Controller Information Disclosure Vulnerability
Win32k Information Disclosure Vulnerability
Windows Storage Elevation of Privilege Vulnerability
Windows Security Center API Remote Code Execution Vulnerability
Tile Data Repository Elevation of Privilege Vulnerability
Windows Event Tracing Elevation of Privilege Vulnerability
Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability
Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability
Clipboard User Service Elevation of Privilege Vulnerability
Windows Devices Human Interface Elevation of Privilege Vulnerability
Windows Push Notifications Apps Elevation Of Privilege Vulnerability
Windows System Launcher Elevation of Privilege Vulnerability
Connected Devices Platform Service Elevation of Privilege Vulnerability
Windows UI Immersive Server API Elevation of Privilege Vulnerability
Windows StateRepository API Server file Elevation of Privilege Vulnerability
Windows Application Model Core API Elevation of Privilege Vulnerability
Task Flow Data Engine Elevation of Privilege Vulnerability
Windows AppContracts API Server Elevation of Privilege Vulnerability
Windows Accounts Control Elevation of Privilege Vulnerability
Windows Bind Filter Driver Elevation of Privilege Vulnerability
Active Directory Domain Services Elevation of Privilege Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability
Windows Cleanup Manager Elevation of Privilege Vulnerability
Windows Certificate Spoofing Vulnerability
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability
Virtual Machine IDE Drive Elevation of Privilege Vulnerability
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
Windows GDI+ Information Disclosure Vulnerability
HEVC Video Extensions Remote Code Execution Vulnerability
DirectX Graphics Kernel File Denial of Service Vulnerability
Windows User Profile Service Elevation of Privilege Vulnerability
Libarchive Remote Code Execution Vulnerability
Open Source Curl Remote Code Execution Vulnerability
Windows DWM Core Library Elevation of Privilege Vulnerability
Google Security Advisories
 
Android Automotive OS Update Bulletin—January 2022 | Android Open Source Project
Android Security Bulletin—January 2022 | Android Open Source Project
Amazon AWS Security Advisories
 
Reported AWS Glue Issue
Reported AWS CloudFormation Issue
Github Security Advisories
 
[GHSA-64g7-mvw6-v9qj] Improper Privilege Management in shelljs
[GHSA-5hfj-r725-wpc4] Arbitrary code execution in october/system
[GHSA-wv23-pfj7-2mjj] Authenticated file write leads to remote code execution in october/system
[GHSA-5v2h-r2cx-5xgj] Inefficient Regular Expression Complexity in marked
[GHSA-rrrm-qjm4-v8hf] Inefficient Regular Expression Complexity in marked
[GHSA-cjg2-2fjg-fph4] Integer underflow in Frontier
[GHSA-xh99-hw7h-wf63] Unchecked validity of Facing values in PlayerActionPacket
[GHSA-273r-mgr4-v34f] Uncaught Exception in engine.io
[GHSA-m6w8-fq7v-ph4m] GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior
[GHSA-7p8f-8hjm-wm92] Lookup operations do not take into account wildcards in SpiceDB
[GHSA-7w54-gp8x-f33m] Potential exposure of tokens to an Unauthorized Actor
[GHSA-4h9c-v5vg-5m6m] Access to restricted PHP code by dynamic static class access in smarty
[GHSA-29gp-2c3m-3j6m] Sandbox Escape by math function in smarty
[GHSA-m7vp-hqwv-7m5x] Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints
[GHSA-qc9x-gjcv-465w] Pipenv's requirements.txt parsing allows malicious index url in comments
[GHSA-6vfc-qv3f-vr6c] Uncontrolled Resource Consumption in markdown-it
[GHSA-hrgx-7j6v-xj82] Reflected cross-site scripting (XSS) vulnerability
[GHSA-rrgw-3hg3-9x8c] XSS vulnerability in translations
[GHSA-2w8g-m5j8-7m87] Zalgo-like output that crashes the server