Advisory Week


Week 32, 2022
National Cyber Awareness System
 
CISA Adds Two Known Exploited Vulnerabilities to Catalog 
Cisco Releases Security Update for Multiple Products
#StopRansomware: Zeppelin Ransomware
Palo Alto Networks Releases Security Update for PAN-OS
CISA Releases Cybersecurity Toolkit to Protect U.S. Elections
Microsoft Releases August 2022 Security Updates
Adobe Releases Security Updates for Multiple Products
VMware Releases Security Updates
CISA Adds Two Known Exploited Vulnerabilities to Catalog 
Adobe Security Bulletins and Advisories
 
Security Updates Available for Magento | APSB21-08 APSB22-38
Security update available for Adobe Acrobat and Reader | APSB21-09 APSB22-39
Security Updates Available for Adobe Framemaker | APSB21-14 APSB22-42
Ubuntu Security Notices
 
USN-5567-1: Linux kernel (OEM) vulnerabilities
USN-5566-1: Linux kernel vulnerabilities
USN-5565-1: Linux kernel vulnerabilities
USN-5564-1: Linux kernel (Intel IoTG) vulnerabilities
USN-5563-1: http-parser vulnerability
USN-5562-1: Linux kernel vulnerabilities
USN-5560-2: Linux kernel vulnerabilities
USN-5561-1: GNOME Web vulnerabilities
USN-5560-1: Linux kernel vulnerabilities
USN-5559-1: Moment.js vulnerabilities
USN-5558-1: libcdio vulnerabilities
USN-5557-1: Linux kernel vulnerabilities
USN-5555-1: GStreamer Good Plugins vulnerabilities
USN-5553-1: libjpeg-turbo vulnerabilities
USN-5554-1: GDK-PixBuf vulnerability
USN-5552-1: phpLiteAdmin vulnerability
Red Hat Security Advisory
 
(RHSA-2022:6043) Moderate: .NET 6.0 security, bug fix, and enhancement update
(RHSA-2022:6042) Important: Release of OpenShift Serverless Client kn 1.24.0
(RHSA-2022:6040) Important: Release of OpenShift Serverless 1.24.0
(RHSA-2022:5069) Important: OpenShift Container Platform 4.11.0 bug fix and security update
(RHSA-2022:5070) Moderate: OpenShift Container Platform 4.11.0 extras and security update
(RHSA-2022:6038) Moderate: .NET 6.0 security, bug fix, and enhancement update
(RHSA-2022:5068) Moderate: OpenShift Container Platform 4.11.0 packages and security update
(RHSA-2022:6037) Moderate: .NET Core 3.1 security, bug fix, and enhancement update
(RHSA-2022:6024) Moderate: New container image for Red Hat Ceph Storage 5.2 Security update
(RHSA-2022:6003) Moderate: kernel security, bug fix, and enhancement update
(RHSA-2022:6002) Moderate: kernel-rt security and bug fix update
(RHSA-2022:5997) Moderate: Red Hat Ceph Storage Security, Bug Fix, and Enhancement Update
(RHSA-2022:5879) Important: OpenShift Container Platform 4.9.45 bug fix and security update
(RHSA-2022:5998) Moderate: kernel security and bug fix update
(RHSA-2022:5948) Moderate: galera, mariadb, and mysql-selinux security, bug fix, and enhancement update
(RHSA-2022:5942) Moderate: vim security update
(RHSA-2022:5939) Moderate: kernel-rt security and bug fix update
(RHSA-2022:5937) Moderate: kernel security and bug fix update
(RHSA-2022:5934) Moderate: kernel-rt security and bug fix update
(RHSA-2022:5875) Moderate: OpenShift Container Platform 4.10.26 security update
(RHSA-2022:5928) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update
(RHSA-2022:5923) Important: Service Telemetry Framework 1.3 security update
(RHSA-2022:5924) Important: Service Telemetry Framework 1.4 security update
(RHSA-2022:5915) Moderate: Red Hat Kiali for OpenShift Service Mesh 2.2 security update
(RHSA-2022:5914) Moderate: Red Hat Kiali for OpenShift Service Mesh 2.1 security update
(RHSA-2022:5913) Moderate: Red Hat Kiali for OpenShift Service Mesh 2.0 security update
Cisco Security Advisory
 
Cisco Adaptive Security Appliance Software Clientless SSL VPN Client-Side Request Smuggling Vulnerability
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability
Microsoft Security
 
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
Windows Bluetooth Service Remote Code Execution Vulnerability
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
Windows WebBrowser Control Remote Code Execution Vulnerability
Windows Kernel Information Disclosure Vulnerability
System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
Azure Batch Node Agent Elevation of Privilege Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Windows Partition Management Driver Elevation of Privilege Vulnerability
Azure RTOS GUIX Studio Information Disclosure Vulnerability
Azure RTOS GUIX Studio Information Disclosure Vulnerability
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
Active Directory Domain Services Elevation of Privilege Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Windows Partition Management Driver Elevation of Privilege Vulnerability
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Information Disclosure Vulnerability
Windows Defender Credential Guard Security Feature Bypass Vulnerability
Windows Defender Credential Guard Information Disclosure Vulnerability
Windows Defender Credential Guard Information Disclosure Vulnerability
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Network File System Remote Code Execution Vulnerability
Microsoft Outlook Denial of Service Vulnerability
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Digital Media Receiver Elevation of Privilege Vulnerability
Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability
HTTP.sys Denial of Service Vulnerability
Windows Digital Media Receiver Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Windows Hyper-V Elevation of Privilege Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Unified Write Filter Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Kerberos Elevation of Privilege Vulnerability
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Windows Kernel Memory Information Disclosure Vulnerability
Windows Local Security Authority (LSA) Denial of Service Vulnerability
Microsoft ATA Port Driver Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Storage Spaces Direct Elevation of Privilege Vulnerability
Storage Spaces Direct Elevation of Privilege Vulnerability
Storage Spaces Direct Elevation of Privilege Vulnerability
Storage Spaces Direct Elevation of Privilege Vulnerability
Storage Spaces Direct Elevation of Privilege Vulnerability
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass
CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass
Azure Site Recovery Denial of Service Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
SMB Client and Server Remote Code Execution Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Microsoft Exchange Information Disclosure Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Information Disclosure Vulnerability
CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass
Microsoft Excel Security Feature Bypass Vulnerability
Windows Fax Service Elevation of Privilege Vulnerability
Microsoft Exchange Information Disclosure Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Defender Credential Guard Information Disclosure Vulnerability
Windows Defender Credential Guard Elevation of Privilege Vulnerability
.NET Spoofing Vulnerability
Microsoft Office Remote Code Execution Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability
Windows Error Reporting Service Elevation of Privilege Vulnerability
Windows Defender Credential Guard Elevation of Privilege Vulnerability
Windows Hello Security Feature Bypass Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Visual Studio Remote Code Execution Vulnerability
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Windows Bluetooth Driver Elevation of Privilege Vulnerability
Azure Sphere Information Disclosure Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
Google Security Advisories
 
Pixel Update Bulletin—August 2022 | Android Open Source Project
Android 13 Security Release Notes | Android Open Source Project
Android Security Bulletin—August 2022 | Android Open Source Project
Github Security Advisories
 
[GHSA-f4qr-f4xx-hjxw] OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information
[GHSA-78f9-745f-278p] Neo4j Graph apoc plugins Partial Path Traversal Vulnerability
[GHSA-33wh-w4m7-c6r8] update_by_case before 0.1.3 can be vulnerable to sql injection
[GHSA-j259-6c58-9m58] loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter
[GHSA-pcjh-6r5h-r92r] django-sendfile2 before 0.7.0 contains reflected file download vulnerability
[GHSA-gwj5-wp6r-5q9f] Cronos vulnerable to DoS through unintended Contract Selfdestruct
[GHSA-7r9x-qrpr-3cxw] mofh Vulnerable to Improper Restriction of XML External Entity Reference
[GHSA-qcgc-6q86-7x2p] AEM WCM Core Components CVG Image vulnerable to Reflected Cross-site Scripting
[GHSA-vjxv-45g9-9296] cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists
[GHSA-739f-hw6h-7wq8] PolicyController before 0.2.1 may bypass attestation verification
[GHSA-9jmq-rx5f-8jwq] nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths
CISA Known Exploted Vulnerabilities
 
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability CVE-2022-34713
RARLAB UnRAR Directory Traversal Vulnerability CVE-2022-30333
Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability CVE-2022-27925
Zimbra Collaboration (ZCS) Authentication Bypass Vulnerability CVE-2022-37042

The known exploited vulnerabilities list contains vulnerabilities that are known to be activly exploited. They may not be new or recently discovered. Vulnerabilities listed here were added to this list in the past week.