Advisory Week


Week 47, 2022
National Cyber Awareness System
 
CISA Releases Eight Industrial Control Systems Advisories
Ubuntu Security Notices
 
USN-5743-1: LibTIFF vulnerability
USN-5742-1: JBIG-KIT vulnerability
USN-5741-1: Exim vulnerability
USN-5736-1: ImageMagick vulnerabilities
USN-5740-1: X.Org X Server vulnerabilities
USN-5739-1: MariaDB vulnerabilities
USN-5638-3: Expat vulnerability
USN-5737-1: APR-util vulnerability
USN-5735-1: Sysstat vulnerability
USN-5734-1: FreeRDP vulnerabilities
USN-5716-2: SQLite vulnerability
USN-5658-3: DHCP vulnerabilities
USN-5733-1: FLAC vulnerabilities
USN-5686-3: Git vulnerabilities
Red Hat Security Advisory
 
(RHSA-2022:8535) Moderate: OpenShift Container Platform 4.11.16 security update
(RHSA-2022:8534) Low: OpenShift Container Platform 4.11.16 security update
(RHSA-2022:8609) Important: OpenShift Virtualization 4.9.7 Images security update
(RHSA-2022:8598) Important: Red Hat Virtualization Host security update [ovirt-4.5.3-1]
(RHSA-2022:8580) Important: firefox security update
(RHSA-2022:8561) Important: thunderbird security update
(RHSA-2022:8560) Important: hsqldb security update
(RHSA-2022:8559) Important: hsqldb security update
(RHSA-2022:8556) Important: thunderbird security update
(RHSA-2022:8555) Important: thunderbird security update
(RHSA-2022:8554) Important: firefox security update
(RHSA-2022:8553) Important: firefox security update
(RHSA-2022:8552) Important: firefox security update
(RHSA-2022:8550) Important: firefox security update
(RHSA-2022:8549) Important: firefox security update
(RHSA-2022:8548) Important: firefox security update
(RHSA-2022:8545) Important: thunderbird security update
(RHSA-2022:8544) Important: thunderbird security update
(RHSA-2022:8543) Important: thunderbird security update
Amazon AWS Security Advisories
 
Reported AWS AppSync Issue
Github Security Advisories
 
[GHSA-562r-vg33-8x8h] TemporaryFolder on unix-like systems does not limit access to created files
[GHSA-gpv5-rp6w-58r8] Remote code execution vulnerability in dependency System.Drawing.Common
[GHSA-8w5g-3wcv-9g2j] Tensorflow vulnerable to Out-of-Bounds Read
[GHSA-r7qp-cfhv-p84w] Uncaught exception in engine.io
[GHSA-7x4w-j98p-854x] Cross site scripting vulnerability with discussion titles
[GHSA-cqvq-fvhr-v6hc] `CHECK` failure in `SobolSample` via missing validation
[GHSA-xf83-q765-xm6m] `CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode
[GHSA-q6jp-gcww-8v2j] Missing Authorization in Filter Stream Converter Application
[GHSA-p88w-fhxw-xvcc] Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-rest-server
[GHSA-p2x4-6ghr-6vmq] Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui
[GHSA-6w8h-26xx-cf8q] Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui
[GHSA-q2hm-2h45-v5g3] Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default
[GHSA-4x5r-6v26-7j4v] Creation of new database tables through login form on PostgreSQL
[GHSA-5j7g-cf6r-g2h7] Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui
[GHSA-p5v9-g8w8-5q4v] Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui
[GHSA-2gj2-vj98-j2qq] Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore
[GHSA-9hqh-fmhg-vq2j] Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml
[GHSA-mq7h-5574-hw9f] Cross-Site Request Forgery (CSRF) allowing to delete or rename tags
[GHSA-qccm-wmcq-pwr6] Tailscale daemon is vulnerable to information disclosure via CSRF
[GHSA-vqp6-rc3h-83cp] Tailscale Windows daemon is vulnerable to RCE via CSRF
[GHSA-442f-wcwq-fpcf] Prevent RCE when deserializing untrusted user input
[GHSA-pp3f-xrw5-q5j4] Lancet vulnerable to path traversal when unzipping files
[GHSA-3fjj-p79j-c9hh] Fastify: Incorrect Content-Type parsing can lead to CSRF attack
[GHSA-pf36-r9c6-h97j] Invalid char to bool conversion when printing a tensor
[GHSA-frqp-wp83-qggv] Heap overflow in `QuantizeAndDequantizeV2`
[GHSA-rjx6-v474-2ch9] Segfault in `CompositeTensorVariantToComponents`
[GHSA-mv77-9g28-cwg3] `CHECK` fail via inputs in `PyFunc`
[GHSA-368v-7v32-52fx] Overflow in `ResizeNearestNeighborGrad`
[GHSA-cg88-rpvp-cjv5] Out of bounds write in grappler in Tensorflow
[GHSA-g9fm-r5mm-rf9f] `CHECK_EQ` fail via input in `SparseMatrixNNZ`
[GHSA-xvwp-h6jv-7472] FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess
[GHSA-27rc-728f-x5w2] `CHECK` fail via inputs in `SdcaOptimizer`
[GHSA-hq7g-wwwp-q46h] `CHECK` fail via inputs in `SparseFillEmptyRowsGrad`
[GHSA-f2w8-jw48-fr7j] `FractionalMaxPoolGrad` Heap out of bounds read
[GHSA-rmg2-f698-wq35] `tf.raw_ops.Mfcc` crashes
[GHSA-gq2j-cr96-gvqx] `MirrorPadGrad` heap out of bounds read
[GHSA-h6q3-vv32-2cq5] Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite
[GHSA-67pf-62xr-q35m] `CHECK_EQ` fail in `tf.raw_ops.TensorListResize`
[GHSA-66vq-54fq-6jvv] Segfault in `tf.raw_ops.TensorListConcat`
[GHSA-h246-cgh4-7475] `CHECK` fail in `BCast` overflow
[GHSA-xxcj-rhqg-m46g] Segfault via invalid attributes in `pywrap_tfe_src.cc`
[GHSA-6x99-gv2v-q76v] FPE in `tf.image.generate_bounding_box_proposals`
[GHSA-8fvv-46hw-vpg3] Overflow in `tf.keras.losses.poisson`
[GHSA-54pp-c6pp-7fpx] Overflow in `ImageProjectiveTransformV2`
[GHSA-762h-vpvw-3rcx] Overflow in `FusedResizeAndPadConv2D`
[GHSA-jq6x-99hj-q636] Seg fault in `ndarray_tensor_bridge` due to zero and large inputs
[GHSA-w58w-79xv-6vcj] Out of bounds segmentation fault due to unequal op inputs in Tensorflow
[GHSA-3w3h-7xgx-grwc] Leakage Aliyun KeySecret
[GHSA-6cqj-6969-p57x] Lack of proper validation of server UUID can be used by the server to trick the client to accept invalid proofs
[GHSA-672p-m5jq-mrh8] Insufficient Verification of Proofs generated by the immudb server in client SDK.