#dos

References Identification First version of the Microsoft Malware Protection Engine with this vulnerability addressed Version 1.1.19100.5 See Manage Updates Baselines Microsoft Defender Antivirus for more information. **Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?** Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state. **Why is no action required to install this update?** In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner. For enterprise deployments as well as end users,...

In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108617; Issue ID: ALPS06108617.

In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171729; Issue ID: ALPS06171729.

In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05852819; Issue ID: ALPS05852819.

Red Hat OpenShift Container Platform release 4.8.36 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0711: haproxy: Denial of service via set-cookie2 header

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1097: Mozilla: Use-after-free in NSSToken objects * CVE-2022-1196: Mozilla: Use-after-free after VR Process destruction * CVE-2022-1197: Mozilla: OpenPGP revocation information was ignored * CVE-2022-24713: Mozilla: Denial of Service via complex regular expressions * CVE-2022-28281: Mozilla: Out of bounds write due to unexpected WebAuthN Extensions...

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1097: Mozilla: Use-after-free in NSSToken objects * CVE-2022-1196: Mozilla: Use-after-free after VR Process destruction * CVE-2022-1197: Mozilla: OpenPGP revocation information was ignored * CVE-2022-24713: Mozilla: Denial of Service via complex regular expressions * CVE-2022-28281: Mozilla: Out of bounds write due to unex...

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1097: Mozilla: Use-after-free in NSSToken objects * CVE-2022-1196: Mozilla: Use-after-free after VR Process destruction * CVE-2022-1197: Mozilla: OpenPGP revocation information was ignored * CVE-2022-24713: Mozilla: Denial of Service via complex regular expressions * CVE-2022-28281: Mozilla: Out of bounds write due to unexpected WebAuthN Extensions...

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1097: Mozilla: Use-after-free in NSSToken objects * CVE-2022-1196: Mozilla: Use-after-free after VR Process destruction * CVE-2022-1197: Mozilla: OpenPGP revocation information was ignored * CVE-2022-24713: Mozilla: Denial of Service via complex regular expressions * CVE-2022-28281: Mozilla: Out of bounds write d...

A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce.