CVE-2022-2503 Linux Kernel LoadPin bypass via dm-verity table reload

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

biz.netcentric.cq.tools.aemmjml:aemmjml-components-bundle (=0.1.0), com.adobe.aem.commons:assetshare.core (>=1.9.6 <=3.13.0) +23 more potentially affected by CVE-2022-35697 via com.adobe.cq:core.wcm.components.core (>=1.1.0 <=2.20.6)

com.adobe.cq:core.wcm.components.core MAVEN version =1.1.0, =1.9.6, =2012.12.01, =2012.12.01, =0.0.6, =0.0.4, =0.0.6, =0.0.6, =1.2.0, =0.1.0, =2.5.0, =2.10.0, =2.10.0, =2.10.0, =2.20.6 and more Source cves: CVE-2022-35697 Source advisory: OSV:GHSA-QCGC-6Q86-7X2P...

org.dspace.modules:additions (>=4.0 <=5.10), org.dspace.modules:jspui (>=4.0 <=5.10) +18 more potentially affected by CVE-2022-31195 via org.dspace:dspace-api (>=4.0 <=5.10)

org.dspace:dspace-api MAVEN version =4.0, =4.0, =4.0, =4.0, =5.0, =5.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =5.0, =5.10 and more Source cves: CVE-2022-31195 Source advisory: OSV:GHSA-8RMH-55H4-93H5...

de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-identifiers-enduring-submission-jspui (=6.3.0) +1 more potentially affected by CVE-2022-31193 via org.dspace:dspace-jspui (>=6.0 <=6.3)

org.dspace:dspace-jspui MAVEN version =6.0, =6.2.0, =6.0, =6.3 Source cves: CVE-2022-31193 Source advisory: OSV:GHSA-763J-Q7WV-VF3M...

de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-identifiers-enduring-submission-jspui (=6.3.0) +1 more potentially affected by CVE-2022-31191 via org.dspace:dspace-jspui (>=6.0 <=6.3)

org.dspace:dspace-jspui MAVEN version =6.0, =6.2.0, =6.0, =6.3 Source cves: CVE-2022-31191 Source advisory: OSV:GHSA-C558-5GFM-P2R8...

org.apache.jspwiki.it:jspwiki-selenide-tests (>=2.11.0 <=2.11.2), org.apache.jspwiki:jspwiki-210-adapters (>=2.11.0 <=2.11.2) +5 more potentially affected by CVE-2022-27166 +1 more via org.apache.jspwiki:jspwiki-main (>=2.11.0 <=2.11.2)

org.apache.jspwiki:jspwiki-main MAVEN version =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.2 Source cves: CVE-2022-27166, CVE-2022-28732 Source advisory: OSV:GHSA-2FXF-QJ94-3F83...

Rocky Linux-system-roles bug fix and enhancement update

An update is available for rhel-system-roles. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Rocky Linux-system-roles package includes a collection of Ansib...

[SECURITY] Fedora 36 Update: golang-x-mod-0.6.0~dev-4.20220330git9b9b3d8.fc36

This packages holds packages for writing tools that work directly with Go mod ule mechanics. That is, it is for direct manipulation of Go modules themselves...

MGASA-2022-0272 Updated webmin packages fix security vulnerability

The webmin package has been updated to version 1.998, fixing XSS issues in the HTTP Tunnel and Read Mail modules, along with several other bugs...

yasm find_cc function denial of service vulnerability

yasm is yasm open source a completely rewritten Netwide assembler. A denial of service vulnerability exists in yasm version 1.3.0, which stems from the presence of a NULL pointer dereference in the findcc function in modules/preprocs/nasm/nasm-pp.c. An attacker could exploit this vulnerability to...

CVE-2022-35291

Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successfu...

Schneider Electric Modicon Insufficient Verification of Data Authenticity (CVE-2022-34763)

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon...

CVE-2022-30276

The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. They feature IP Gateway modules which allow for interfacing between Motorola Data Link Communication MDLC networks potentially over a variety of serial, RF and/or Ethernet links and TCP/IP networks...

CVE-2021-33458

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in findcc in modules/preprocs/nasm/nasm-pp.c...

CVE-2021-33460

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in ifcondition in modules/preprocs/nasm/nasm-pp.c...

Heap overflow

An issue was discovered in yasm version 1.3.0. There is a heap-buffer-overflow in incfopen in modules/preprocs/nasm/nasm-pp.c...

Null pointer dereference

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in findcc in modules/preprocs/nasm/nasm-pp.c...

Design/Logic Flaw

An issue was discovered in yasm version 1.3.0. There is a use-after-free in ppgetline in modules/preprocs/nasm/nasm-pp.c...

Null pointer dereference

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in dodirective in modules/preprocs/nasm/nasm-pp.c...

Null pointer dereference

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expandmmacro in modules/preprocs/nasm/nasm-pp.c...