PT-2022-22152 · Dell · Dell Container Storage Modules

Name of the Vulnerable Software and Affected Versions: Dell Container Storage Modules version 1.2 Description: The issue is related to a path traversal vulnerability in the goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this, leading to...

PT-2022-22151 · Dell · Dell Container Storage Modules

Name of the Vulnerable Software and Affected Versions: Dell Container Storage Modules version 1.2 Description: The issue is related to an OS command injection in the goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this, leading to the executi...

Dell Container Storage Modules 操作系统命令注入漏洞

Dell Container Storage Modules is a set of modules from Dell USA. Dell Container Storage Modules version 1.2 contains an operating system command injection vulnerability, which stems from a failure to properly filter constructed command special characters, commands, etc. in the goiscsi and gobric...

Ubuntu: Security Advisory (USN-346-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-377-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MAL-2022-1420 Malicious code in babelllugintransformes2015modulescommonjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85a16e3db18168e71a2eeec8f9190a55ae782642089ef8b41719535a6a434a82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-35113

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via swfDefineLosslessBitsTagToImage at /modules/swfbits.c...

AZL-10559 CVE-2022-2503 affecting package kernel for versions less than 5.15.67.1-4

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

DEBIAN-CVE-2022-2503

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

CVE-2022-2503

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

UBUNTU-CVE-2022-2503

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

CVE-2022-2503 Linux Kernel LoadPin bypass via dm-verity table reload

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

Google Dm-verity 授权问题漏洞

Google Dm-verity is a root filesystem used to extend the root of trust to multiple distributions by Google, USA. A security vulnerability exists in Google Dm-verity. An attacker could use this vulnerability to bypass LoadPin and load untrusted and unverified kernel modules and firmware...

CVE-2022-2503

CVE-2022-2503 affects Linux kernels using Dm-verity/LoadPin. A device-mapper table reload can swap the target to an equivalent dm-linear target, bypassing verification until reboot and allowing root to load untrusted/unsigned kernel modules and firmware. This can enable arbitrary kernel execution...

biz.netcentric.cq.tools.aemmjml:aemmjml-components-bundle (=0.1.0), com.adobe.aem.commons:assetshare.core (>=1.9.6 <=3.13.0) +23 more potentially affected by CVE-2022-35697 via com.adobe.cq:core.wcm.components.core (>=1.1.0 <=2.20.6)

com.adobe.cq:core.wcm.components.core MAVEN version =1.1.0, =1.9.6, =2012.12.01, =2012.12.01, =0.0.6, =0.0.4, =0.0.6, =0.0.6, =1.2.0, =0.1.0, =2.5.0, =2.10.0, =2.10.0, =2.10.0, =2.20.6 and more Source cves: CVE-2022-35697 Source advisory: OSV:GHSA-QCGC-6Q86-7X2P...

org.dspace.modules:additions (>=4.0 <=5.10), org.dspace.modules:jspui (>=4.0 <=5.10) +18 more potentially affected by CVE-2022-31195 via org.dspace:dspace-api (>=4.0 <=5.10)

org.dspace:dspace-api MAVEN version =4.0, =4.0, =4.0, =4.0, =5.0, =5.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =4.0, =5.0, =5.10 and more Source cves: CVE-2022-31195 Source advisory: OSV:GHSA-8RMH-55H4-93H5...

de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-identifiers-enduring-submission-jspui (=6.3.0) +1 more potentially affected by CVE-2022-31193 via org.dspace:dspace-jspui (>=6.0 <=6.3)

org.dspace:dspace-jspui MAVEN version =6.0, =6.2.0, =6.0, =6.3 Source cves: CVE-2022-31193 Source advisory: OSV:GHSA-763J-Q7WV-VF3M...

de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-identifiers-enduring-submission-jspui (=6.3.0) +1 more potentially affected by CVE-2022-31191 via org.dspace:dspace-jspui (>=6.0 <=6.3)

org.dspace:dspace-jspui MAVEN version =6.0, =6.2.0, =6.0, =6.3 Source cves: CVE-2022-31191 Source advisory: OSV:GHSA-C558-5GFM-P2R8...

org.apache.jspwiki.it:jspwiki-selenide-tests (>=2.11.0 <=2.11.2), org.apache.jspwiki:jspwiki-210-adapters (>=2.11.0 <=2.11.2) +5 more potentially affected by CVE-2022-27166 +1 more via org.apache.jspwiki:jspwiki-main (>=2.11.0 <=2.11.2)

org.apache.jspwiki:jspwiki-main MAVEN version =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.2 Source cves: CVE-2022-27166, CVE-2022-28732 Source advisory: OSV:GHSA-2FXF-QJ94-3F83...

Rocky Linux-system-roles bug fix and enhancement update

An update is available for rhel-system-roles. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Rocky Linux-system-roles package includes a collection of Ansib...