[SECURITY] Fedora 36 Update: golang-github-mmarkdown-mmark-2.2.10-6.fc36

Mmark is a powerful markdown processor written in Go, geared towards writing IETF documents. It is, however, also suited for writing complete books and ot her technical documentation, like the Learning Go book mmark source, and I-D text output...

USN-5535-1: Intel Microcode vulnerabilities

Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. CVE-2021-0145 Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug...

CVE-2022-30272

The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy Configurator, firmware updates are performed through access to the Web UI where file system, kerne...

OESA-2022-1776 virglrenderer security update

The virgil3d rendering library is a library used by qemu to implement 3D GPU support for the virtio GPU. Security Fixes: No description is available for this CVE.CVE-2022-0175...

OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

CVE-2022-22214

An Improper Input Validation vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent attacker to cause a PFE crash and thereby a Denial of Service DoS. An FPC will crash and reboot after receiving a specific transit IPv6 packet over...

IBM PowerVM Hypervisor 权限许可和访问控制问题漏洞

IBM PowerVM Hypervisor is an application from Universal Business Machines IBM, Inc. Providing a secure and scalable virtualized environment, these applications are built on the advanced RAS features and leading performance of the Power Systems platform. IBM PowerVM Hypervisor is vulnerable to a...

Fedora: Security Advisory for golang-github-pdfcpu (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-github-pdfcpu-0.3.13-2.fc35

A PDF processor written in Go...

[SECURITY] Fedora 35 Update: golang-github-mmarkdown-mmark-2.2.10-5.fc35

Mmark is a powerful markdown processor written in Go, geared towards writing IETF documents. It is, however, also suited for writing complete books and ot her technical documentation, like the Learning Go book mmark source, and I-D text output...

CVE-2021-26382

An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor ACP, irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service...

Denial of service

An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor ACP, irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service...

CVE-2021-26382

An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor ACP, irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service...

nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...

Missing Linux Kernel mitigations for 'Processor MMIO Stale Data' hardware vulnerabilities (INTEL-SA-00615)

The remote host is missing one or more known mitigations on Linux Kernel side for the referenced SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

CVE-2022-23825

A flaw was found in hw. Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type, potentially leading to information disclosure...

CVE-2022-23825

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9590)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9590 advisory. - floppy: use a statically allocated error counter Willy Tarreau Orabug: 34218638 CVE-2022-1652 - x86: Disable RET on kexec Konrad Rzeszutek Wilk...

rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.

...

The vulnerability of AMD Secure Processor’s microprogramming software lies in insufficient validation of input data, allowing a hacker to execute arbitrary code.

The vulnerability of AMD Secure Processor ASP microprogramming software lies in insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code on the target system...