Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

cryptmount Filesystem Manager 6.1.1

cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

Packet Storm
Open in Source
#linux
Eclipse Business Intelligence Reporting Tool 4.11.0 Remote Code Execution

Eclipse Business Intelligence Reporting Tool versions 4.11.0 and below suffer from a bypass vulnerability that allows for remote code execution.

4images 1.9 Remote Command Execution

4images version 1.9 suffers from a remote command execution vulnerability.

Debian Security Advisory 5305-1

Debian Linux Security Advisory 5305-1 - An integer overflow flaw was discovered in the CRL signature parser in libksba, an X.509 and CMS support library, which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5304-1

Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.

CVE-2022-39166: IBM Security Guardium is affected by the following vulnerabilities [CVE-2022-39166, CVE-2022-34917, CVE-2022-42889]

IBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response. IBM X-Force ID: 235405.

CVE-2022-38391: Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related IBM WebSphere Application Server Liberty and FasterXML jackson-databind

IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982.

CVE-2022-43875: Multiple Vulnerabilities Affect IBM Financial Transaction Manager for SWIFT Services (CVE-2022-4387, CVE-2022-43875)

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034.

CVE-2022-44643: Downloads | Grafana Enterprise Metrics documentation

A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not be applied when using this policy with the affected versions of the software. This issue affects: Grafana Labs Grafana Enterprise Metrics GEM 1.X versions prior to 1.7.1 on AMD64; GEM 2.X versions prior to 2.3.1 on AMD64.

CVE-2022-45942: baijiacmsV4 后台RCE | This_is_Y

A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4.