Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Introducing EDR for Linux: Remediating and isolating threats on Linux servers

Our new EDR for Linux offering extends our advanced protection and response capabilities to Linux devices via Nebula and OneView. The post Introducing EDR for Linux: Remediating and isolating threats on Linux servers appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#mac#linux#git#auth#ssh
Turbulent Cyber Insurance Market Sees Rising Prices and Sinking Coverage

As insurers and brokers reckon with unexpected losses, they're charging more for policies and setting higher requirements.

CVE-2022-1982: Security Updates

Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post.

Threat Source newsletter (June 2, 2022) — An RSA Conference primer

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  Many of you readers may be gearing up for a West Coast swing over the next few weeks through San Francisco and Las Vegas for RSA and Cisco Live, respectively. And we’re right behind you!   Talos... [[ This is only the beginning! Please visit the blog for the complete entry ]]

CVE-2022-32200: DA's Libdwarf Vulnerabilities

libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.

CVE-2022-31500: Security Advisories | KNIME

In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions.

CVE-2022-29483

Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.

CVE-2020-28246: GitHub - formio/formio: A Form and Data Management Platform for Progressive Web Applications.

A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL.

CVE-2022-29695: Memory leaks caused by incomplete unicorn engine initialization. · Issue #1595 · unicorn-engine/unicorn

Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization.

CVE-2021-40186: DNN CMS Server-Side Request Forgery (CVE-2021-40186)

The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.