vulnerability

April 12, 2018

THREAT RESEARCH

Vulnerability Spotlight: TALOS-2018-0529-531 – Multiple Vulnerabilities in NASA CFITSIO library

1 min read

Vulnerabilities discovered by Tyler Bohan from Talos Overview Talos is disclosing three remote code execution vulnerabilities in the NASA CFITSIO library. CFITSIO is a library of C and Fortran subroutines...

April 11, 2018

THREAT RESEARCH

Vulnerability Spotlight: Multiple Simple DirectMedia Layer Vulnerabilities

1 min read

Vulnerabilities identified in Simple DirectMedia Layer's SDL2_Image library could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D.

April 11, 2018

THREAT RESEARCH

Vulnerability Spotlight: Multiple Computerinsel PhotoLine PSD Code Execution Vulnerabilities

1 min read

Cisco Talos discloses a vulnerability within the PSD-parsing functionality of Computerinsel Photoline, an image processing tool. PSD is a document format used by Adobe Photoshop and supported by many third-party applications.

April 4, 2018

THREAT RESEARCH

Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilities

1 min read

Vulnerabilities discovered by Cory Duplantis from Talos Overview Talos has discovered multiple vulnerabilities in Natus NeuroWorks software. This software is used in the Natus Xltek EEG medical products from...

March 1, 2018

THREAT RESEARCH

Vulnerability Spotlight: Simple DirectMedia Layer’s SDL2_Image

1 min read

Overview Talos is disclosing several vulnerabilities identified in Simple DirectMedia Layer's SDL2_Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low...

March 1, 2018

THREAT RESEARCH

Vulnerability Spotlight: Dovecot out-of-bounds Read Vulnerability

1 min read

Overview Today, Cisco Talos is disclosing a single out-of-bounds read vulnerability in the Dovecot IMAP server. Dovecot is a popular internet message access protocol, or IMAP, server...

February 5, 2018

SECURITY

Understanding the Attack Vectors of CVE-2018-0101 – Cisco ASA Remote Code Execution and Denial of Service Vulnerabilit …

4 min read

On January 29, 2018, the Cisco PSIRT published a security advisory about a remote code execution and denial of service vulnerability affecting the Cisco ASA and Cisco Next-Generation Firewall platforms.

January 10, 2018

THREAT RESEARCH

Vulnerability Spotlight: Ruby Rails Gem XSS Vulnerabilities

1 min read

Talos has discovered two XSS vulnerabilities in Ruby Rails Gems. Rails is a Ruby framework designed to create web services or web pages. Ruby Gems is a package manager for distributing software packages as ‘gems’. The two XSS vulnerabilities were discovered in two different gem packages: delayed_job_web and rails_admin. Ruby is widely used as a […]

January 9, 2018

THREAT RESEARCH

Vulnerability Spotlight: Multiple Vulnerabilities in the CPP and Parity Ethereum Client

1 min read

Talos discloses vulnerabilities in CPP and Parity Ethereum clients: a denial of service vulnerability in libevm, plus a permissive cross-domain (CORS) whitelist policy vulnerability in the Ethereum Parity client.