remote code execution
Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities
Marcin "Icewall" Noga of Cisco Talos discovered these vulnerabilities. Executive Summary Cisco Talos discovered two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level...
Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilites
In April 2018, Talos published 5 vulnerabilities in Natus NeuroWorks software. We have identified 3 additional vulnerabilities in the Natus Xltek EEG medical products from Natus Medical Inc.
Understanding the Attack Vectors of CVE-2018-0101 – Cisco ASA Remote Code Execution and Denial of Service Vulnerabilit …
On January 29, 2018, the Cisco PSIRT published a security advisory about a remote code execution and denial of service vulnerability affecting the Cisco ASA and Cisco Next-Generation Firewall platforms.
Vulnerability Spotlight: Multiple Vulnerabilities in Cesanta Mongoose Server
These vulnerabilities were discovered by Aleksandar Nikolic of Cisco Talos Today, Talos is disclosing several vulnerabilities that have been identified in Cesanta Mongoose server. Cesanta Mongoose is a library implementing a number of networking protocols, including HTTP, MQTT, MDNS and others. It is designed with embedded devices in mind and as such is used in […]
Vulnerability Spotlight: Multiple vulnerabilities in Computerinsel Photoline
These vulnerabilities are discovered by Piotr Bania of Cisco Talos. Today, Talos is releasing details of multiple vulnerabilities discovered within the Computerinsel GmbH PhotoLine image processing software. PhotoLine, developed by Computerinsel GmbH, is a well established raster and vector graphics editor for Windows and Mac OS X that can also be used for desktop publishing. […]
Vulnerability Spotlight: LibOFX Tag Parsing Code Execution Vulnerability
This vulnerability was discovered by Cory Duplantis of Talos Update 9/20/2017: A patch is now available to fix this issue. Overview LibOFX is an open source implementation of OFX (Open Financial Exchange) an open format used by financial institutions to share financial data with clients. As an implementation of a complex standard, this library is […]
Vulnerability Spotlight: Power Software PowerISO ISO Code Execution Vulnerabilities
These vulnerabilities were discovered by Piotr Bania of Cisco Talos. Today, Talos is releasing details of a new vulnerability discovered within the Power Software PowerISO disk imaging software. TALOS-2017-0318 and TALOS-2017-0324 may allow an attacker to execute arbitrary code remotely on the vulnerable system when a specially crafted ISO image is opened and parsed by […]
Vulnerability Spotlight: Apple Remote Code Execution With Image Files
Vulnerabilities discovered by Tyler Bohan of Cisco Talos. Many of the wide variety of file formats are designed for specialized uses within specific industries. Apple offers APIs as interfaces to provide a definitive way to access image data for multiple image formats on the Apple OS X platform. Talos is disclosing the presence of five […]
Microsoft Patch Tuesday – January 2016
The first Patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is relatively light with nine bulletins addressing 25 vulnerabilities. Six bulletins are rated critical and address vulnerabilities in Edge, Internet Explorer, JScript/VBScript, Office, Silverlight, and Windows. […]