vulnerability spotlight

April 13, 2018

THREAT RESEARCH

Vulnerability Spotlight: Multiple Vulnerabilities in Moxa EDR-810 Industrial Secure Router

Vulnerabilities have been identified in Moxa EDR-810, an industrial secure router with firewall/NAT/VPN and managed Layer 2 switch functions. It is designed for Ethernet-based security applications in remote control or monitoring networks.

April 11, 2018

THREAT RESEARCH

Vulnerability Spotlight: Multiple Simple DirectMedia Layer Vulnerabilities

Vulnerabilities identified in Simple DirectMedia Layer's SDL2_Image library could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D.

April 11, 2018

THREAT RESEARCH

Vulnerability Spotlight: Multiple Computerinsel PhotoLine PSD Code Execution Vulnerabilities

Cisco Talos discloses a vulnerability within the PSD-parsing functionality of Computerinsel Photoline, an image processing tool. PSD is a document format used by Adobe Photoshop and supported by many third-party applications.

March 1, 2018

THREAT RESEARCH

Vulnerability Spotlight: Simple DirectMedia Layer’s SDL2_Image

Overview Talos is disclosing several vulnerabilities identified in Simple DirectMedia Layer's SDL2_Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low...

January 17, 2018

THREAT RESEARCH

Vulnerability Spotlight: Tinysvcmdns Multi-label DNS DoS Vulnerabilility

Overview Talos is disclosing a single NULL pointer dereference vulnerability in the tinysvcmdns library. Tinysvcmdns is a tiny MDNS responder implementation for publishing services. This is essentially a mini and embedded version of Avahi or Bonjour. Read More >>

December 19, 2017

THREAT RESEARCH

Vulnerability Spotlight: VMWare VNC Vulnerabilities

Today, Talos is disclosing a pair of vulnerabilities in the VNC implementation used in VMWare’s products that could result in code execution. VMWare implements VNC for its remote management, remote access, and automation purposes in VMWare products including Workstation, Player, and ESXi which share a common VMW VNC code base. The vulnerabilities manifest themselves in […]

November 15, 2017

THREAT RESEARCH

Vulnerability Spotlight: Multiple Remote Code Execution Vulnerabilities Within libxls

Talos is releasing seven new vulnerabilities discovered within the libxls library. These vulnerabilities result in remote code execution using specially crafted XLS files.

October 31, 2017

THREAT RESEARCH

Vulnerability Spotlight: The Circle of a Bug’s Life

Cisco Talos is disclosing several vulnerabilities identified in Circle with Disney. Circle with Disney is a network device designed to monitor the Internet use of children on a given network. Circle pairs wirelessly, with your home Wi-Fi and allows you to manage every device on the network, tablet, TV, or laptop. It can also pair […]

October 31, 2017

THREAT RESEARCH

Vulnerability Spotlight: Multiple Vulnerabilities in Cesanta Mongoose Server

These vulnerabilities were discovered by Aleksandar Nikolic of Cisco Talos Today, Talos is disclosing several vulnerabilities that have been identified in Cesanta Mongoose server. Cesanta Mongoose is a library implementing a number of networking protocols, including HTTP, MQTT, MDNS and others. It is designed with embedded devices in mind and as such is used in […]