Meta tags:
description= A recap of the security vulnerabilities Talos research team has helped to uncover and fix, released every other week.;
Headings (most frequently used words):
vulnerabilities, in, and, could, to, of, lead, vulnerability, code, execution, reader, microsoft, foxit, pdf, adobe, remote, nvidia, zero, acrobat, software, open, day, out, bounds, router, talos, disclosed, multiple, patch, tuesday, security, buffer, tp, link, libbiosig, after, found, popular, issues, issue, critical, intelligence, center, research, incident, response, resources, media, company, overflow, vpn, xchange, plc, eclipse, denial, service, use, free, arbitrary, discovers, source, information, disclosure, driver, contains, wireless, routers, that, system, one, other, 2024, by, three, including, 10, memory, corruption, mediaarea, heap, based, photoshop, openvpn, norton, libraw, canva, hikvision, directx, openfoam, epic, games, store, meddreams, grassroot, dicom, smallstep, step, ca, socomec, diris, digiware, series, easy, config, editor, dell, controlvault, lasso, gl, inet, trufflehog, fade, bsafe, crypto, planet, tenda, sail, wwbn, meddream, bloomberg, comdb2, null, pointer, dereference, asus, catdoc, high, logic, fontcreator, parallel, stmicroelectronics, miniaudio, clearml, vulns, whatsup, gold, observium, offis, slew, wavlink, mc, lr, gocast, unpatched, shader, eleven, levelone, gnome, project, audio, bus, potential, patches, windows, api, 11, between, on, read, flashcard, 15, discovered, development, kit, for, reads, level, privileges, only, included, may, dwn, core, discloses, two, which, employee, management, login, credential, theft, some, factory, reset, netgear, first, as, part, group, 75, manageengine, file, creation, dozens, start, releases, lightest, years, no, days, buildroot, excel, industrial, cell, overflows, new, google, chrome, eight, automation, platform, improper, authentication, graphics, cause, write, chemistry, edge, milesightvpn, be, taken, over, support, follow, us,
Text of the page (most frequently used words):
vulnerabilities (108), vulnerability (101), and (55), talos (55), the (55), roundup (52), cisco (38), #disclosed (30), #research (27), recently (25), kri (25), dontje (25), team (24), could (23), 2024 (23), jonathan (20), munshaw (20), lead (19), discovery (19), reader (18), code (18), execution (17), blog (16), one (16), 2025 (16), this (15), have (15), pdf (15), three (15), two (15), that (15), adobe (14), out (13), foxit (13), been (13), security (12), open (12), acrobat (12), source (11), microsoft (11), router (11), nvidia (11), mentioned (11), post (11), all (10), 2023 (10), bounds (10), software (10), their (10), patched (10), intelligence (9), arbitrary (9), patch (9), popular (8), remote (8), these (8), for (8), discovered (8), respective (8), vendors (8), driver (7), zero (7), tuesday (7), may (7), four (7), support (6), memory (6), day (6), october (6), december (6), also (6), other (6), adherence (6), libbiosig (6), 2026 (6), back (6), company (5), july (5), august (5), including (5), after (5), multiple (5), system (5), link (5), well (5), podcast (4), with (4), media (4), reference (4), resources (4), services (4), advisories (4), which (4), corruption (4), issues (4), can (4), eight (4), september (4), use (4), free (4), issue (4), buffer (4), vpn (4), found (4), critical (4), january (4), windows (4), wireless (4), march (4), read (4), logic (4), five (4), third (4), eclipse (4), xchange (4), editor (4), its (3), incident (3), response (3), center (3), products (3), nine (3), cvss (3), score (3), over (3), included (3), shader (3), files (3), web (3), some (3), execute (3), november (3), has (3), exist (3), exploited (3), there (3), are (3), file (3), cve (3), february (3), server (3), library (3), overflow (3), user (3), directx (3), april (3), dicom (3), contains (3), researchers (3), levelone (3), service (3), project (3), snort (3), coverage (3), detect (3), ten (3), wavlink (3), observium (3), offis (3), party (3), threadx (3), high (3), bloomberg (3), comdb2 (3), meddream (3), biosig (3), dell (3), policy (2), careers (2), about (2), videos (2), takes (2), beers (2), threat (2), newsletter (2), secure (2), endpoint (2), naming (2), categories (2), tools (2), emergency (2), proactive (2), reactive (2), reports (2), email (2), spam (2), trends (2), search (2), released (2), associated (2), cves (2), seven (2), possible (2), write (2), adversary (2), graphics (2), platform (2), various (2), another (2), information (2), disclosure (2), past (2), weeks (2), range (2), google (2), chrome (2), browser (2), attackers (2), exploit (2), targeted (2), users (2), both (2), actively (2), wild (2), avideo (2), suite (2), considered (2), feature (2), group (2), potential (2), weston (2), embedded (2), http (2), sensitive (2), routers (2), helped (2), processing (2), login (2), most (2), application (2), privileges (2), binary (2), macos (2), license (2), discovers (2), not (2), openplc (2), controller (2), denial (2), plc (2), eleven (2), exploitation (2), gocast (2), unpatched (2), ac3000 (2), whatsup (2), gold (2), clearml (2), miniaudio (2), stmicroelectronics (2), catdoc (2), parallel (2), fontcreator (2), each (2), asus (2), wwbn (2), tenda (2), sail (2), planet (2), bsafe (2), fade (2), trufflehog (2), controlvault (2), lasso (2), inet (2), socomec (2), diris (2), digiware (2), series (2), easy (2), config (2), grassroot (2), smallstep (2), step (2), epic (2), games (2), store (2), openfoam (2), hikvision (2), canva (2), libraw (2), photoshop (2), openvpn (2), norton (2), heap (2), based (2), mediaarea (2), systems, inc, affiliates, rights, reserved, view, our, privacy, follow, documentation, regarding, milesight, month, greater, than, edge, milesightvpn, taken, today, severity, chemistry, vulnerable, sends, specially, crafted, packer, problem, cause, oas, allows, devices, plcs, servers, databases, internet, things, platforms, communicate, share, data, when, they, otherwise, would, unable, because, protocols, automation, improper, authentication, affecting, new, yifan, yf325, carry, variety, attacks, cases, gaining, ability, shell, commands, device, industrial, cell, overflows, softether, solution, individual, enterprise, force, drop, connections, machine, excel, online, offers, plugin, buildroot, regular, set, months, year, releases, lightest, years, days, video, broadcasting, manageengine, creation, dozens, start, tiago, pereira, although, moderate, risk, being, 21351, bypass, smartscreen, first, part, present, component, house, operating, processes, several, types, potentially, medical, tests, newly, gpus, leak, netgear, amd, radeon, mode, factory, reset, responsibly, disclose, libraries, handling, employee, management, credential, theft, tinyroxy, proxy, daemon, stb_vorbis, earning, discloses, lone, 30044, sharepoint, only, dwn, core, readers, currently, available, exposure, contents, reads, level, jungle, sdk, while, researching, wbr, 6013, development, kit, apple, allow, bypasses, sip, flashcard, affect, update, clipsp, sys, used, implement, client, between, 38257, less, likely, though, does, require, any, interaction, patches, api, programmable, audio, bus, veertu, anka, build, designed, test, ios, applications, environments, gnome, access, spanning, exploits, technologies, time, posting, explo, lilith, forty, sixty, were, across, cgi, static, page, slew, network, observation, monitoring, dcmtk, coll, vulns, disclos, fork, called, cube, azrtos, patche, june, armoury, crate, availability, database, developed, supports, features, such, clustering, transactions, snapshots, isolation, null, pointer, dereference, module, adheren, ac6, vulnerabili, wgr, 500, download, lates, screenwriting, crypto, firmware, entr, ouvert, slate, men, cis, twenty, pacs, meddreams, opencfd, six, thir, gen, digital, find, mediainfolib, recap, uncover, fix, every, week, more,
Text of the page (random words):
ly disclosed three vulnerabilities in foxit pdf editor one in the epic games store and twenty one in meddream pacs by kri dontje vulnerability roundup december 17 2025 16 02 libbiosig grassroot dicom smallstep step ca vulnerabilities cisco talos vulnerability discovery research team recently disclosed vulnerabilities in biosig project libbiosig grassroot dicom and smallstep step ca the vulnerabilities mentioned in this blog post have been patched by their respective vendors all in adherence to cis by kri dontje vulnerability roundup december 4 2025 15 23 socomec diris digiware m series and easy config pdf xchange editor vulnerabilities cisco talos vulnerability discovery research team recently disclosed an out of bounds read vulnerability in pdf xchange editor and ten vulnerabilities in socomec diris digiware m series and easy config products the vulnerabilities mentioned in this blog post have been p by kri dontje vulnerability roundup november 26 2025 13 36 dell controlvault lasso gl inet vulnerabilities cisco talos vulnerability discovery research team recently disclosed five vulnerabilities in dell controlvault 3 firmware and its associated windows software four vulnerabilities in entr ouvert lasso and one vulnerability in gl inet slate ax the vulnerabilities men by kri dontje vulnerability roundup november 4 2025 09 26 trufflehog fade in and bsafe crypto c vulnerabilities cisco talos vulnerability discovery research team recently disclosed three vulnerabilities in dell bsafe two in fade in screenwriting software and one in trufflehog the vulnerabilities mentioned in this blog post have been patched by their respective vendors all in ad by kri dontje vulnerability roundup october 15 2025 13 39 open plc and planet vulnerabilities cisco talos vulnerability discovery research team recently disclosed one vulnerability in the openplc logic controller and four vulnerabilities in the planet wgr 500 router for snort coverage that can detect the exploitation of these vulnerabilities download the lates by kri dontje vulnerability roundup october 1 2025 14 37 nvidia and adobe vulnerabilities cisco talos vulnerability discovery research team recently disclosed five vulnerabilities in nvidia and one in adobe acrobat the vulnerabilities mentioned in this blog post have been patched by their respective vendors all in adherence to cisco s third party vulnerabili by kri dontje vulnerability roundup august 27 2025 14 07 libbiosig tenda sail pdf xchange foxit vulnerabilities cisco talos vulnerability discovery research team recently disclosed ten vulnerabilities in biosig libbiosig nine in tenda ac6 router eight in sail two in pdf xchange editor and one in a foxit pdf reader the vulnerabilities mentioned in this blog post have been patch by kri dontje vulnerability roundup august 6 2025 08 00 wwbn meddream eclipse vulnerabilities cisco talos vulnerability discovery research team recently disclosed seven vulnerabilities in wwbn avideo four in meddream and one in an eclipse threadx module the vulnerabilities mentioned in this blog post have been patched by their respective vendors all in adheren by kri dontje vulnerability roundup july 24 2025 10 03 bloomberg comdb2 null pointer dereference and denial of service vulnerabilities cisco talos vulnerability discovery research team recently disclosed five vulnerabilities in bloomberg comdb2 comdb2 is an open source high availability database developed by bloomberg it supports features such as clustering transactions snapshots and isolation t by kri dontje vulnerability roundup july 10 2025 11 24 asus and adobe vulnerabilities cisco talos vulnerability discovery research team recently disclosed two vulnerabilities each in asus armoury crate and adobe acrobat products by kri dontje vulnerability roundup june 11 2025 09 47 catdoc zero day nvidia high logic fontcreator and parallel vulnerabilities cisco talos vulnerability discovery research team recently disclosed three zero day vulnerabilities in catdoc as well as vulnerabilities in parallel nvidia and high logic fontcreator 15 by kri dontje vulnerability roundup april 16 2025 08 00 eclipse and stmicroelectronics vulnerabilities cisco talos vulnerability discovery research team recently disclosed three vulnerabilities found in eclipse threadx and four vulnerabilities in the stmicroelectronics fork of threadx called x cube azrtos the vulnerabilities mentioned in this blog post have been patche by kri dontje vulnerability roundup march 13 2025 14 23 miniaudio and adobe acrobat reader vulnerabilities cisco talos vulnerability discovery research team recently disclosed a miniaudio and three adobe vulnerabilities the vulnerabilities mentioned in this blog post have been patched by their respective vendors all in adherence to cisco s third party vulnerability disclos by kri dontje vulnerability roundup february 14 2025 11 55 clearml and nvidia vulns cisco talos vulnerability discovery research team recently disclosed two vulnerabilities in clearml and four vulnerabilities in nvidia the vulnerabilities mentioned in this blog post have been patched by their respective vendors all in adherence to cisco s third party by kri dontje vulnerability roundup january 29 2025 11 45 whatsup gold observium and offis vulnerabilities cisco talos vulnerability research team recently disclosed three vulnerabilities in observium three vulnerabilities in offis and four vulnerabilities in whatsup gold these vulnerabilities exist in observium a network observation and monitoring system offis dcmtk a coll by kri dontje vulnerability roundup january 15 2025 08 00 slew of wavlink vulnerabilities lilith _ of cisco talos discovered these vulnerabilities forty four vulnerabilities and sixty three cves were discovered across ten cgi and three sh files as well as the static login page of the wavlink ac3000 wireless router web application the wavlink ac3000 by kri dontje vulnerability roundup december 19 2024 13 53 acrobat out of bounds and foxit use after free pdf reader vulnerabilities found cisco talos vulnerability research team recently disclosed three out of bounds read vulnerabilities in adobe acrobat reader and two use after free vulnerabilities in foxit reader these vulnerabilities exist in adobe acrobat reader and foxit reader two of the most popular a by kri dontje vulnerability roundup december 9 2024 14 30 mc lr router and gocast unpatched vulnerabilities cisco talos vulnerability research team recently discovered two vulnerabilities in mc technologies lr router and three vulnerabilities in the gocast service these vulnerabilities have not been patched at time of this posting for snort coverage that can detect the explo by kri dontje vulnerability roundup october 31 2024 11 29 nvidia shader out of bounds and eleven levelone router vulnerabilities cisco talos vulnerability research team recently discovered five nvidia out of bounds access vulnerabilities in shader processing as well as eleven levelone router vulnerabilities spanning a range of possible exploits for snort coverage that can detect the exploitation of by kri dontje vulnerability roundup october 9 2024 12 00 vulnerability in popular pdf reader could lead to arbitrary code execution multiple issues in gnome project talos also discovered three vulnerabilities in veertu s anka build a suite of software designed to test macos or ios applications in ci cd environments by jonathan munshaw vulnerability roundup september 25 2024 12 00 talos discovers denial of service vulnerability in microsoft audio bus potential remote code execution in popular open source plc talos researchers have disclosed three vulnerabilities in openplc a popular open source programmable logic controller by jonathan munshaw vulnerability roundup september 11 2024 12 00 vulnerability in acrobat reader could lead to remote code execution microsoft patches information disclosure issue in windows api cve 2024 38257 is considered less likely to be exploited though it does not require any user interaction or user privileges by jonathan munshaw vulnerability roundup august 14 2024 12 02 talos discovers 11 vulnerabilities between microsoft adobe software disclosed on patch tuesday eight of the vulnerabilities affect the license update feature for clipsp sys a driver used to implement client license system policy on windows 10 and 11 by jonathan munshaw vulnerability roundup july 31 2024 12 00 out of bounds read vulnerability in nvidia driver open source flashcard software contains multiple security issues a binary in apple macos could allow an adversary to execute an arbitrary binary that bypasses sip by jonathan munshaw vulnerability roundup july 10 2024 12 00 15 vulnerabilities discovered in software development kit for wireless routers talos researchers discovered these vulnerabilities in the jungle sdk while researching other vulnerabilities in the levelone wbr 6013 wireless router by cisco talos vulnerability roundup may 29 2024 12 07 out of bounds reads in adobe acrobat foxit pdf reader contains vulnerability that could lead to system level privileges acrobat one of the most popular pdf readers currently available contains two out of bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application by jonathan munshaw vulnerability roundup may 14 2024 13 57 only one critical vulnerability included in may s microsoft patch tuesday one other zero day in dwn core the lone critical security issue is cve 2024 30044 a remote code execution vulnerability in sharepoint server by jonathan munshaw patch tuesday vulnerability roundup may 8 2024 12 00 talos discloses multiple zero day vulnerabilities two of which could lead to code execution two vulnerabilities in this group one in the tinyroxy http proxy daemon and another in the stb_vorbis c file library could lead to arbitrary code execution earning both issues a cvss score of 9 8 out of 10 by jonathan munshaw vulnerability roundup may 1 2024 12 00 vulnerabilities in employee management system could lead to remote code execution login credential theft talos also recently helped to responsibly disclose and patch other vulnerabilities in the foxit pdf reader and two open source libraries that support the processing and handling of dicom files by jonathan munshaw vulnerability roundup april 10 2024 12 56 vulnerability in some tp link routers could lead to factory reset there are also two out of bounds write vulnerabilities in the amd radeon user mode driver for directx 11 by jonathan munshaw vulnerability roundup march 20 2024 12 00 netgear wireless router open to code execution after buffer overflow vulnerability there is also a newly disclosed vulnerability in a graphics driver for some nvidia gpus that could lead to a memory leak by jonathan munshaw vulnerability roundup february 28 2024 12 00 multiple vulnerabilities in adobe acrobat reader could lead to remote code execution other potential code execution vulnerabilities are also present in weston embedded µc http server a web server component in weston embedded s in house operating system and an open source library that processes several types of potentially sensitive medical tests by jonathan munshaw vulnerability roundup february 13 2024 13 59 first microsoft patch tuesday zero day of 2024 disclosed as part of group of 75 vulnerabilities although considered of moderate risk one of the vulnerabilities is being actively exploited in the wild cve 2024 21351 a security feature bypass vulnerability in windows smartscreen by tiago pereira jonathan munshaw patch tuesday vulnerability roundup january 17 2024 12 00 critical vulnerability in manageengine could lead to file creation dozens of other vulnerabilities disclosed by talos to start 2024 there are also multiple vulnerabilities in avideo an open source video broadcasting suite that could lead to arbitrary code execution by jonathan munshaw vulnerability roundup december 12 2023 14 45 microsoft releases lightest patch tuesday in three years no zero days disclosed the company s regular set of advisories has included a vulnerability that s been actively exploited in the wild in 10 months this year by jonathan munshaw patch tuesday vulnerability roundup december 6 2023 13 33 remote code execution vulnerabilities found in buildroot foxit pdf reader cisco talos has disclosed 10 vulnerabilities over the past two weeks including nine that exist in a popular online pdf reader that offers a browser plugin by jonathan munshaw vulnerability roundup november 22 2023 12 00 vulnerabilities in adobe acrobat microsoft excel could lead to arbitrary code execution adobe recently patched two use after free vulnerabilities in its acrobat pdf reader that talos discovered both of which could lead to arbitrary code execution by jonathan munshaw vulnerability roundup october 25 2023 12 00 9 vulnerabilities found in vpn software including 1 critical issue that could lead to remote code execution attackers could exploit these vulnerabilities in the softether vpn solution for individual and enterprise users to force users to drop their connections or execute arbitrary code on the targeted machine by cisco talos vulnerability roundup october 11 2023 12 00 10 zero day vulnerabilities in industrial cell router could lead to code execution buffer overflows attackers could exploit these vulnerabilities in the yifan yf325 to carry out a variety of attacks in some cases gaining the ability to execute arbitrary shell commands on the targeted device by jonathan munshaw vulnerability roundup september 27 2023 12 00 10 new vulnerabilities disclosed by talos including use after free issue in google chrome talos disclosed 10 vulnerabilities over the past two weeks affecting a range of software including the popular google chrome web browser by jonathan munshaw vulnerability roundup september 6 2023 12 46 eight vulnerabilities in open automation software platform could lead to information disclosure improper authentication oas platform allows various devices including plcs servers files databases and internet of things platforms to communicate with one another and share data when they otherwise would be unable to because of their various protocols by cisco talos vulnerability roundup august 23 2023 12 56 three vulnerabilities in nvidia graphics driver could cause memory corruption the driver is vulnerable to memory corruption if an adversary sends a specially crafted shader packer which can lead to a memory corruption problem in the driver by cisco talos vulnerability roundup august 9 2023 12 00 out of bounds write vulnerabilities in popular chemistry software foxit pdf reader issues could lead to remote code execution seven of the vulnerabilities included in today s vulnerability roundup have a cvss severity score of 9 8 out of a possible 10 by jonathan munshaw vulnerability roundup july 19 2023 11 58 memory corruption vulnerability in microsoft edge milesightvpn and router ...
|
