262 matches found
TP-Link, Photoshop, OpenVPN, Norton VPN vulnerabilities
Cisco Talos' Vulnerability Discovery & Research team recently disclosed eight vulnerabilities in TP-Link, and one each in Adobe Photoshop, OpenVPN, and Gen Digital's Norton VPN. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to Cisco 's...
DirectX, OpenFOAM, Libbiosig vulnerabilities
Cisco Talos' Vulnerability Discovery & Research team recently disclosed vulnerabilities in the BioSig Project Libbiosig library and OpenCFD OpenFOAM, as well as an unpatched vulnerability in Microsoft DirectX. The vulnerabilities mentioned in this blog post have been patched by their respective...
security-research
Security Research This project hosts security advisories and...
security-research
Security Research This project hosts security advisories and...
security-research
Security Research This project hosts security advisories and...
Nvidia and Adobe vulnerabilities
Cisco Talos' Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Nvidia and one in Adobe Acrobat. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's third-party vulnerability disclosure policy...
security-research
Security Research This project hosts security advisories and...
Google Project Zero Changes Its Disclosure Policy
Google's vulnerability finding team is again pushing the envelope of responsible disclosure: Google's Project Zero team will retain its existing 90+30 policy regarding vulnerability disclosures, in which it provides vendors with 90 days before full disclosure takes place, with a 30-day period...
security-research
Security Research This project hosts security advisories and...
Linux 6.6 Race Condition
Summary I found a security-relevant race between mremap and THP code. Reaching the buggy code typically requires the ability to create unprivileged namespaces. The bug leads to installing physical address 0 as a page table, which is likely exploitable in several ways: For example, triggering the...
The Snowflake Connector for Python stores sensitive data in logs
Issue Snowflake recently learned about and remediated a set of vulnerabilities in the Snowflake Connector for Python. Under specific conditions, certain users credentials or portions of those credentials were logged locally by the Connector to the users own systems. The credentials were not logge...
CISA’s VDP Platform 2023 Annual Report Showcases Success
Today, the Cybersecurity and Infrastructure Security Agency CISA released its Vulnerability Disclosure Policy VDP Platform 2023 Annual Report, highlighting the service’s remarkable success in 2023, its second full year of operation. Throughout 2023, CISA focused on advocating for the increased...
15 vulnerabilities discovered in software development kit for wireless routers
Cisco Talos Vulnerability Research team recently discovered 15 vulnerabilities in the Realtek rtl819x Jungle software development kit used in some small and home office wireless routers. This SDK uses the discontinued, open-source Boa as its web server. Talos researchers discovered these...
UK PSTI? You’ll need a Vulnerability Disclosure Program!
If you are distributing or selling smart devices in to the UK market, your products will need to be compliant with the UK Product Security and Telecommunications Act. One of the three mandatory areas is that you have a vulnerability disclosure program VDP In the supporting materials for the Act,...
eurawheels.ch Cross Site Scripting vulnerability OBB-3890509
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)
Issue Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List CRL were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between...
security-research
Security Research This project hosts security advisories and...
CISA’s VDP Platform 2022 Annual Report Showcases Success
Today, the Cybersecurity and Infrastructure Security Agency CISA released its inaugural Vulnerability Disclosure Policy VDP Platform 2022 Annual Report, highlighting the service’s progress supporting vulnerability awareness and remediation across the Federal Civilian Executive Branch FCEB. This...
CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability
When this blog was originally published on August 2, it said that CVE-2023-35082 only affected MobileIron Core 11.2 and earlier, which are unsupported. On August 7, Ivanti published an updated advisory noting that since originally disclosing CVE-2023-35082, they have continued their investigation...
Memory corruption vulnerability in Microsoft Edge; MilesightVPN and router could be taken over
Since the beginning of July, Cisco Talos has published 40 vulnerability advisories affecting a range of software and hardware, including the Microsoft Edge browser. In our new series called "Vulnerability Roundup," well be recapping the vulnerabilities we recently disclosed to provide readers wit...