Beers with Talos: Year in Review episode

Joe, Hazel, Bill and Dave break down Talos' Year in Review 2024 and discuss how and why cybercriminals have been leaning so heavily on attacks that are routed in stealth in simplicity. The team also provide insights into some of the topics of the report, including the top-targeted vulnerabilities...

CVE-2024-10210

An External Control of File Name or Path vulnerability in the APROL Web Portal used in B APROL 4.4-005P may allow an authenticated network-based attacker to access data from the file system...

CVE-2024-10206

A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B APROL 4.4-00P5 may allow an unauthenticated network-based attacker to force the web server to request arbitrary URLs...

CVE-2024-10207

A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B APROL 4.4-00P5 may allow an authenticated network-based attacker to force the web server to request arbitrary URLs...

CVE-2024-10210

An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL 4.4-005P may allow an authenticated network-based attacker to access data from the file system...

CVE-2024-10210 Path traversal in APROL Web Portal

An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL 4.4-005P may allow an authenticated network-based attacker to access data from the file system...

CVE-2024-10206

A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL 4.4-00P5 may allow an unauthenticated network-based attacker to force the web server to request arbitrary URLs...

CVE-2024-45480

CVE-2024-45480 concerns B&R APROL’s AprolCreateReport component (versions before 4.4-00P5). The flaw is described as improper control of code generation, enabling an unauthenticated, network-based attacker to read local system files (code injection-related exposure) with high impact on confidenti...

CVE-2024-10208 Cross Site Scripting vulnerability in APROL Web Portal

An Improper Neutralization of Input During Web Page Generation vulnerability in the APROL Web Portal used in B&R APROL 4.4-00P5 may allow an authenticated network-based attacker to insert malicious code which is then executed in the context of the user’s browser session...

CVE-2024-12392 Server-Side Request Forgery (SSRF) in binary-husky/gpt_academic

A Server-Side Request Forgery SSRF vulnerability exists in binary-husky/gptacademic version git 310122f. The application has a functionality to download papers from arxiv.org, but the URL validation is incomplete. An attacker can exploit this vulnerability to make the application access any URL,...

UBUNTU-CVE-2025-2295

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service...

Linux Distros Unpatched Vulnerability : CVE-2020-10703

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage po...

CVE-2025-21598

CVE-2025-21598 is an out-of-bounds read vulnerability in Junos OS and Junos OS Evolved -rpd (routing protocol daemon). An unauthenticated, network-based attacker can send malformed BGP packets to a device with BGP trace options enabled, crashing rpd. Affected ranges include multiple Junos OS and ...

CVE-2025-21599

CVE-2025-21599 affects Juniper Networks Junos OS Evolved. The vulnerability is in the Juniper Tunnel Driver (jtd) where a memory misreference occurs after handling certain malformed IPv6 packets, causing kernel memory not to be freed and leading to memory exhaustion and a Denial of Service. Affec...

CVE-2024-10490

An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an...

CVE-2024-47508

An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon evo-pfemand of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service DoS.When specific SNMP GET operations or specifi...

CVE-2024-47489

An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine pfe of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service DoS to...

CVE-2024-39547

An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engine RE to cause a CPU-based Denial of Service DoS. If special...

CVE-2024-47506 Junos OS: SRX Series: A large amount of traffic being processed by ATP Cloud can lead to a PFE crash

A Deadlock vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. When a large amount of traffic is processed by ATP Cloud inspection, a deadlock can occur which will result i...

CVE-2024-47506 Junos OS: SRX Series: A large amount of traffic being processed by ATP Cloud can lead to a PFE crash

A Deadlock vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. When a large amount of traffic is processed by ATP Cloud inspection, a deadlock can occur which will result i...