A tale of two eras

Welcome to this week's edition of the Threat Source newsletter. To the surprise of absolutely no one who has seen my face, I'm one of the younger employees at Talos. As my industry veteran colleagues were buying the first iPods, navigating the switch from dial-up to broadband, saying goodbye to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000599)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000599 advisory. The treoattach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service NULL pointer...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002241)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002241 advisory. The clie5attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service NULL...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002153)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002153 advisory. The clie5attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service NULL...

CVE-2023-50450

An issue was discovered in Sensopart VISOR Vision Sensors before 2.10.0.2 allows local users to perform unspecified actions with elevated privileges...

EUVD-2002-0116

Malware in sbrugna...

EUVD-2017-6115

Malware in sbrugna...

CVE-2023-50450

An issue was discovered in Sensopart VISOR Vision Sensors before 2.10.0.2 allows local users to perform unspecified actions with elevated privileges...

CVE-2023-50450

An issue was discovered in Sensopart VISOR Vision Sensors before 2.10.0.2 allows local users to perform unspecified actions with elevated privileges...

Sensopart VISOR Vision Sensors 安全漏洞

Sensopart VISOR Vision Sensors is a vision camera for factory automation from Sensopart, Germany. A security vulnerability exists in Sensopart VISOR Vision Sensors versions prior to 2.10.0.2, which originates from a local user who may perform privileged operations...

PT-2025-26612 · Sensopart · Sensopart Visor Vision Sensors

Name of the Vulnerable Software and Affected Versions: Sensopart VISOR Vision Sensors versions prior to 2.10.0.2 Description: An issue was discovered that allows local users to perform unspecified actions with elevated privileges. Recommendations: For Sensopart VISOR Vision Sensors versions prior...

CVE-2023-50450

CVE-2023-50450 affects Sensopart VISOR Vision Sensors prior to version 2.10.0.2. The issue allows local users to perform unspecified actions with elevated privileges (local-privilege escalation). Root cause details are not provided in the documents; remediation is to upgrade to 2.10.0.2 or later....

borgapi (>=0.1.3.dev1 <=0.6.1), borgini (=1.0.0) +2 more potentially affected by CVE-2023-36811 via borgbackup (>=1.1.13 <=1.2.4)

borgbackup PYPI version =1.1.13, =0.1.3.dev1, =0.12.0, =4.9.0, =4.10.1 Source cves: CVE-2023-36811 Source advisory: OSV:GHSA-8FJR-HGHR-4M99...

borgapi (>=0.1.3.dev1 <=0.6.1), borgini (=1.0.0) +2 more potentially affected by CVE-2023-36811 via borgbackup (>=1.1.13 <=1.2.4)

borgbackup PYPI version =1.1.13, =0.1.3.dev1, =0.12.0, =4.9.0, =4.10.1 Source cves: CVE-2023-36811 Source advisory: OSV:PYSEC-2023-164...

SUSE CVE-2015-7566

The clie5attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint...

SUSE CVE-2016-2782

The treoattach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact by inserting a USB device that lacks a 1 bulk-in or 2...

It is expected that some functions may require either Owner or Delegate as callers. Now only three access options are available: onlyOwner, onlyDelegate, anyone.

Handle Sherlock Vulnerability details Impact That is strange behavior that some functions are available for a Delegate, but not available for an owner himself. Like lock and unlock - according to the understanding of the Visor's design, these functions should be available for the owner as well...

Unbounded for-loop bricks transferERC721()

Handle toastedsteaksandwich Vulnerability details Impact The nfts array in the Visor contract could become overpopulated, causing certain functions that loop over it to brick, due to the gas limit. These functions include transferERC721 and getNftIdByTokenIdAndAddr. The severity of this issue is...

Security Bulletin: IBM Integration Bus Hyper visor Edition V9.0 require customer action for security vulnerabilities in Red Hat Linux

Summary IBM Integration Bus Hypervisor Edition V9.0 ship with Red Hat Enterprise Linux RHEL Server 6.2 which is vulnerable to: CVE-2019-14861, CVE-2019-14870 Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes section Affected Products and Versions Affected...

GridGain Directory Traversal Vulnerability

GridGain is a suite of in-memory computing platforms from GridGain Systems.Visor GUI Console is one of the visualization consoles. A directory traversal vulnerability exists in the Visor GUI Console in GridGain. A remote attacker can exploit this vulnerability to read arbitrary files via speciall...