Cisco Talos Intelligence Blog

July 1, 2019 09:07

Vulnerability Spotlight: Google V8 Array.prototype memory corruption vulnerability

The V8 JavaScript engine in Google Chrome contains a memory corruption vulnerability that could allow an attacker to gain the ability to execute arbitrary code on the victim’s machine. V8 is the core JavaScript engine that runs in the Chrome browser. As part of Chrome and node.is

May 16, 2019 14:05

Vulnerability Spotlight: Multiple vulnerabilities in Wacom Update Helper

Tyler Bohan of Cisco Talos discovered these vulnerabilities. Executive summary There are two privilege escalation vulnerabilities in the Wacom update helper. The update helper is a utility installed alongside the macOS application for Wacom tablets. The application interacts w

May 9, 2019 09:05

Vulnerability Spotlight: Remote code execution bug in SQLite

Cory Duplantis of Cisco Talos discovered this vulnerability. Executive summary SQLite contains an exploitable use-after-free vulnerability that could allow an attacker to gain the ability to remotely execute code on the victim machine. SQLite is a client-sidedatabase managemen

May 6, 2019 10:05

Vulnerability Spotlight: Multiple bugs in several Jenkins plugins

Peter Adkins of Cisco Umbrella discovered these vulnerabilities. Executive summary Jenkins is an open-source automation server written in Java. There are several plugins that exist to integrate Jenkins with other pieces of software, such as GitLab. Today, Cisco Talos is disclo

April 23, 2019 19:04

Vulnerability Spotlight: Symantec Endpoint Protection kernel memory information disclosure vulnerability

Marcin Noga of Cisco Talos discovered this vulnerability. Overview Cisco Talos is disclosing an information leak vulnerability in the ccSetx86.sys kernel driver of Symantec Endpoint Protection Small Business Edition. The vulnerability exists in the driver’s control message ha

April 15, 2019 11:04

Vulnerability Spotlight: Denial of service in VMWare Workstation 15

Piotr Bania of Cisco Talos discovered this vulnerability. Executive summary VMware Workstation 15 contains an exploitable denial-of-service vulnerability. Workstation allows users to run multiple operating systems on a Linux or Windows PC. An attacker could trigger this partic

April 15, 2019 10:04

Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN's helper tool

Discovered by Tyler Bohan of Cisco Talos. Overview Cisco Talos is disclosing a series of vulnerabilities found in the Shimo VPN Helper Tool. Shimo VPN is a popular VPN client for MacOS that can be used to connect multiple VPN accounts to one application. These specific vulnera

March 26, 2019 10:03

Vulnerability Spotlight: Multiple vulnerabilities in GOG Galaxy Games

Richard Johnson and Tyler Bohan of Cisco Talos discovered these vulnerabilities. Executive summary The GOG Galaxy video game launcher contains multiple vulnerabilities that could allow a malicious actor to carry out a variety of attacks. GOG Galaxy Games is a video game storef

February 28, 2019 10:02

Vulnerability Spotlight: Remote code execution vulnerability in Antenna House Rainbow PDF Office Server Document Converter

Emmanuel Tacheau of Cisco Talos discovered this vulnerability. Executive summary Antenna House Rainbow PDF Office Server Document Converter contains a heap overflow vulnerability that could allow an attacker to remotely execute code on the victim machine. Rainbow PDF is a soft