Talos discovers 11 vulnerabilities between Microsoft, Adobe software disclosed on Patch Tuesday
Eight of the vulnerabilities affect the license update feature for CLIPSP.SYS, a driver used to implement Client License System Policy on Windows 10 and 11.
Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues
A binary in Apple macOS could allow an adversary to execute an arbitrary binary that bypasses SIP.
15 vulnerabilities discovered in software development kit for wireless routers
Talos researchers discovered these vulnerabilities in the Jungle SDK while researching other vulnerabilities in the LevelOne WBR-6013 wireless router.
Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges
Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application.
Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other zero-day in DWN Core
The lone critical security issue is CVE-2024-30044, a remote code execution vulnerability in SharePoint Server.
Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution
Two vulnerabilities in this group — one in the Tinyroxy HTTP proxy daemon and another in the stb_vorbis.c file library — could lead to arbitrary code execution, earning both issues a CVSS score of 9.8 out of 10.
Vulnerabilities in employee management system could lead to remote code execution, login credential theft
Talos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files.
Vulnerability in some TP-Link routers could lead to factory reset
There are also two out-of-bounds write vulnerabilities in the AMD Radeon user mode driver for DirectX 11.
Netgear wireless router open to code execution after buffer overflow vulnerability
There is also a newly disclosed vulnerability in a graphics driver for some NVIDIA GPUs that could lead to a memory leak.