Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution
Adobe recently patched two use-after-free vulnerabilities in its Acrobat PDF reader that Talos discovered, both of which could lead to arbitrary code execution.
9 vulnerabilities found in VPN software, including 1 critical issue that could lead to remote code execution
Attackers could exploit these vulnerabilities in the SoftEther VPN solution for individual and enterprise users to force users to drop their connections or execute arbitrary code on the targeted machine.
10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows
Attackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the ability to execute arbitrary shell commands on the targeted device.
10 new vulnerabilities disclosed by Talos, including use-after-free issue in Google Chrome
Talos disclosed 10 vulnerabilities over the past two weeks affecting a range of software, including the popular Google Chrome web browser.
Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication
OAS Platform allows various devices, including PLCs, servers, files, databases and internet-of-things platforms to communicate with one another and share data when they otherwise would be unable to because of their various protocols.
Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
The driver is vulnerable to memory corruption if an adversary sends a specially crafted shader packer, which can lead to a memory corruption problem in the driver.
Out-of-bounds write vulnerabilities in popular chemistry software; Foxit PDF Reader issues could lead to remote code execution
Seven of the vulnerabilities included in today’s Vulnerability Roundup have a CVSS severity score of 9.8 out of a possible 10.
Memory corruption vulnerability in Microsoft Edge; MilesightVPN and router could be taken over
In all, Talos released 22 security advisories regarding Milesight products this month, nine of which have a CVSS score greater than 8, associated with 69 CVEs.