Vulnerability Spotlight: VMware Workstation 15 denial-of-service vulnerability
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a denial-of-service vulnerability in VMware Workstation 15. VMware allows users to set up virtual machines and operate various operating systems outside of the ones de
Vulnerability Spotlight: Memory corruption vulnerability in GNU Glibc leaves smart vehicles open to attack
By Sam Dytrych and Jason Royes. Executive summary Modern automobiles are complex machines, merging both mechanical and computer systems under one roof. As automobiles become more advanced, additional sensors and devices are added to help the vehicle understand its internal and
Vulnerability Spotlight: Authentication bypass vulnerability in some Epson projectors
Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Epson EB-1470UI Projector contains an authentication bypass vulnerability in its web control functionality. This projector allows users to control it over the web. However, an adversary could tri
Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
Aleksandar Nikolic and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two code execution vulnerabilities and an information disclosure flaw in Nitro Pro PDF reader. Nitro PDF allows users to save, read, sign a
Vulnerability Spotlight: Code execution vulnerability in Microsoft Excel
Cisco Talos recently discovered a code execution vulnerability in some versions of Microsoft Excel. An attacker could exploit this vulnerability by tricking the victim into opening a specially crafted Excel file, triggering a use-after-free condition and allowing them to execute
Vulnerability Spotlight: Remote code execution vulnerabilities in Adobe Acrobat Reader
Cisco Talos recently discovered two remote code execution vulnerabilities in Adobe Acrobat Reader. Acrobat supports a number of features, including the ability to process embedded JavaScript. These flaws specifically exist in the way the software handles the destruction of annota
Vulnerability Spotlight: Code execution vulnerability in 3S CODESYS
Carl Hurd of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable code execution vulnerability in 3Sā CODESYS Control SoftPLC runtime system. The system allows any embedded or PC device to convert into an IEC 61131-3-
Vulnerability Spotlight: Multiple code execution vulnerabilities in Accusoft ImageGear
Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered four code execution vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit to assist users with image conversion,
Vulnerability Spotlight: Zoom Communications user enumeration
Video conferencing and calling software has spiked in popularity as individuals across the globe are forced to stay home due to the COVID-19 pandemic. There are a plethora of players in this space, with one or two getting increased attention. One service in particular ā Zoom ā ha