Cisco Talos Intelligence Blog

December 21, 2022 12:12

Vulnerability Spotlight: Authentication bypass and enumeration vulnerabilities in Ghost CMS

Dave McDaniel and other members of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two vulnerabilities in Ghost CMS, one authentication bypass vulnerability and one enumeration vulnerability. Ghost is a content management system with tools to build

By Kri Dontje
Vulnerability Spotlight
December 13, 2022 11:12

Vulnerability Spotlight: Denial-of-service vulnerability discovered in VMWare vCenter

Marcin ‘Icewall’ Noga of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a denial-of-service vulnerability in VMWare vCenter Server. VMware vCenter Server is a platform that enables centralized control and monitoring over all virtual machines and EXSi

By Kri Dontje
Vulnerability Spotlight
December 7, 2022 13:12

Vulnerability Spotlight: Memory corruption vulnerability discovered in PowerISO

Piotr Bania of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a memory corruption vulnerability in PowerISO. TALOS-2022-1644 (CVE-2022-41992) is a memory corruption vulnerability that exists in the VHD File Format parsing functionality of PowerISO 8.

By Kri Dontje
Vulnerability Spotlight
December 6, 2022 11:12

Vulnerability Spotlight: NVIDIA driver memory corruption vulnerabilities discovered

Piotr Bania of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two memory corruption vulnerabilities in shader functionality of an NVIDIA driver. NVIDIA Graphics drivers are software for NVIDIA Graphics GPU installed on the PC. They are used to com

By Kri Dontje
Vulnerability Spotlight
December 1, 2022 10:12

Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities

Marcin ‘Icewall’ Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper. Lansweeper is an IT Asset Management solution that gathers hardware and software informatio

By Kri Dontje
Vulnerability Spotlight
November 22, 2022 10:11

Vulnerability Spotlight: Callback Technologies CBFS Filter denial-of-service vulnerabilities

Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered three denial-of-service vulnerabilities in Callback Technologies CBFS Filter. Callback Technologies has a CBFS file storage solution for use in customizing data persistence on devi

By Kri Dontje
Vulnerability Spotlight
November 15, 2022 16:11

Vulnerability Spotlight: Microsoft Office class attribute double-free vulnerability

Marcin 'Icewall’ Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered a class attribute double-free vulnerability in Microsoft Office. Microsoft Office is a suite of tools used for productivity in both a corporate environment as well as by end-u

By Kri Dontje
Vulnerability Spotlight
November 10, 2022 15:11

Vulnerability Spotlight: Use-after-free vulnerabilities in Foxit Reader could lead to arbitrary code execution

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered several use-after-free vulnerabilities in Foxit Reader that could lead to arbitrary code execution. The Foxit Reader is one of the most popular PDF document readers, which aims t

By Kri Dontje
Vulnerability Spotlight
October 27, 2022 11:10

Vulnerability Spotlight: Vulnerabilities in InHand router could give attackers access to console, delete files

This is just the latest set of vulnerabilities Talos has discovered in the InRouter302.

By Jonathan Munshaw
Vulnerability Spotlight