Vulnerability Spotlight: Three vulnerabilities in HDF5 file format could lead to remote code execution
Dave McDaniel of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered three vulnerabilities in a library that works with the HDF5 file format that could allow an attacker to execute remote code on a targeted device. These issues arise in the libhdf5 gif
Vulnerability Spotlight: Vulnerabilities in Alyac antivirus program could stop virus scanning, cause code execution
Jaewon Min of Cisco Talos discovered these vulnerabilities. Update (Aug. 3, 2022): Talos disclosed two new vulnerabilities in the Alyac antivirus software and added their details to this post. Cisco Talos recently discovered out-of-bounds read and buffer overflow vulnerabilitie
Vulnerability Spotlight: How misusing properly serialized data opened TCL LinkHub Mesh Wi-Fi system to 17 vulnerabilities
By Carl Hurd. The TCL LinkHub Mesh Wi-Fi system is a multi-device Wi-Fi system that allows users to expand access to their network over a large physical area. What makes the LInkHub system unique is the lack of a network interface to manage the devices individually or in the mes
Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple products
By Francesco Benvenuto. Recently, I was performing some research on a wireless router and noticed the following piece of code: This unescape function will revert the URL encoded bytes to its original form. But something specifically caught my attention: There was no size check
Vulnerability Spotlight: Issue in Accusoft ImageGear could lead to memory corruption, code execution
Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered a use-after-free vulnerability in Accusoft ImageGear's PSD header processing function. The ImageGear library is a document-imaging developer toolkit that allows users to create, ed
Vulnerability Spotlight: Use-after-free condition in Google Chrome WebGPU
Piotr Bania of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome’s WebGPU standard. Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser that
Vulnerability Spotlight: Adobe Acrobat DC use-after-free issues could lead to arbitrary code execution
Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two use-after-free vulnerabilities in Adobe Acrobat Reader DC that could allow an attacker to eventually gain the ability to execute arbitrary code. Acrobat
Vulnerability Spotlight: Command injection vulnerabilities in Robustel cellular router
Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered four vulnerabilities in the Robustel R1510 industrial cellular router. The R1510 is a portable router that shares 2G, 3G and 4G wireless internet access. It
Vulnerability Spotlight: Vulnerabilities in Anker Eufy Homebase could lead to code execution, authentication bypass
Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three vulnerabilities in the Anker Eufy Homebase 2. The Eufy Homebase 2 is the video storage and networking gateway that works with Anker’s Eufy Smarthome ecosystem.