Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

Apple's iOS 16.4: Security Updates Are Better Than a Goose Emoji

Plus: Microsoft Outlook and Android patch serious flaws, Chrome and Firefox get fixes, and much more.

Wired
Open in Source
#vulnerability#web#ios#android#apple#google#microsoft#cisco#dos#java#intel#rce#pdf#samsung#auth#zero_day#chrome#firefox#sap#wifi
Threat Advisory: 3CX Softphone Supply Chain Compromise

Cisco Talos is tracking and actively responding to a supply chain attack involving the 3CX Desktop Softphone application. This is a multi-stage attack that involves sideloading DLLs, seven-day sleep routines, and additional payloads dependent on a now-removed GitHub repository for Windows based systems. MacOS systems used a different infection chain

Vulnerability Spotlight: Vulnerability in ManageEngine OpManager could lead to XXE attack

XXE attacks allow an adversary to interact with other backend or external systems that OpManager accesses.

Threat Source newsletter (March 30, 2023) — It’s impossible to tell if your home security camera or doorbell is truly safe

Very few of us looking to buy these pieces of equipment are qualified to say if these products are even secure, and those among us who are are probably smart enough to know not to buy these products in the first place.

CVE-2022-43473: Security Updates - CVE-2022-43473 | ManageEngine OpManager

A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.

CVE-2023-22845: TALOS-2023-1708 || Cisco Talos Intelligence Group

An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2023-24473: TALOS-2023-1707 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2023-24472: TALOS-2023-1709 || Cisco Talos Intelligence Group

A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability.

Vulnerability Spotlight: Specially crafted files could lead to denial of service, information disclosure in OpenImageIO parser

OpenImageIO is a library that converts, compares and processes various image files. Blender and AliceVision, two often used computer imaging services, utilize the library, among other software offerings.

CVE-2023-25076: TALOS-2023-1731 || Cisco Talos Intelligence Group

A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP, TLS or DTLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability.