This week, Cisco released its semiannual IOS and IOS XE software security advisory bundle, which addresses ten vulnerabilities, including six rated ‘high severity.’ Of the most important high-severity bugs, three security flaws can be exploited by remote, unauthenticated attackers to cause a denial-of-service (DoS) condition. The first of these, CVE-2023-20080, impacts the IPv6 DHCP version…
Google this week announced an update to Chrome 111, which comes with patches for eight vulnerabilities, including seven reported by external researchers. All seven of the externally reported issues are high-severity memory safety bugs, with four of them described as use-after-free vulnerabilities. Of the reported issues, the most important is CVE-2023-1528, a use-after-free flaw in…
This week, Cisco’s Talos threat intelligence and research unit unveiled two high-severity vulnerabilities present in WellinTech’s KingHistorian industrial data historian software. This software is used to collect and process data from industrial control systems (ICSs). One of these vulnerabilities, tracked as CVE-2022-45124, can allow an attacker to obtain the username and password of a legitimate…