<ciso brief/>
Tag Banner

All news with #race condition tag

all tags →

Wed, November 12, 2025

CISA Adds Three CVEs to KEV Catalog Targeting Federal Assets

#KEV Added #Active Exploitation #Security Advisory #Microsoft #WatchGuard #Gladinet #Race Condition

🔔CISA added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-9242 (WatchGuard Firebox out-of-bounds write), CVE-2025-12480 (Gladinet Triofox improper access control), and CVE-2025-62215 (Microsoft Windows race condition). Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by the required due dates. CISA urges all organizations to prioritize timely remediation and other mitigations to reduce exposure to active threats.

read more →

Tue, September 9, 2025

Microsoft September 2025 Patch Tuesday: 86 Fixes Guidance

#Patch #Security Advisory #Microsoft #Snort #Use-After-Free #Race Condition #Privilege Escalation #Stack Overflow

🔒Microsoft released its September 2025 security update addressing 86 vulnerabilities across Windows, Office, DirectX, Hyper-V and related components. Microsoft reported no active in-the-wild exploitation but identified eight flaws where exploitation is more likely, including a network RCE in NTFS (CVE-2025-54916). Talos published Snort rules to detect attempts and recommends administrators prioritize patches and update IDS/IPS signatures promptly.

read more →

Thu, September 4, 2025

CISA Adds Three CVEs to Known Exploited Vulnerabilities

#KEV Added #Security Advisory #Insecure Deserialization #Race Condition #Linux Kernel #Android Runtime #Sitecore

🔔 CISA has added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-38352 (Linux kernel TOCTOU race condition), CVE-2025-48543 (Android Runtime unspecified vulnerability), and CVE-2025-53690 (Sitecore multiple-products deserialization). Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate cataloged CVEs by the required due dates. Although the directive applies to FCEB agencies, CISA strongly urges all organizations to prioritize timely remediation, patching, and vulnerability management to reduce exposure to active exploitation.

read more →

Wed, August 6, 2025

Talos Discloses Multiple WWBN, MedDream, ThreadX Flaws

#Eclipse ThreadX #MedDream #Patch #Privilege Escalation #Race Condition #RCE #Security Advisory #SSRF #WWBN

🔒 Cisco Talos disclosed multiple vulnerabilities across WWBN AVideo, MedDream PACS Premium, and the Eclipse ThreadX FileX component. The issues include several reflected and stored XSS flaws, a race condition and incomplete blacklist handling in AVideo that can be chained to achieve arbitrary code execution, privilege escalation and credential exposure in MedDream, and a RAM-disk buffer overflow in FileX that can lead to remote code execution on embedded devices. All affected vendors issued patches per Cisco’s disclosure policy, and Talos advises deploying vendor fixes and using Snort rule updates and Talos advisories for detection and mitigation guidance.

read more →