Snapshot
Dec. 21, 2024 - Dec. 27, 2024
CISA Known Exploited Vulnerabilities |
||||
|---|---|---|---|---|
| CVE | Summary | Severity | Vendor | Date Added |
| CVE-2021-44207 | Acclaim Systems USAHERDS contains a hard-coded credentials vulnerability that could allow an attacker to achieve remote code execution on the system that runs the application. The MachineKey must be obtained via a separate vulnerability or other channel. | HIGH | Acclaim Systems | Dec. 23, 2024 |
Newswires |
||||
|
Palo Alto Networks Firewalls Targeted by Hackers Exploiting DoS Flaw
Palo Alto Networks has alerted its users about hackers taking advantage of a denial of service (DoS) vulnerability, identified as CVE-2024-3393, to disable its firewall protections. |
Dec. 27, 2024 |
|||
|
Surge in Botnet Activity Targets D-Link Vulnerabilities: A Focus on FICORA and CAPSAICIN
FortiGuard Labs researchers have noticed a sharp increase in activity associated with two botnets, FICORA and CAPSAICIN, both variants of Mirai and Kaiten respectively. |
Dec. 27, 2024 |
|||
|
Cloud Atlas Targets Russia with VBCloud Malware
Cloud Atlas, also known as Clean Ursa, Inception, Oxygen, and Red October, has been implementing a previously unknown malware, VBCloud, in its cyber attack campaigns. |
Dec. 27, 2024 |
|||
|
Adobe Issues Emergency Updates for Critical ColdFusion Flaw
In an unexpected move, Adobe has rolled out security updates to address a critical vulnerability in its ColdFusion software, identified as CVE-2024-53961. |
Dec. 23, 2024 |
|||
|
U.S. Court Delivers Verdict Against NSO Group in WhatsApp Spyware Case
WhatsApp has emerged victorious in a lawsuit against NSO Group, an Israeli surveillance firm, in a U.S. court. |
Dec. 23, 2024 |
|||
|
Apache Addresses Critical Vulnerability in Tomcat Web Server
Apache has launched a crucial security patch to address a severe vulnerability in its Tomcat web server. |
Dec. 23, 2024 |
|||
Vulnerabilities In The News |
||||
| CVE | Summary | Severity | Vendor | Risk Context |
| CVE-2024-45387 (5) | An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role... | CRITICAL |
Remote Code Execution |
|
| CVE-2024-50379 (4) | Time-of-check Time-of-use Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insens... | CRITICAL |
Remote Code Execution Public Exploits Available |
|
| CVE-2024-12356 (3) | A critical vulnerability has been discovered in Privileged Remote Access and Remote Support products which can allow an una... | CRITICAL | Beyondtrust |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2018-17532 (3) | Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabil... | CRITICAL | Teltonika | Risk Context N/A |
| CVE-2023-1389 (3) | TP-Link Archer AX21 firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country... | HIGH | Tp-Link |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2018-0802 (3) | Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a rem... | HIGH | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2024-53961 (4) | ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directo... | HIGH |
Actively Exploited |
|
| CVE-2024-56337 (6) | Time-of-check Time-of-use Race Condition vulnerability in Apache Tomcat. | N/A | Risk Context N/A | |
| CVE-2024-3393 (4) | A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated... | N/A | Palo Alto Networks |
CISA Known Exploited Actively Exploited Remote Code Execution |
| CVE-2024-43441 (4) | Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. | N/A | Risk Context N/A | |
CISA Known Exploited Vulnerabilities
CISA added one vulnerability to the known exploited vulnerabilities list.
Acclaim Systems — USAHERDS |
|
CVE-2021-44207 / Added: Dec. 23, 2024 |
|
HIGH CVSS 8.10 EPSS Score 0.78 EPSS Percentile 81.22 |
|
Acclaim Systems USAHERDS contains a hard-coded credentials vulnerability that could allow an attacker to achieve remote code execution on the system that runs the application. The MachineKey must be obtained via a separate vulnerability or other channel. |
|
Headlines
|
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2024-45387 |
|
CRITICAL CVSS 9.90 EPSS Score 0.04 EPSS Percentile 10.94 |
|
Remote Code Execution |
|
Published: Dec. 23, 2024 |
|
An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-50379 |
|
CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 10.94 |
|
Remote Code Execution Public Exploits Available |
|
Published: Dec. 17, 2024 |
|
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-12356 |
|
CRITICAL CVSS 9.80 EPSS Score 1.30 EPSS Percentile 85.59 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: Dec. 17, 2024 |
|
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. |
|
Vendor Impacted: Beyondtrust |
|
Products Impacted: Privileged Remote Access (Pra) And Remote Support (Rs) , Remote Support, Privileged Remote Access |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2018-17532 |
|
CRITICAL CVSS 9.80 EPSS Score 1.46 EPSS Percentile 86.43 |
|
Risk Context N/A |
|
Published: Oct. 15, 2018 |
|
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges. |
|
Vendor Impacted: Teltonika |
|
Products Impacted: Rut955, Rut900, Rut950 Firmware, Rut900 Firmware, Rut955 Firmware, Rut950 |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2023-1389 |
|
HIGH CVSS 8.80 EPSS Score 8.72 EPSS Percentile 94.52 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: March 15, 2023 |
|
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request. |
|
Vendor Impacted: Tp-Link |
|
Products Impacted: Archer Ax21 Firmware, Archer Ax21 |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2018-0802 |
|
HIGH CVSS 7.80 EPSS Score 95.56 EPSS Percentile 99.56 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: Jan. 10, 2018 |
|
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812. |
|
Vendor Impacted: Microsoft |
|
Products Impacted: Office Compatibility Pack, Word, Office |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2024-53961 |
|
HIGH CVSS 7.40 EPSS Score 0.09 EPSS Percentile 40.36 |
|
Actively Exploited |
|
Published: Dec. 23, 2024 |
|
ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-56337 |
|
CVSS Not Assigned EPSS Score 0.04 EPSS Percentile 10.94 |
|
Risk Context N/A |
|
Published: Dec. 20, 2024 |
|
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat: - running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true) - running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false) - running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed) Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-3393 |
|
CVSS Not Assigned EPSS Score 0.04 EPSS Percentile 10.94 |
|
CISA Known Exploited Actively Exploited Remote Code Execution |
|
Published: Dec. 27, 2024 |
|
A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode. |
|
Vendor Impacted: Palo Alto Networks |
|
Product Impacted: Pan-Os |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-43441 |
|
CVSS Not Assigned EPSS Score 0.04 EPSS Percentile 10.94 |
|
Risk Context N/A |
|
Published: Dec. 24, 2024 |
|
Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.
