Snapshot
Jan. 4, 2025 - Jan. 10, 2025
CISA Known Exploited Vulnerabilities |
||||
|---|---|---|---|---|
| CVE | Summary | Severity | Vendor | Date Added |
| CVE-2025-0282 | Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution. | CRITICAL | Ivanti | Jan. 8, 2025 |
| CVE-2020-2883 | Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3. | CRITICAL | Oracle | Jan. 7, 2025 |
| CVE-2024-41713 | Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server. | CRITICAL | Mitel | Jan. 7, 2025 |
| CVE-2024-55550 | Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server. | LOW | Mitel | Jan. 7, 2025 |
Newswires |
||||
|
Critical Security Vulnerabilities Detected in Moxa Industrial Devices
Moxa, a company specializing in industrial networking and communication solutions, has alerted its customers about two significant security vulnerabilities affecting several of its device models. |
Jan. 6, 2025 |
|||
|
Eagerbee Malware Targets Middle Eastern Government and ISPs
The Eagerbee malware framework is seeing new variants being used against government entities and ISPs in the Middle East. |
Jan. 6, 2025 |
|||
Vulnerabilities In The News |
||||
| CVE | Summary | Severity | Vendor | Risk Context |
| CVE-2024-9140 (4) | Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. | CRITICAL | Risk Context N/A | |
| CVE-2021-26855 (4) | Microsoft Exchange Server Remote Code Execution Vulnerability | CRITICAL | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
| CVE-2025-0282 (3) | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2,... | CRITICAL | Ivanti |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2024-20154 (3) | In Modem, there is a possible out of bounds write due to a missing bounds check. | HIGH |
Remote Code Execution |
|
| CVE-2024-20146 (2) | In wlan STA driver, there is a possible out of bounds write due to improper input validation. | HIGH | Risk Context N/A | |
| CVE-2024-43405 (6) | Nuclei is a vulnerability scanner powered by YAML based templates. | HIGH | Projectdiscovery |
Remote Code Execution |
| CVE-2024-49113 (1) | Windows Lightweight Directory Access Protocol Denial of Service Vulnerability | HIGH | Microsoft |
Public Exploits Available |
| CVE-2024-9138 (4) | Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2... | HIGH | Risk Context N/A | |
| CVE-2024-12856 (3) | The Four-Faith router models F3x24 and F3x36 are affected by an operating system command injection vulnerability. | HIGH |
Actively Exploited Remote Code Execution Public Exploits Available |
|
| CVE-2025-0283 (2) | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2,... | HIGH | Ivanti | Risk Context N/A |
CISA Known Exploited Vulnerabilities
CISA added four vulnerabilities to the known exploited vulnerabilities list.
Ivanti — Connect Secure, Policy Secure, and ZTA Gateways |
|
CVE-2025-0282 / Added: Jan. 8, 2025 |
|
CRITICAL CVSS 9.00 EPSS Score 15.32 EPSS Percentile 95.90 |
|
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution. |
|
Headlines
|
Oracle — WebLogic Server |
|
CVE-2020-2883 / Added: Jan. 7, 2025 |
|
CRITICAL CVSS 9.80 EPSS Score 96.51 EPSS Percentile 99.73 |
|
Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3. |
|
Headlines |
Mitel — MiCollab |
|
CVE-2024-55550 / Added: Jan. 7, 2025 |
|
LOW CVSS 2.70 EPSS Score 42.72 EPSS Percentile 97.45 |
|
Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server. |
|
Headlines |
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2024-9140 |
|
CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 11.76 |
|
Risk Context N/A |
|
Published: Jan. 3, 2025 |
|
Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. This vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers to execute arbitrary code. This poses a significant risk to the system’s security and functionality. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2021-26855 |
|
CRITICAL CVSS 9.10 EPSS Score 97.51 EPSS Percentile 99.99 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
|
Published: March 3, 2021 |
|
Microsoft Exchange Server Remote Code Execution Vulnerability |
|
Vendor Impacted: Microsoft |
|
Product Impacted: Exchange Server |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2025-0282 |
|
CRITICAL CVSS 9.00 EPSS Score 15.32 EPSS Percentile 95.90 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: Jan. 8, 2025 |
|
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. |
|
Vendor Impacted: Ivanti |
|
Products Impacted: Policy Secure, Neurons For Zero-Trust Access, Connect Secure, Connect Secure, Policy Secure, And Zta Gateways |
|
Headlines
|
| Back to top ↑ |
CVE-2024-20154 |
|
HIGH CVSS 8.10 EPSS Score 0.04 EPSS Percentile 11.48 |
|
Remote Code Execution |
|
Published: Jan. 6, 2025 |
|
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00720348; Issue ID: MSV-2392. |
|
Headlines |
| Back to top ↑ |
CVE-2024-20146 |
|
HIGH CVSS 8.10 EPSS Score 0.04 EPSS Percentile 11.48 |
|
Risk Context N/A |
|
Published: Jan. 6, 2025 |
|
In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389496 / ALPS09137491; Issue ID: MSV-1835. |
|
Headlines |
| Back to top ↑ |
CVE-2024-43405 |
|
HIGH CVSS 7.80 EPSS Score 0.05 EPSS Percentile 23.73 |
|
Remote Code Execution |
|
Published: Sept. 4, 2024 |
|
Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template. The vulnerability is present in the template signature verification process, specifically in the `signer` package. The vulnerability stems from a discrepancy between how the signature verification process and the YAML parser handle newline characters, combined with the way multiple signatures are processed. This allows an attacker to inject malicious content into a template while maintaining a valid signature for the benign part of the template. CLI users are affected if they execute custom code templates from unverified sources. This includes templates authored by third parties or obtained from unverified repositories. SDK Users are affected if they are developers integrating Nuclei into their platforms, particularly if they permit the execution of custom code templates by end-users. The vulnerability is addressed in Nuclei v3.3.2. Users are strongly recommended to update to this version to mitigate the security risk. As an interim measure, users should refrain from using custom templates if unable to upgrade immediately. Only trusted, verified templates should be executed. Those who are unable to upgrade Nuclei should disable running custom code templates as a workaround. |
|
Vendor Impacted: Projectdiscovery |
|
Product Impacted: Nuclei |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-49113 |
|
HIGH CVSS 7.50 EPSS Score 0.05 EPSS Percentile 23.46 |
|
Public Exploits Available |
|
Published: Dec. 12, 2024 |
|
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
|
Vendor Impacted: Microsoft |
|
Products Impacted: Windows Server 2016, Windows 10 22h2, Windows Server 2008, Windows 10 1507, Windows 10 1607, Windows Server 2022, Windows Server 2025, Windows 11 22h2, Windows Server 2022 23h2, Windows 11 24h2, Windows 10 1809, Windows 10 21h2, Windows Server 2012, Windows Server 2019 |
|
Headlines |
| Back to top ↑ |
CVE-2024-9138 |
|
HIGH CVSS 7.20 EPSS Score 0.04 EPSS Percentile 11.48 |
|
Risk Context N/A |
|
Published: Jan. 3, 2025 |
|
Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-12856 |
|
HIGH CVSS 7.20 EPSS Score 0.05 EPSS Percentile 19.33 |
|
Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: Dec. 27, 2024 |
|
The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this firmware version has default credentials which, if not changed, would effectively change this vulnerability into an unauthenticated and remote OS command execution issue. |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2025-0283 |
|
HIGH CVSS 7.00 EPSS Score 0.04 EPSS Percentile 11.48 |
|
Risk Context N/A |
|
Published: Jan. 8, 2025 |
|
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges. |
|
Vendor Impacted: Ivanti |
|
Products Impacted: Policy Secure, Neurons For Zero-Trust Access, Connect Secure |
|
Headlines |
| Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.
