Snapshot
July 20, 2024 - July 26, 2024
CISA Known Exploited Vulnerabilities |
||||
|---|---|---|---|---|
| CVE | Summary | Severity | Vendor | Date Added |
| CVE-2012-4792 | Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object. | HIGH | Microsoft | July 23, 2024 |
| CVE-2024-39891 | Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy. | MEDIUM | Twilio | July 23, 2024 |
Newswires |
||||
|
Massive 'PKFail' Secure Boot Bypass Threatens Millions of Devices
A significant number of computing systems based on Intel and ARM microprocessors, from multiple vendors, are vulnerable to a secure boot bypass issue dubbed 'PKFail'. |
July 26, 2024 |
|||
|
Acronis Alerts Users on Cyber Infrastructure Default Password Exploitation
Acronis has alerted its customers to a critical security vulnerability in its Cyber Infrastructure that could allow attackers to bypass server authentication using default credentials. |
July 26, 2024 |
|||
|
High-Severity DoS Vulnerabilities in BIND Software Suite Addressed by ISC
The Internet Systems Consortium (ISC) has released updates for BIND, a DNS software suite, to rectify high-severity DoS vulnerabilities. |
July 26, 2024 |
|||
|
Exploitation of Critical ServiceNow Flaws for Data Theft: A Rising Concern
Cybercriminals are exploiting critical Remote Code Execution (RCE) flaws in ServiceNow, a widely used cloud-based platform, to steal credentials. |
July 25, 2024 |
|||
|
Critical Remote Code Execution Vulnerability in Telerik Report Server: Urgent Patch Required
Progress Software has alerted its customers to a critical remote code execution (RCE) security flaw in the Telerik Report Server. |
July 25, 2024 |
|||
|
Google Cloud Platform's 'ConfusedFunction' Vulnerability Uncovered by Cybersecurity Researchers
Cybersecurity researchers have discovered a privilege escalation vulnerability in the Google Cloud Platform's Cloud Functions service, which has been named 'ConfusedFunction'. |
July 25, 2024 |
|||
|
Critical Docker Engine Vulnerability Bypasses Authorization Plugins
Docker has issued a warning about a critical vulnerability affecting certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) in certain situations. |
July 25, 2024 |
|||
|
Critical Authentication Bypass Flaw Addressed in Docker
Docker has implemented security updates to rectify a critical vulnerability that could potentially allow an attacker to bypass authorization plugins under specific circumstances. |
July 24, 2024 |
|||
|
Cybercriminals Continue Exploiting Microsoft SmartScreen Vulnerability in Global Infostealing Campaigns
Cybercriminals are exploiting a vulnerability in Microsoft Defender SmartScreen, CVE-2024-21412, in an ongoing global infostealing campaign. |
July 24, 2024 |
|||
|
Chinese APT Group Daggerfly Enhances Its Malware Arsenal
Chinese APT group Daggerfly, also known as Evasive Panda or Bronze Highland, has updated its malware toolkit with a new malware family and an enhanced version of the Macma macOS backdoor. |
July 24, 2024 |
|||
|
CISA Adds Two More Vulnerabilities to its Exploited Flaws Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) list with the addition of two more security flaws that have evidence of active exploitation. |
July 24, 2024 |
|||
|
Ukrainian Research Institution Targeted by HATVIBE and CHERRYSPY Malware
The Ukrainian Computer Emergency Response Team (CERT-UA) has issued a warning regarding a spear-phishing campaign aimed at a Ukrainian scientific research institution. |
July 23, 2024 |
|||
|
CISA Updates Known Exploited Vulnerabilities Catalog with Adobe, SolarWinds, and VMware Bugs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. |
July 21, 2024 |
|||
Vulnerabilities In The News |
||||
| CVE | Summary | Severity | Vendor | Risk Context |
| CVE-2021-44228 (5) | Apache Log4j2 2.0-beta9 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect agai... | CRITICAL | Apache, Sonicwall, Debian, Siemens, Apple, Snowsoftware, Cisco, Netapp, Intel, Bentley, Percussion, Fedoraproject |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
| CVE-2024-41110 (6) | Moby is an open-source project created by Docker for software containerization. | CRITICAL |
Remote Code Execution Public Exploits Available |
|
| CVE-2024-1800 (4) | In Progress® Telerik® Report Server versions prior to 2024 Q1 , a remote code execution attack is possible through an insecu... | CRITICAL |
Remote Code Execution Public Exploits Available |
|
| CVE-2024-6327 (6) | In Progress® Telerik® Report Server versions prior to 2024 Q2 , a remote code execution attack is possible through an insecur... | CRITICAL | Progress |
Remote Code Execution |
| CVE-2024-4358 (5) | In Progress Telerik Report Server, version 2024 Q1 or earlier, on IIS, an unauthenticated attacker can gain access to Teleri... | CRITICAL | Telerik, Progress |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2024-4879 (3) | ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. | CRITICAL | Servicenow |
CISA Known Exploited Public Exploits Available |
| CVE-2012-4792 (3) | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via... | HIGH | Microsoft |
CISA Known Exploited Public Exploits Available |
| CVE-2024-21412 (4) | Internet Shortcut Files Security Feature Bypass Vulnerability | HIGH | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2024-38112 (4) | Windows MSHTML Platform Spoofing Vulnerability | HIGH | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution |
| CVE-2024-39891 (3) | In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint pro... | MEDIUM | Twilio |
CISA Known Exploited |
CISA Known Exploited Vulnerabilities
CISA added two vulnerabilities to the known exploited vulnerabilities list.
Microsoft — Internet Explorer |
|
CVE-2012-4792 / Added: July 23, 2024 |
|
HIGH CVSS 9.30 EPSS Score 92.14 EPSS Percentile 98.99 |
|
Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object. |
|
Headlines
|
Twilio — Authy |
|
CVE-2024-39891 / Added: July 23, 2024 |
|
MEDIUM CVSS 5.30 EPSS Score 11.79 EPSS Percentile 95.36 |
|
Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy. |
|
Headlines
|
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2021-44228 |
|
CRITICAL CVSS 10.00 EPSS Score 96.98 EPSS Percentile 99.77 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
|
Published: Dec. 10, 2021 |
|
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. |
|
Vendors Impacted: Apache, Sonicwall, Debian, Siemens, Apple, Snowsoftware, Cisco, Netapp, Intel, Bentley, Percussion, Fedoraproject |
|
Products Impacted: Cloudcenter Workload Manager, Log4j2, Common Services Platform Collector, Firepower 4120, Vm Access Proxy, Snapcenter, Virtual Topology System, Firepower 2140, Spectrum Power 7, Iot Operations Dashboard, Data Center Manager, Mendix, Rhythmyx, Smart Phy, Connected Mobile Experiences, Siguard Dsa, Siveillance Viewpoint, Dna Center, Siveillance Identity, Crosswork Zero Touch Provisioning, Firepower 4112, E-Car Operation Center, Solid Edge Harness Design, Unified Communications Manager Im And Presence Service, Crosswork Platform Infrastructure, System Debugger, Firepower 4145, Unified Workforce Optimization, Snow Commander, Firepower 2120, Customer Experience Cloud Agent, Audio Development Kit, Packaged Contact Center Enterprise, Advanced Malware Protection Virtual Private Cloud Appliance, Cloudcenter Cost Optimizer, Fog Director, Active Iq Unified Manager, Desigo Cc Info Center, Sensor Solution Firmware Development Kit, Crosswork Optimization Engine, Opcenter Intelligence, Cloud Insights, Oneapi Sample... |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-41110 |
|
CRITICAL CVSS 9.90 EPSS Score 0.04 EPSS Percentile 16.13 |
|
Remote Code Execution Public Exploits Available |
|
Published: July 24, 2024 |
|
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it. A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted. Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable. docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.0, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-1800 |
|
CRITICAL CVSS 9.90 EPSS Score 0.05 EPSS Percentile 16.77 |
|
Remote Code Execution Public Exploits Available |
|
Published: March 20, 2024 |
|
In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-6327 |
|
CRITICAL CVSS 9.80 EPSS Score 0.07 EPSS Percentile 31.30 |
|
Remote Code Execution |
|
Published: July 24, 2024 |
|
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. |
|
Vendor Impacted: Progress |
|
Product Impacted: Telerik Report Server |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-4358 |
|
CRITICAL CVSS 9.80 EPSS Score 94.15 EPSS Percentile 99.21 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: May 29, 2024 |
|
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. |
|
Vendors Impacted: Telerik, Progress |
|
Products Impacted: Telerik Report Server, Report Server 2024 |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-4879 |
|
CRITICAL CVSS 9.80 EPSS Score 0.90 EPSS Percentile 82.86 |
|
CISA Known Exploited Public Exploits Available |
|
Published: July 10, 2024 |
|
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible. |
|
Vendor Impacted: Servicenow |
|
Product Impacted: Utah, Vancouver, And Washington Dc Now |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2012-4792 |
|
HIGH CVSS 9.30 EPSS Score 92.14 EPSS Percentile 98.99 |
|
CISA Known Exploited Public Exploits Available |
|
Published: Dec. 30, 2012 |
|
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. |
|
Vendor Impacted: Microsoft |
|
Products Impacted: Windows Server 2003, Internet Explorer, Windows Xp |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-21412 |
|
HIGH CVSS 8.10 EPSS Score 0.30 EPSS Percentile 69.72 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: Feb. 13, 2024 |
|
Internet Shortcut Files Security Feature Bypass Vulnerability |
|
Vendor Impacted: Microsoft |
|
Products Impacted: Windows 11 21h2, Windows Server 2019, Windows Server 2022, Windows 11 23h2, Windows 10 22h2, Windows 10 21h2, Windows 10 1809, Windows, Windows 11 22h2, Windows Server 2022 23h2 |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-38112 |
|
HIGH CVSS 7.50 EPSS Score 1.61 EPSS Percentile 87.59 |
|
CISA Known Exploited Actively Exploited Remote Code Execution |
|
Published: July 9, 2024 |
|
Windows MSHTML Platform Spoofing Vulnerability |
|
Vendor Impacted: Microsoft |
|
Products Impacted: Windows 11 21h2, Windows Server 2016, Windows Server 2019, Windows 11 23h2, Windows Server 2022, Windows 10 1607, Windows 10 22h2, Windows Server 2012, Windows 10 21h2, Windows 10 1507, Windows 10 1809, Windows, Windows 11 22h2, Windows Server 2022 23h2, Windows Server 2008 |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-39891 |
|
MEDIUM CVSS 5.30 EPSS Score 11.79 EPSS Percentile 95.36 |
|
CISA Known Exploited |
|
Published: July 2, 2024 |
|
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and responded with information about whether each phone number was registered with Authy. (Authy accounts were not compromised, however.) |
|
Vendor Impacted: Twilio |
|
Products Impacted: Authy, Authy Authenticator |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.
