Snapshot
April 27, 2024 - May 3, 2024
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
CVE | Summary | Severity | Vendor | Date Added |
CVE-2023-7028 | GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover. | HIGH | GitLab | May 1, 2024 |
CVE-2024-29988 | Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file. | HIGH | Microsoft | April 30, 2024 |
Newswires |
||||
Goldoon Botnet Exploits Old D-Link Router Vulnerability for Further Attacks
A previously unseen botnet, termed Goldoon, is exploiting a critical security flaw in D-Link routers that dates back nearly a decade. |
May 2, 2024 |
|||
Active Exploitation of GitLab Vulnerability: CISA Issues Warning
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about active exploitation of a high-severity GitLab vulnerability. |
May 1, 2024 |
|||
Rise in USB-Based Cyberattacks on Operational Technology Systems
Cyberattackers are increasingly using removable media, specifically USB devices, to infiltrate operational technology (OT) networks. |
April 30, 2024 |
|||
Newly Discovered R Programming Language Vulnerability Could Lead to Supply Chain Attacks
A newly identified security vulnerability in the R programming language could be exploited to execute code when a malicious RDS file is loaded and referenced. |
April 29, 2024 |
|||
Brocade SANnav Management Software Vulnerabilities Allow Device Compromise
Multiple vulnerabilities have been identified in Brocade's SANnav storage area network (SAN) management application, posing a potential threat to affected devices. |
April 29, 2024 |
|||
Ukraine Targeted by Exploitation of Seven-Year-Old Microsoft Office Vulnerability
Deep Instinct Threat Lab has detected a targeted cyber operation against Ukraine that exploits a nearly seven-year-old vulnerability in Microsoft Office. |
April 28, 2024 |
|||
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2024-4040 (2) | A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows u... | CRITICAL | Crushftp |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2024-3400 (2) | A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks P... | CRITICAL | Paloaltonetworks, Palo Alto Networks |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2021-44228 (2) | Apache Log4j2 2.0-beta9 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect agai... | CRITICAL | Sonicwall, Cisco, Siemens, Intel, Apache, Snowsoftware, Bentley, Debian, Netapp, Percussion, Fedoraproject |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2024-29021 (2) | Judge0 is an open-source online code execution system. | CRITICAL |
Remote Code Execution |
|
CVE-2024-27322 (7) | Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to... | HIGH |
Remote Code Execution |
|
CVE-2024-1708 (2) | ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ab... | HIGH | Connectwise |
Public Exploits Available |
CVE-2017-8570 (2) | Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsof... | HIGH | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-20963 (1) | In WorkSource, there is a possible parcel mismatch. | HIGH | Google, Android |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-7028 (6) | An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 pri... | HIGH | Gitlab |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2024-20345 (2) | A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacke... | MEDIUM | Risk Context N/A |
CISA Known Exploited Vulnerabilities
CISA added two vulnerabilities to the known exploited vulnerabilities list.
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2024-4040 |
CRITICAL CVSS 10.00 EPSS Score 1.60 EPSS Percentile 87.32 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: April 22, 2024 |
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. |
Vendor Impacted: Crushftp |
Product Impacted: Crushftp |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2024-3400 |
CRITICAL CVSS 10.00 EPSS Score 95.36 EPSS Percentile 99.34 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: April 12, 2024 |
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. |
Vendors Impacted: Paloaltonetworks, Palo Alto Networks |
Product Impacted: Pan-Os |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2021-44228 |
CRITICAL CVSS 10.00 EPSS Score 97.56 EPSS Percentile 100.00 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: Dec. 10, 2021 |
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. |
Vendors Impacted: Sonicwall, Cisco, Siemens, Intel, Apache, Snowsoftware, Bentley, Debian, Netapp, Percussion, Fedoraproject |
Products Impacted: Log4j, Log4j2, Siveillance Vantage, Cloud Secure Agent, Virtualized Infrastructure Manager, Fog Director, Siveillance Command, Sentron Powermanager, Dna Spaces\, Nx, Unified Contact Center Express, Wan Automation Engine, Opcenter Intelligence, Virtual Topology System, Rhythmyx, Siveillance Control Pro, Crosswork Data Gateway, Cloud Manager, Emergency Responder, Firepower 9300, Identity Services Engine, Integrated Management Controller Supervisor, Active Iq Unified Manager, Customer Experience Cloud Agent, Secure Device Onboard, Firepower 4110, Crosswork Optimization Engine, Industrial Edge Management Hub, Firepower 4112, Desigo Cc Info Center, Gma-Manager, Synchro 4d, Automated Subsea Tuning, System Studio, Unified Sip Proxy, Unified Workforce Optimization, Cloudcenter Suite Admin, Captial, Common Services Platform Collector, Firepower 2110, Desigo Cc Advanced Reports, Solid Edge Cam Pro, Nexus Insights, Oncommand Insight, Firepower 4125, Unified Communications Manager Im And Presence Service, Finesse,... |
Headlines |
Back to top ↑ |
CVE-2024-29021 |
CRITICAL CVSS 9.00 EPSS Score 0.04 EPSS Percentile 8.27 |
Remote Code Execution |
Published: April 18, 2024 |
Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSRF). This allows an attacker with sufficient access to the Judge0 API to obtain unsandboxed code execution as root on the target machine. This vulnerability is fixed in 1.13.1. |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2024-27322 |
HIGH CVSS 8.80 EPSS Score 0.04 EPSS Percentile 14.37 |
Remote Code Execution |
Published: April 29, 2024 |
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2024-1708 |
HIGH CVSS 8.40 EPSS Score 0.05 EPSS Percentile 17.92 |
Public Exploits Available |
Published: Feb. 21, 2024 |
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems. |
Vendor Impacted: Connectwise |
Product Impacted: Screenconnect |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2017-8570 |
HIGH CVSS 7.80 EPSS Score 97.34 EPSS Percentile 99.88 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: July 11, 2017 |
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243. |
Vendor Impacted: Microsoft |
Product Impacted: Office |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2023-20963 |
HIGH CVSS 7.80 EPSS Score 0.22 EPSS Percentile 60.50 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: March 24, 2023 |
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519 |
Vendors Impacted: Google, Android |
Products Impacted: Framework, Android |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2023-7028 |
HIGH CVSS 7.50 EPSS Score 95.38 EPSS Percentile 99.34 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: Jan. 12, 2024 |
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address. |
Vendor Impacted: Gitlab |
Products Impacted: Gitlab Ce/ee, Gitlab |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2024-20345 |
MEDIUM CVSS 6.50 EPSS Score 0.04 EPSS Percentile 8.27 |
Risk Context N/A |
Published: March 6, 2024 |
A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device. |
Quotes
|
Headlines |
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.