Snapshot
Oct. 12, 2024 - Oct. 18, 2024
CISA Known Exploited Vulnerabilities |
||||
|---|---|---|---|---|
| CVE | Summary | Severity | Vendor | Date Added |
| CVE-2024-40711 | Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution. | CRITICAL | Veeam | Oct. 17, 2024 |
| CVE-2024-9680 | Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process. | CRITICAL | Mozilla | Oct. 15, 2024 |
| CVE-2024-28987 | SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data. | CRITICAL | SolarWinds | Oct. 15, 2024 |
| CVE-2024-30088 | Microsoft Windows Kernel contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that could allow for privilege escalation. | HIGH | Microsoft | Oct. 15, 2024 |
Newswires |
||||
|
New Speculative Execution Attacks Bypass Spectre Mitigations on Intel and AMD CPUs on Linux
New speculative execution attacks have been identified that circumvent existing Spectre mitigations on Intel and AMD CPUs operating on Linux. |
Oct. 18, 2024 |
|||
|
Microsoft Uncovers 'HM Surf' Vulnerability in macOS TCC Framework
Microsoft has identified a vulnerability in Apple's Transparency, Consent, and Control (TCC) framework on macOS, which is designed to safeguard user privacy by controlling how applications access sensitive data and system resources. |
Oct. 18, 2024 |
|||
|
Iran's APT34 Ramps Up Espionage Using MS Exchange Servers
APT34, also known as Earth Simnavaz, OilRig, MuddyWater, Crambus, Europium, Hazel Sandstorm, is a threat group associated with Iran's Ministry of Intelligence and Security (MOIS). |
Oct. 17, 2024 |
|||
|
Iranian Cybercriminals Act as Brokers to Sell Access to Critical Infrastructure
Iranian cybercriminals are penetrating critical infrastructure organizations to accumulate credentials and network data, which they subsequently sell on cybercriminal platforms. |
Oct. 16, 2024 |
|||
|
Rise in Zero-Day Exploits: A Growing Threat in 2023
Google, in collaboration with Mandiant security analysts, has reported a concerning trend in 2023 where 70% of disclosed vulnerabilities that were actively exploited were zero-days. |
Oct. 16, 2024 |
|||
|
Critical Vulnerability in Kubernetes Image Builder Allows Root SSH Access to VMs
A critical flaw has been identified in Kubernetes, an open-source platform used for automating the deployment, scaling, and operation of application containers. |
Oct. 16, 2024 |
|||
|
North Korean Group ScarCruft Exploits Windows Zero-Day to Disseminate RokRAT Malware
ScarCruft, a North Korean threat actor, has been associated with exploiting a zero-day vulnerability in Windows to infect devices with RokRAT malware. |
Oct. 16, 2024 |
|||
|
Sidewinder APT Group Expands Geographic Reach in Latest Cyberattack Spree
The Sidewinder APT group, known to be sponsored by India, has broadened its attack scope, targeting multiple entities across Asia, Africa, the Middle East, and Europe. |
Oct. 16, 2024 |
|||
|
Critical Vulnerability in GitHub Enterprise Server Addressed
GitHub has rectified a critical vulnerability in its Enterprise Server that was capable of providing unauthorized access to the affected instances. |
Oct. 16, 2024 |
|||
|
China Denounces U.S. Claims of Volt Typhoon Cyber Espionage, Alleges Fabrication
China's National Computer Virus Emergency Response Center (CVERC) has accused the U.S. and its allies of inventing the Volt Typhoon cyber threat to hide their own cyber espionage activities. |
Oct. 15, 2024 |
|||
|
Nation-State Threat Actors Exploit Ivanti CSA Zero-Day Vulnerabilities
A trio of zero-day vulnerabilities in Ivanti's Cloud Service Appliance (CSA) has been leveraged by a highly skilled cyberattacker to breach a target network and carry out malicious activities. |
Oct. 14, 2024 |
|||
|
CISA Updates Known Exploited Vulnerabilities Catalog with Ivanti CSA and Fortinet Products Bugs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included new vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog. |
Oct. 14, 2024 |
|||
|
Iran's APT34 Intensifies Cyberattacks Exploiting Windows Flaw
Iran's state-sponsored hacking group, APT34, also known as OilRig, has been ramping up its cyberattacks against government and critical infrastructure entities in the United Arab Emirates and the Gulf region. |
Oct. 13, 2024 |
|||
|
Russian APT29 Group Targets Zimbra and JetBrains TeamCity Servers
APT29, a cyber espionage group associated with Russia, is actively exploiting vulnerabilities in Zimbra and JetBrains TeamCity servers. |
Oct. 13, 2024 |
|||
Vulnerabilities In The News |
||||
| CVE | Summary | Severity | Vendor | Risk Context |
| CVE-2024-9486 (5) | A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled dur... | CRITICAL | Risk Context N/A | |
| CVE-2024-9680 (4) | An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. | CRITICAL | Mozilla |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2024-28987 (6) | The SolarWinds Web Help Desk software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated u... | CRITICAL | Solarwinds |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2024-8963 (3) | Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | CRITICAL | Ivanti |
CISA Known Exploited |
| CVE-2017-11882 (4) | Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microso... | HIGH | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2024-8190 (4) | An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote au... | HIGH | Ivanti |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2024-9380 (3) | An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticat... | HIGH | Ivanti |
CISA Known Exploited Remote Code Execution Public Exploits Available |
| CVE-2024-30088 (7) | Windows Kernel Elevation of Privilege Vulnerability | HIGH | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2024-9594 (5) | A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled dur... | MEDIUM | Risk Context N/A | |
| CVE-2024-44133 (4) | This issue was addressed by removing the vulnerable code. | MEDIUM | Apple |
Actively Exploited Remote Code Execution |
CISA Known Exploited Vulnerabilities
CISA added four vulnerabilities to the known exploited vulnerabilities list.
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2024-9486 |
|
CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 16.43 |
|
Risk Context N/A |
|
Published: Oct. 15, 2024 |
|
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-9680 |
|
CRITICAL CVSS 9.80 EPSS Score 1.64 EPSS Percentile 87.90 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: Oct. 9, 2024 |
|
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0. |
|
Vendor Impacted: Mozilla |
|
Products Impacted: Firefox Esr, Firefox, Thunderbird |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-28987 |
|
CRITICAL CVSS 9.10 EPSS Score 96.02 EPSS Percentile 99.53 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: Aug. 21, 2024 |
|
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. |
|
Vendor Impacted: Solarwinds |
|
Product Impacted: Web Help Desk |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-8963 |
|
CRITICAL CVSS 9.10 EPSS Score 30.99 EPSS Percentile 97.05 |
|
CISA Known Exploited |
|
Published: Sept. 19, 2024 |
|
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. |
|
Vendor Impacted: Ivanti |
|
Products Impacted: Cloud Services Appliance (Csa), Endpoint Manager Cloud Services Appliance |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2017-11882 |
|
HIGH CVSS 7.80 EPSS Score 97.44 EPSS Percentile 99.96 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: Nov. 15, 2017 |
|
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884. |
|
Vendor Impacted: Microsoft |
|
Product Impacted: Office |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-8190 |
|
HIGH CVSS 7.20 EPSS Score 15.12 EPSS Percentile 95.95 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: Sept. 10, 2024 |
|
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability. |
|
Vendor Impacted: Ivanti |
|
Product Impacted: Cloud Services Appliance |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-9380 |
|
HIGH CVSS 7.20 EPSS Score 4.64 EPSS Percentile 92.76 |
|
CISA Known Exploited Remote Code Execution Public Exploits Available |
|
Published: Oct. 8, 2024 |
|
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. |
|
Vendor Impacted: Ivanti |
|
Products Impacted: Cloud Services Appliance (Csa), Endpoint Manager Cloud Services Appliance |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-30088 |
|
HIGH CVSS 7.00 EPSS Score 0.42 EPSS Percentile 74.72 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: June 11, 2024 |
|
Windows Kernel Elevation of Privilege Vulnerability |
|
Vendor Impacted: Microsoft |
|
Products Impacted: Windows 10 22h2, Windows Server 2022, Windows Server 2019, Windows 10 21h2, Windows Server 2022 23h2, Windows Server 2016, Windows 10 1809, Windows 11 22h2, Windows 10 1607, Windows , Windows 11 23h2, Windows 11 21h2, Windows 10 1507 |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-9594 |
|
MEDIUM CVSS 6.30 EPSS Score 0.04 EPSS Percentile 16.43 |
|
Risk Context N/A |
|
Published: Oct. 15, 2024 |
|
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusion of the image build process. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project. Because these images were vulnerable during the image build process, they are affected only if an attacker was able to reach the VM where the image build was happening and used the vulnerability to modify the image at the time the image build was occurring. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-44133 |
|
MEDIUM CVSS 5.50 EPSS Score 0.04 EPSS Percentile 9.69 |
|
Actively Exploited Remote Code Execution |
|
Published: Sept. 17, 2024 |
|
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. On MDM managed devices, an app may be able to bypass certain Privacy preferences. |
|
Vendor Impacted: Apple |
|
Product Impacted: Macos |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.
