Snapshot
Sept. 7, 2024 - Sept. 13, 2024
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
CVE | Summary | Severity | Vendor | Date Added |
CVE-2024-43491 | Microsoft Windows Update contains a use-after-free vulnerability that allows for remote code execution. | CRITICAL | Microsoft | Sept. 10, 2024 |
CVE-2024-38014 | Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges. | HIGH | Microsoft | Sept. 10, 2024 |
CVE-2024-38226 | Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files. | HIGH | Microsoft | Sept. 10, 2024 |
CVE-2024-38217 | Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. | MEDIUM | Microsoft | Sept. 10, 2024 |
CVE-2024-40766 | SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash. | CRITICAL | SonicWall | Sept. 9, 2024 |
CVE-2016-3714 | ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image. | HIGH | ImageMagick | Sept. 9, 2024 |
CVE-2017-1000253 | Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges. | HIGH | Linux | Sept. 9, 2024 |
Newswires |
||||
Critical Security Flaw Found in GitLab Pipeline Execution: Immediate Updates Released
GitLab has rolled out critical updates to counteract multiple vulnerabilities, with the most severe one being CVE-2024-6678, which enables an attacker to initiate pipelines as arbitrary users under certain circumstances. |
Sept. 12, 2024 |
|||
Cybercriminals Target Selenium Grid Servers for Proxyjacking and Cryptomining
Cybercriminals are infecting exposed Selenium Grid servers with the aim of exploiting the victims' Internet bandwidth for cryptomining, proxyjacking, and potentially other malicious activities. |
Sept. 12, 2024 |
|||
Urgent Update Required: Adobe Patches Acrobat Reader Zero-Day Vulnerability
A cybersecurity expert is encouraging users to update Adobe Acrobat Reader following the release of a patch for a remote code execution zero-day vulnerability, for which a public proof-of-concept (PoC) exploit exists. |
Sept. 11, 2024 |
|||
Taiwanese Drone Makers Targeted by 'WordDrone' Attack Exploiting Old MS Word Flaw
The Acronis Threat Research Unit has unveiled a recent wave of cyber-attacks on Taiwanese drone manufacturers, which they've termed 'WordDrone'. |
Sept. 11, 2024 |
|||
Ivanti Addresses Critical RCE Vulnerability in Endpoint Management Software
Ivanti has successfully patched a critical vulnerability in its Endpoint Management software (EPM), which could have allowed unauthenticated attackers to remotely execute code on the core server. |
Sept. 10, 2024 |
|||
Microsoft Rectifies Zero-Day Flaw in Windows Smart App Control Exploited Since 2018
Microsoft has resolved a security flaw in its Windows Smart App Control and SmartScreen that has been exploited as a zero-day since at least 2018. |
Sept. 10, 2024 |
|||
Microsoft's September 2024 Patch Tuesday Addresses 79 Security Flaws Including 4 Zero-days
Microsoft's September 2024 Patch Tuesday saw the company release security updates for 79 flaws, among them four zero-days that are currently being exploited and one that has been disclosed to the public. |
Sept. 10, 2024 |
|||
NoName Ransomware Gang Expands Tactics, Now Deploying RansomHub Malware
The NoName ransomware gang, also known as CosmicBeetle, has been making a name for itself over the past three years by targeting small and medium-sized businesses worldwide. |
Sept. 10, 2024 |
|||
CISA Adds SonicWall SonicOS, ImageMagick, and Linux Kernel Bugs to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included SonicWall SonicOS, ImageMagick, and Linux Kernel vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog. |
Sept. 10, 2024 |
|||
Akira Ransomware Group Exploits SonicWall Vulnerability for Remote Code Execution
Threat actors, including Akira ransomware affiliates, have started exploiting a critical remote code execution (RCE) vulnerability that SonicWall disclosed and patched in its Gen 5, Gen 6, and some versions of its Gen 7 firewall products last month. |
Sept. 9, 2024 |
|||
Chinese APT Group Mustang Panda Exploits Visual Studio Code in Southeast Asian Cyberattacks
Mustang Panda, a China-linked advanced persistent threat (APT) group, has been found to be using Visual Studio Code software in its cyberattacks against government entities in Southeast Asia. |
Sept. 9, 2024 |
|||
Critical 10/10 Severity RCE Vulnerability Identified in Progress LoadMaster
Progress Software has urgently addressed a critical vulnerability, rated 10/10 in severity, that affects its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products. |
Sept. 8, 2024 |
|||
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2024-7591 (4) | Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster:... | CRITICAL |
Actively Exploited Remote Code Execution |
|
CVE-2024-43491 (11) | Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Op... | CRITICAL | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution |
CVE-2024-40766 (7) | An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading ... | CRITICAL | Sonicwall |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware |
CVE-2024-29847 (4) | Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a re... | CRITICAL | Ivanti |
Remote Code Execution Public Exploits Available |
CVE-2024-38018 (4) | Microsoft SharePoint Server Remote Code Execution Vulnerability | HIGH |
Remote Code Execution |
|
CVE-2024-38014 (9) | Windows Installer Elevation of Privilege Vulnerability | HIGH | Microsoft |
CISA Known Exploited Remote Code Execution |
CVE-2024-41869 (5) | Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Use After Free v... | HIGH |
Remote Code Execution |
|
CVE-2023-27532 (5) | Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be... | HIGH | Veeam |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2024-38226 (8) | Microsoft Publisher Security Feature Bypass Vulnerability | HIGH | Microsoft |
CISA Known Exploited |
CVE-2024-38217 (11) | Windows Mark of the Web Security Feature Bypass Vulnerability | MEDIUM | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution |
CISA Known Exploited Vulnerabilities
CISA added seven vulnerabilities to the known exploited vulnerabilities list.
ImageMagick — ImageMagick |
CVE-2016-3714 / Added: Sept. 9, 2024 |
HIGH CVSS 8.40 EPSS Score 97.36 EPSS Percentile 99.92 |
ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image. |
Headlines |
Linux — Kernel |
CVE-2017-1000253 / Added: Sept. 9, 2024 |
HIGH CVSS 7.80 EPSS Score 6.30 EPSS Percentile 93.78 |
Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges. |
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2024-7591 |
CRITICAL CVSS 10.00 EPSS Score 0.04 EPSS Percentile 9.58 |
Actively Exploited Remote Code Execution |
Published: Sept. 5, 2024 |
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2024-43491 |
CRITICAL CVSS 9.80 EPSS Score 2.32 EPSS Percentile 89.97 |
CISA Known Exploited Actively Exploited Remote Code Execution |
Published: Sept. 10, 2024 |
Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability. This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order. Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support. |
Vendor Impacted: Microsoft |
Products Impacted: Windows, Windows 10 1507 |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2024-40766 |
CRITICAL CVSS 9.80 EPSS Score 1.02 EPSS Percentile 84.13 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware |
Published: Aug. 23, 2024 |
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions. |
Vendor Impacted: Sonicwall |
Products Impacted: Nssp 13700, Soho 250, Nsa 6700, Tz 300p, Tz670, Sm 9400, Tz 600, Tz 500, Nsa 4600, Tz 400, Nssp 12800, Sohow, Nsa 2650, Sonicos, Nssp 12400, Soho 250w, Tz 600p, Nsa 4700, Soho, Nsa 3700, Sm9800, Tz 400w, Tz270, Tz470, Nsa 5600, Tz 350w, Sm 9450, Tz270w, Nsa 3650, Sm 9250, Nsa 3600, Tz370w, Tz570p, Nsa 4650, Tz 500w, Sm 9650, Tz 350, Tz470w, Nssp 10700, Sm 9600, Tz 300w, Nsa 2700, Tz370, Tz 300, Nsa 5650, Tz570w, Tz570, Nssp 11700, Sm 9200, Nsa 5700, Nsa 6650, Nsa 6600 |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2024-29847 |
CRITICAL CVSS 9.80 EPSS Score 0.07 EPSS Percentile 31.65 |
Remote Code Execution Public Exploits Available |
Published: Sept. 12, 2024 |
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. |
Vendor Impacted: Ivanti |
Product Impacted: Endpoint Manager |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2024-38018 |
HIGH CVSS 8.80 EPSS Score 0.05 EPSS Percentile 20.01 |
Remote Code Execution |
Published: Sept. 10, 2024 |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2024-38014 |
HIGH CVSS 7.80 EPSS Score 0.06 EPSS Percentile 23.61 |
CISA Known Exploited Remote Code Execution |
Published: Sept. 10, 2024 |
Windows Installer Elevation of Privilege Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: Windows Server 2016, Windows Server 2008, Windows 11 21h2, Windows 11 24h2, Windows 11 23h2, Windows Server 2022, Windows 11 22h2, Windows Server 2012, Windows 10 1507, Windows 10 22h2, Windows 10 1607, Windows Server 2022 23h2, Windows Server 2019, Windows 10 1809, Windows 10 21h2, Windows |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2024-41869 |
HIGH CVSS 7.80 |
Remote Code Execution |
Published: Sept. 13, 2024 |
Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-27532 |
HIGH CVSS 7.50 EPSS Score 3.08 EPSS Percentile 91.23 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: March 10, 2023 |
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. |
Vendor Impacted: Veeam |
Products Impacted: Veeam Backup \& Replication, Backup & Replication, Backup \& Replication |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2024-38226 |
HIGH CVSS 7.30 EPSS Score 0.05 EPSS Percentile 20.77 |
CISA Known Exploited |
Published: Sept. 10, 2024 |
Microsoft Publisher Security Feature Bypass Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: Publisher, Office |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2024-38217 |
MEDIUM CVSS 5.40 EPSS Score 0.27 EPSS Percentile 68.27 |
CISA Known Exploited Actively Exploited Remote Code Execution |
Published: Sept. 10, 2024 |
Windows Mark of the Web Security Feature Bypass Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: Windows Server 2016, Windows Server 2008, Windows 11 21h2, Windows 11 24h2, Windows 11 23h2, Windows Server 2022, Windows 11 22h2, Windows Server 2012, Windows 10 1507, Windows 10 22h2, Windows 10 1607, Windows Server 2022 23h2, Windows Server 2019, Windows 10 1809, Windows 10 21h2, Windows |
Quotes
|
Headlines
|
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.