/
/
Weekly Threat & Vulnerabilities Report

Weekly Threat & Vulnerabilities Report

Report
May 17, 2024
Profile Icon

Jason Franscisco

CVE-2024-30051
arrow pointing top right
Privilege Escalation
CISA-KEV
OSS
Zero Day
High
Affected Product
Windows DWM Core Library
CVSS Score
8.8
EPSS Score
0.00141
CVE-2024-30040
arrow pointing top right
Security Feature Bypass
CISA-KEV
OSS
Zero Day
High
Affected Product
Windows MSHTML Platform
CVSS Score
8.8
EPSS Score
0.00806
CVE-2024-4947
arrow pointing top right
Type Confusion
CISA-KEV
OSS
Zero Day
High
Affected Product
Google Chrome
Exploited-in-Wild
CVSS Score
8.8
EPSS Score
0.00229
Exploit Activity and Mass Scanning Observed on Cytellite Sensors
Telemetry collected from Loginsoft sensors were analyzed and processed to derive insights on what is actively being exploited and actively being scanned.  As source of truth, source IPv4 addresses & payloads can be provided on need-to-know basis.
CVE-2024-3273
arrow pointing top right
CISA-KEV
High

Command Injection vulnerability in D-Link DNS-320L,DNS-325, DNS-327L and DNS-340L up to 20240403

Affected Products
D-Link DNS devices
Exploited-in-Wild
CVE-2023-4966
arrow pointing top right
CISA-KEV
High

Sensitive information disclosure  vulnerability in NetScaler ADC and NetScaler Gateway

Affected Products
Citrix Netscaler
Exploited-in-Wild
CVE-2023-38646
arrow pointing top right
CISA-KEV
Critical

Remote code  execution vulnerability in Metabase open source before 0.46.6.1 and Metabase  Enterprise before 1.46.6.1.

Affected Products
Metabase open source/enterprise
CVE-2023-31192
arrow pointing top right
CISA-KEV
Medium

Information Disclosure vulnerability in the ClientConnect() functionality of SoftEther VPN .

Affected Products
SoftEther VPN
Exploited-in-Wild

False

CVE-2023-33010
arrow pointing top right
CISA-KEV
Critical

Buffer overflow vulnerability found in the ID processing function within Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1 and USG FLEX series devices.

Affected Products
Zyxel ATP series firmware
Exploited-in-Wild
CVE-2023-23752
arrow pointing top right
CISA-KEV
Medium

Improper Access Control Vulnerability in Joomla!

Affected Products
Joomla
Exploited-in-Wild
CVE-2022-30023
arrow pointing top right
CISA-KEV
High

Command injection vulnerability via the Ping function in Tenda Products.

Affected Products
Tenda Devices
Exploited-in-Wild
CVE-2023-1389
arrow pointing top right
CISA-KEV
High

Command Injection Vulnerability in TP-Link Archer AX-21.

Affected Products
TP-Link Archer AX-21
Exploited-in-Wild
CVE-2023-26801
arrow pointing top right
CISA-KEV
Critical

Command injection vulnerability in LB-LINK devices.

Affected Products
LB-LINK
Exploited-in-Wild
Vulnerabilities abused by Botnet
Identified vulnerabilities exploited by Botnets, including recent CVEs logged in Malware Information Sharing Platform (MISP). Presenting the top 5 CVEs with payloads suggestive of Botnet activities, like utilizing wget with IP addresses.

Command injection vulnerability affecting LB-LINK routers.

Affected Product
LB-LINK Devices
Abused by Botnet

Command Injection Vulnerability in TP-Link Archer AX-21.

Affected Product
TP-Link Archer AX-21

Remote code execution vulnerability in Huawei HG532 router

Affected Product
Huawei HG532
Abused by Botnet

Improper protocol access control vulnerability in Eir D1000 modem .

Vulnerabilities Abused by Malware
We proactively monitor the vulnerabilities which are targeted by adversaries. Each vulnerability is humanly studied and mapped with Mitre ATT&CK tactics and techniques. Source of information is derived from our vulnerability intelligence platform collected and curated information from various sources such as Twitter, Telegram, OSINT groups, Blogs, Data leak sites and more.

Elevation of Privilege (EoP)  vulnerability in the Desktop Window Manager (DWM) Core Library of Microsoft Windows.

PRE-NVD observed for this week
It refers to vulnerabilities discovered and potentially exploited before their official inclusion in the National Vulnerability Database. The LOVI Platform aggregates and distributes data from open sources and social media, currently tracking over 100 security alerts and planning to expand.
CVE-2024-30420
arrow pointing top right
Server-side request forgery
Affected Product
a-blog cms Versions earlier than Ver.3.1.12
CVE-2024-30658
arrow pointing top right
Denial-of-Service
Affected Product
ROS Melodic Morenia (ROS_VERSION=1 and ROS_PYTHON_VERSION=3)
CVE-2024-30419
arrow pointing top right
Stored cross-site scripting
Affected Product
a-blog cms Versions earlier than Ver.3.1.12
CVE-2024-30420
arrow pointing top right
Server-side request forgery
Affected Product
a-blog cms Versions earlier than Ver.3.1.12
CVE-2024-2046
arrow pointing top right
Arbitrary local file reading
Affected Product
Telegram Version 10.8.2
CVE-2024-28880
arrow pointing top right
Path Traversal
Affected Product
S-Mind LLC
Reference

Sign up to our Newsletter