/
/
Weekly Threat & Vulnerabilities Report

Weekly Threat & Vulnerabilities Report

Report
July 12, 2024
CVE-2024-38080
arrow pointing top right
Privilege Escalation
CISA-KEV
OSS
Zero Day
High
Affected Product
Windows Hyper-V
CVSS Score
7.8
EPSS Score
0.00051
CVE-2024-23692
arrow pointing top right
Template Injection
CISA-KEV
OSS
Zero Day
Critical
Affected Product
Rejetto HTTP File Server
CVSS Score
9.8
EPSS Score
0.95432
CVE-2024-38112
arrow pointing top right
Spoofing vulnerability
CISA-KEV
OSS
Zero Day
High
Affected Product
Microsoft Windows MSHTML Platform
CVSS Score
8.1
EPSS Score
0.01649
CVE-2024-29510
arrow pointing top right
Format String vulnerability
CISA-KEV
OSS
Zero Day
Medium
Affected Product
Artifex Ghostscript
Exploited-in-Wild
CVSS Score
6.3
EPSS Score
0.00129
CVE-2024-5441
arrow pointing top right
Arbitrary File Upload
CISA-KEV
OSS
Zero Day
High
Affected Product
Modern Events Calendar plugin
CVSS Score
8.8
EPSS Score
0.0005
Exploit Activity and Mass Scanning Observed on Cytellite Sensors
Telemetry collected from Loginsoft sensors were analyzed and processed to derive insights on what is actively being exploited and actively being scanned.  As source of truth, source IPv4 addresses & payloads can be provided on need-to-know basis.
CVE-2023-49103
arrow pointing top right
CISA-KEV
Critical

Information DisclosureVulnerability in ownCloud graphapi.

Affected Products
ownCloud graphapi
Exploited-in-Wild
CVE-2023-22527
arrow pointing top right
CISA-KEV
Critical

Template injection vulnerability in Out-of-DateVersions of Confluence Data Center and Server leads to remote code execution

Affected Products
Confluence Data Center and Server
CVE-2023-38646
arrow pointing top right
CISA-KEV
Critical

Remote code execution vulnerability in Metabaseopen source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1.

Affected Products
Metabase open source/Enterprise
CVE-2023-33010
arrow pointing top right
CISA-KEV
Critical

Buffer overflow vulnerability in the ID processingfunction in Zyxel ATP series firmware versions leads to denial of service orremote code execution on affected device

Affected Products
Zyxel ATP series firmware
Exploited-in-Wild
CVE-2023-26801
arrow pointing top right
CISA-KEV
Critical

Command injection vulnerability in LB-LINK devices.

Affected Products
LB-LINK
Exploited-in-Wild
CVE-2023-1389
arrow pointing top right
CISA-KEV
High

Command Injection Vulnerability in TP-Link ArcherAX-21.

Affected Products
TP-Link Archer AX-21
Exploited-in-Wild
CVE-2022-41040
arrow pointing top right
CISA-KEV
High

Server-Side Request Forgery Vulnerability inMicrosoft Exchange Server

Affected Products
Microsoft Exchange Server
Exploited-in-Wild
CVE-2022-34045
arrow pointing top right
CISA-KEV
Critical

Hardcoded encryption/decryption key vulnerabilityin Wavlink

Affected Products
Wavlink Devices
Exploited-in-Wild

False

CVE-2022-30489
arrow pointing top right
CISA-KEV
Medium

cross-site scripting vulnerability in WavlinkDevices

Affected Products
Wavlink Devices
Exploited-in-Wild

False

CVE-2022-30023
arrow pointing top right
CISA-KEV
High

Command injection vulnerability via the Pingfunction in Tenda Products

Affected Products
Tenda Devices
Exploited-in-Wild

False

Vulnerabilities abused by Botnet
Identified vulnerabilities exploited by Botnets, including recent CVEs logged in Malware Information Sharing Platform (MISP). Presenting the top 5 CVEs with payloads suggestive of Botnet activities, like utilizing wget with IP addresses.

An unauthenticated command injection vulnerabilityfound in the TP-Link Archer AX21 WiFi router.

Command injection vulnerability in LB-LINKBL-AC1900_2.0 1.0.1, BL-WR9000 2.4.9, BL-X26 1.2.5 and BL-LTE300 1.0.8

Path traversal vulnerability in Apache HTTP Server

Affected Product
Apache HTTP Server
Abused by Botnet

Remote code execution vulnerability in Huawei HG532router

Affected Product
Huawei HG532
Abused by Botnet

Arbitrary PHP code execution vulnerability inUtil/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3

Vulnerabilities Abused by Malware
We proactively monitor the vulnerabilities which are targeted by adversaries. Each vulnerability is humanly studied and mapped with Mitre ATT&CK tactics and techniques. Source of information is derived from our vulnerability intelligence platform collected and curated information from various sources such as Twitter, Telegram, OSINT groups, Blogs, Data leak sites and more.

Security Feature Bypass vulnerability in MicrosoftInternet Shortcut Files

Missing authentication vulnerability in VeeamBackup & Replication component

PRE-NVD observed for this week
It refers to vulnerabilities discovered and potentially exploited before their official inclusion in the National Vulnerability Database. The LOVI Platform aggregates and distributes data from open sources and social media, currently tracking over 100 security alerts and planning to expand.
CVE-2024-23967
arrow pointing top right
Stack-based Buffer Overflow
Affected Product
Autel MaxiCharger AC Elite Business C50
CVE-2024-23960
arrow pointing top right
Improper Verification of Cryptographic Signature
Affected Product
Alpine Halo9
Reference
CVE-2024-23963
arrow pointing top right
Stack-based Buffer Overflow
Affected Product
Alpine Halo9
Reference
CVE-2024-5719
arrow pointing top right
Remote Code Execution
Affected Product
Logsign Unified SecOps Platform
CVE-2023-39180
arrow pointing top right
Denial-of-Service
Affected Product
Linux kernel
Reference
CVE-2023-39176
arrow pointing top right
Out-Of-Bounds Read
Affected Product
Linux kernel
Reference

Subscribe to our Newsletter

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.