Customer portal
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 01 April 2024

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0.
Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.

https://nvd.nist.gov/vuln/detail/CVE-2024-3094

 


 

2. CVE-2024-21338

Windows Kernel Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-21338

 


 

3. CVE-2021-41773

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration “require all denied”, these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.

https://nvd.nist.gov/vuln/detail/CVE-2021-41773

 


 

4. CVE-2023-36584

Windows Mark of the Web Security Feature Bypass Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-36584

 


 

5. CVE-2023-6549

Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service

https://nvd.nist.gov/vuln/detail/CVE-2023-6549

 


 

6. CVE-2024-26246

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-26246

 


 

7. CVE-2024-0519

Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2024-0519

 


 

8. CVE-2024-26163

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-26163

 


 

9. CVE-2024-26247

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-26247

 


 

10. CVE-2024-26167

Microsoft Edge for Android Spoofing Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-26167

 


Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound