Customer portal
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 17 June 2024

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2024-3079

Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device.

https://nvd.nist.gov/vuln/detail/CVE-2024-3079

 


 

2. CVE-2024-3080

Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device.

https://nvd.nist.gov/vuln/detail/CVE-2024-3080

 


 

3. CVE-2024-3912

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device.

https://nvd.nist.gov/vuln/detail/CVE-2024-3912

 


 

4. CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

 


 

5. CVE-2024-26169

Windows Error Reporting Service Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-26169

 


 

6. CVE-2024-21893

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

https://nvd.nist.gov/vuln/detail/CVE-2024-21893

 


 

7. CVE-2023-4911

A buffer overflow was discovered in the GNU C Library’s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

https://nvd.nist.gov/vuln/detail/CVE-2023-4911

 


 

8. CVE-2023-7101

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

https://nvd.nist.gov/vuln/detail/CVE-2023-7101

 


 

9. CVE-2024-30103

Microsoft Outlook Remote Code Execution Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-30103

 


 

10. CVE-2024-29745

there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

https://nvd.nist.gov/vuln/detail/CVE-2024-29745

 


Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound