This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.
There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.
We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.
If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!
1. CVE-2024-29986
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2024-29986
2. CVE-2024-29981
Microsoft Edge (Chromium-based) Spoofing Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2024-29981
3. CVE-2024-29991
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2024-29991
4. CVE-2024-29987
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2024-29987
5. CVE-2024-29049
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2024-29049
6. CVE-2020-13699
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: –play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
https://nvd.nist.gov/vuln/detail/CVE-2020-13699
7. CVE-2024-21412
Internet Shortcut Files Security Feature Bypass Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2024-21412
8. CVE-2022-38028
Windows Print Spooler Elevation of Privilege Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2022-38028
9. CVE-2024-0519
Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
https://nvd.nist.gov/vuln/detail/CVE-2024-0519
10. CVE-2023-1671
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
https://nvd.nist.gov/vuln/detail/CVE-2023-1671