Customer portal
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 29 April 2024

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2024-29986

Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-29986

 


 

2. CVE-2024-29981

Microsoft Edge (Chromium-based) Spoofing Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-29981

 


 

3. CVE-2024-29991

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-29991

 


 

4. CVE-2024-29987

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-29987

 


 

5. CVE-2024-29049

Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-29049

 


 

6. CVE-2020-13699

TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: –play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.

https://nvd.nist.gov/vuln/detail/CVE-2020-13699

 


 

7. CVE-2024-21412

Internet Shortcut Files Security Feature Bypass Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-21412

 


 

8. CVE-2022-38028

Windows Print Spooler Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2022-38028

 


 

9. CVE-2024-0519

Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2024-0519

 


 

10. CVE-2023-1671

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.

https://nvd.nist.gov/vuln/detail/CVE-2023-1671

 


Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound