Vulnerability Report: September 2024

RivanorthRivanorth
2 min read

Welcome to the monthly Vulnerability Report. In this report, we provide an overview of the most significant security vulnerabilities identified in the past month. Our focus is on vulnerabilities that are being actively exploited, which pose the biggest risk to you. Stay informed about the latest threats and take proactive steps to secure your systems against the latest attacks.

First things first, what is a CVE?

A CVE, or Common Vulnerabilities and Exposures, is a standardised identifier for known cybersecurity vulnerabilities. The purpose of CVEs is to provide a standardised method for identifying and cataloging security vulnerabilities, which helps organisations prioritise their vulnerability management efforts.

Why are CVEs important?

CVEs are publicly known vulnerabilities, some of them, like the ones listed below are currently being exploited, making sure you have the correct patches installed ensures your systems are safe from these attacks.

Actively Exploited

The following vulnerabilities are being actively exploited.

  1. CVE-2024-38856 - Apache OFBiz, Affected Version: through 18.12.14 - Severity Rating: 9.8 (Critical)

  2. CVE-2024-28986 - SolarWinds Web Help Desk - Severity Rating: 9.8 (Critical)

  3. CVE-2024-7965 - Google Chrome V8, Affected Version: prior to 128.0.6613.84 - Severity Rating: 8.8 (High)

  4. CVE-2024-7971 - Google Chrome V8, Affected Version: prior to 128.0.6613.84 - Severity Rating: 8.8 (High)

  5. CVE-2024-38189 - Microsoft Project - Severity Rating: 8.8 (High)

  6. CVE-2024-38193 - Windows Ancillary Function Driver for WinSock, Affected Feature: WinSock - Severity Rating: 7.8 (High)

  7. CVE-2024-38107 - Windows Power Dependency Coordinator, Affected Feature: Power Dependency Coordinator - Severity Rating: 7.8 (High)

  8. CVE-2024-38178 - Windows Scripting Engine, Affected Feature: Scripting Engine - Severity Rating: 7.5 (High)

  9. CVE-2024-39717 - Versa Director GUI, Affected Version: Only for users with Provider-Data-Centre-Admin or Provider-Data-Centre-System-Admin roles - Severity Rating: 7.2 (High)

  10. CVE-2024-38106 - Windows Kernel, Affected Feature: Kernel - Severity Rating: 7.0 (High)

  11. CVE-2024-38213 - Windows Mark of the Web Security, Affected Feature: Mark of the Web Security - Severity Rating: 6.5 (Medium)

What To Do

If you are currently running software listed above, make sure you install the latest version to stay secure.

As a leading cybersecurity company, we are on the forefront of security research, constantly monitoring for emerging threats. With best in class security expertise, we are able to help you secure your assets to the highest levels.

Visit rivanorth.com to find out more.

You build the future. We help you secure it.

0
Subscribe to my newsletter

Read articles from Rivanorth directly inside your inbox. Subscribe to the newsletter, and don't miss out.

SecurityCVE

Written by

Rivanorth
Rivanorth

State of the art Cybersecurity services, always a step ahead. You build the future. We help you secure it.