Jan 11, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-48620 uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.

  • CVSS 9.8

New critical Troglobit Libeuv Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-21591 Juniper Junos RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Juniper Junos RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-23057 Totolink A3300r Firmware Command Injection

  • CVSS 9.8

New critical Totolink A3300r Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2016-20021 CVSS 9.8

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig fil...

CVE-2022-48620 CVSS 9.8

uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.

CVE-2023-51350 CVSS 9.8

A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted scri...

CVE-2024-21591 CVSS 9.8

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network...

CVE-2024-22199 CVSS 9.3

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface.

CVE-2024-23057 CVSS 9.8

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg...

CVE-2024-23058 CVSS 9.8

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr06...

CVE-2024-23059 CVSS 9.8

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the set...

CVE-2024-23060 CVSS 9.8

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg...

CVE-2024-23061 CVSS 9.8

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setSc...

View critical disclosures

cvelogic Threat Intelligence