Security News > 2024 > July > CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List
2024-07-24 05:56
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2012-4792 (CVSS score: 9.3) - Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 (CVSS score: 5.3) - Twilio Authy Information Disclosure
News URL
https://thehackernews.com/2024/07/cisa-adds-twilio-authy-and-ie-flaws-to.html
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-02 | CVE-2024-39891 | Information Exposure Through Discrepancy vulnerability in Twilio Authy and Authy Authenticator In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. | 5.3 |
| 2012-12-30 | CVE-2012-4792 | Resource Management Errors vulnerability in Microsoft Internet Explorer 6/7/8 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. | 0.0 |