Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, June 08, 2024
Apache Wicket Fixes Critical Vulnerability CVE-2024-36522
The Apache Wicket Project Management Committee (PMC) has released security to address a critical remote code execution vulnerability, stemmed from a potential XSLT injection attack, enabling malicious actors to execute arbitrary code on affected systems.
The vulnerability, tracked as CVE-2024-36522, could have allowed attackers to gain control over vulnerable web applications and potentially compromise sensitive data. By injecting malicious XSLT code, attackers could exploit the framework’s functionality to execute harmful commands on the server-side……
Zyxel fixes Critical vulnerabilities in its NAS Devices
Zyxel has released critical security patches for vulnerabilities in two of its Network Attached Storage (NAS) devices, NAS326 and NAS542 that could allow attackers to execute code remotely and compromise system security.
- CVE-2024-29972, CVE-2024-29973 (the CVSS score of both vulnerabilities are 9.8):Command injection vulnerabilities allowing unauthenticated attackers to execute OS commands on the devices.
- CVE-2024-29974 (the CVSS score is 9.8): Remote code execution vulnerability enabling attackers to run arbitrary code on the devices.
- CVE-2024-29975 (the CVSS score is 6.7): Improper privilege management flaw allowing local attackers to gain root privileges.
- CVE-2024-29976 (the CVSS score is 6.5): Improper privilege management issue leading to information leakage……..
Apache OFBiz Patches CVE-2024-36104
The Apache Software Foundation has issued a critical security patch to address a vulnerability in Apache OFBiz, that could allow remote attackers to execute arbitrary code on affected systems, potentially leading to full system compromise.
The vulnerability tracked as CVE-2024-36104 is a path traversal vulnerability that allows attackers to access restricted directories and files on an OFBiz server. By manipulating file paths, malicious actors can execute commands, upload malicious files, or steal sensitive data…..
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Critical RCE Flaw in PHP Patch it – CVE-2024-4577
A critical remote code execution vulnerability in the PHP programming language by the researchers from the firm DEVCORE, the vulnerability could potentially allow unauthenticated attackers to take full control of affected PHP servers.
The vulnerability tracked as CVE-2024-4577 and the issue lies in the oversight of the Best-Fit feature of encoding conversion within the Windows operating system during PHP implementation. This oversight allows attackers to bypass protections implemented for a previous vulnerability, CVE-2012-1823, through specific character sequences. As a result, arbitrary code can be executed on remote PHP servers via an argument injection attack, enabling unauthorized access and control…..
SolarWinds Patches Several Vulnerabilities June 2024
SolarWinds patches several high-severity vulnerabilities in Serv-U and the SolarWinds Platform. The vulnerabilities affect Platform 2024.1 SR 1 and previous versions.
The first vulnerability tracked as CVE-2024-28996 with a CVSS score of 7.5 is a read-only subset of SQL, SWQL, which allows users to query the database for network information.SolarWinds rolled out a hotfix for CVE-2024-28995, a high-severity directory transversal vulnerability in Serv-U that could allow attackers to read sensitive files on the host machine….
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
