Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, July 27, 2024.
Google Chrome 127 Released
Google has rolled out the latest version of its Chrome browser, Chrome 127. This release brings a host of improvements, prominently featuring 24 security-related fixes. Available for Windows, macOS, and Linux, the new update promises enhanced functionality and addresses several critical issues….
High severity vulnerabilities addressed are:
- CVE-2024-6988: A “use after free” vulnerability in the browser’s Downloads component.
- CVE-2024-6989: Another “use after free” vulnerability, this time in the Loader component.
- CVE-2024-6991: A third “use after free” vulnerability, affecting the Dawn component.
- CVE-2024-6992: An out-of-bounds memory access issue in the ANGLE graphics library.
- CVE-2024-6993: An inappropriate implementation vulnerability in the Canvas component.
Oracle Fixes Critical Weblogic Server Vulnerability -CVE-2024-21181
Oracle has released patch for a critical vulnerability WebLogic Server product, that could lead to a complete takeover of the server. is easily exploitable and does not require any authentication, making it an attractive target for attackers.
The vulnerability tracked as CVE-2-24-21181 with a CVSS score of 9.8, allows attackers with network access to compromise the Oracle WebLogic Server via T3 and IIOP protocols. Successful exploitation could grant them full control over the server, potentially exposing sensitive data, disrupting operations, or even using the compromised server as a launching pad for further attacks……
Progress fixes Critical Vulnerability in Telerik -CVE-2024-6327
Progress Software’s has fixed two vulnerabilities in Telerik Reporting tools that could lead to full system compromise and allow attackers to remotely execute code or inject malicious objects into affected systems.
The first vulnerability tracked as CVE-2024-6327 with a CVSSv3.1 base score of 9.9, resides in Telerik Report Server, a popular solution for managing business reports. An attacker could exploit this flaw by sending specially crafted data to the server, triggering the deserialization of untrusted input. Successful exploitation could give the attacker the same level of control over the server as the application itself……
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Docker fixes Critical Vulnerability -CVE-2024-41110
Docker has released an urgent security advisory that has fixes for a critical vulnerability in certain versions of Docker Engine that allows attackers to bypass authorization plugins.
The vulnerability, tracked as CVE-2024-41110 with a CVSS score of 10, was initially detected and fixed in 2018, but a January 2019 patch was not carried forward to later major versions, resulting in a regression……
SIEMENS Fixes Several Vulnerabilities in SICAM Products
Siemens has released critical security advisory for its SICAM products vulnerabilities that could lead to unauthorized access and data leaks. The affected products include the SICAM A8000 RTUs, SICAM EGS, and the SICAM 8 Power automation platform.
The first vulnerability, tracked as CVE-2024-37998 with a CVSS score of 9.3 allows attackers to reset administrative passwords without knowing the current one, potentially granting them full control over the affected devices……
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
