Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the weeks ending Saturday, October 5, 12, 2024.
GitHub fixes Critical Vulnerability CVE-2024-9487
GitHub has released security updates to address two vulnerabilities in GitHub Enterprise Server, one of which could allow attackers to bypass authentication and gain unauthorized access.
The critical vulnerability tracked as CVE-2024-9487, with a CVSS score of 9.5 resides in the platform’s SAML SSO authentication mechanism. An improper verification of cryptographic signature vulnerability was identified in GitHub…..
Solarwinds fixes Critical vulnerability CVE-2024-28988 in WHD Product
SolarWinds, has issued a patch for addressing a severe vulnerability in its Web Help Desk (WHD) platform. If exploited, could allow remote attackers to execute arbitrary commands on the host system.
The vulnerability, tracked as CVE-2024-28988, has a CVSS score of 9.8, stems from a Java Deserialization issue, which exposes the Web Help Desk software to remote code execution attacks. According to SolarWinds, this flaw could allow an unauthenticated attacker to run malicious commands on the system hosting the Web Help Desk, giving them near-unrestricted access……
Spring framework fixes a High severity vulnerability CVE-2024-38819
Spring Framework has been identified with a new path traversal vulnerability, poses a significant risk to applications serving static resources via WebMvc.fn or WebFlux.fn functional web frameworks.
The vulnerability tracked as CVE-2024-38819 with a CVSS score of 7.5, arises when static resources are served through the functional web frameworks of Spring, WebMvc.fn and WebFlux.fn. By crafting malicious HTTP requests, attackers can exploit this vulnerability to access files that are readable by the same process running the Spring application……
Apache Avro vulnerability CVE-2024-47561
Apache project releases patch for a vulnerability tracked as CVE-2024-47561, that impacts all versions of the software prior to 1.11.4.
Apache Avro is a data serialization framework developed as part of the Apache Hadoop project. It provides a compact, fast, and efficient way to serialize structured data, which makes it particularly useful for applications involving big data, streaming, or distributed systems……
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Kubernetes fixes Critical Vulnerability CVE-2024-9486
The Kubernetes Security Response Committee has disclosed two security vulnerabilities in the Kubernetes Image Builder that could allow attackers to gain root access to virtual machines. The vulnerabilities stem from the use of default credentials during the image build process.
The critical vulnerability, CVE-2024-9486, with a CVSS score of 9.8, specifically impacts images built with the Proxmox provider. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. This means attackers could exploit these credentials to gain complete control of the affected VMs…..
CISA added Veeam Backup CVE-2024-40711 to its KEV Catalog
The US CISA has added Veeam Backup flaw to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation.
Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution. Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
