Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending November, 2024
Subscribers favorite #1
Apache Airflow addresses CVE-2024-45784
Apache Airflow has been affected by a high severity vulnerability that could expose sensitive configuration data, potentially compromising system security. The vulnerability, tracked as CVE-2024-45784 with a CVSS score of 7.5, stems from the platform’s failure to mask sensitive configuration values in task logs by default.
Once exploited, sensitive information such as API keys, database credentials, or other critical secrets. If unauthorized users gain access to these logs, they could exploit this exposed data to compromise the entire Airflow deployment…….
Subscribers favorite #2
PSAUX Ransomware exploits CyberPanel Vulnerabilities
The PSAUX ransomware has seen exploiting CyberPanel vulnerabilities affects versions 2.3.6 and 2.3.7 and permits unauthenticated attackers to gain root access, enabling complete control over affected systems.
The vulnerabilities are tracked as CVE-2024-51567, CVE-2024-51568, and CVE-2024-51378, each with a CVSS v3.1 score of 10, to compromise servers and deploy PSAUX ransomware. These vulnerabilities, allows unauthenticated remote root access……
Subscribers favorite #3
NVIDIA affected by a Critical vulnerability CVE-2024-0138
NVIDIA has released a patch addressing a critical vulnerability in its Base Command Manager software, that could pose significant risks, including the potential for remote code execution, denial of service, privilege escalation, information disclosure, and data tampering.
This flaw, tracked as CVE-2024-0138 with a CVSS score of 9.8, located within the CMDaemon component, arises from a missing authentication mechanism (CWE-862) in the CMDaemon component……
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Subscribers favorite #4
GitLab fixes High severity vulnerability CVE-2024-9693
GitLab has released patches to address a high-severity vulnerability that could grant unauthorized access to Kubernetes clusters.
The most serious vulnerability tracked as CVE-2024-9693 with a CVSS score of 8.5, allows unauthorized access to the Kubernetes agent within a cluster under specific configurations……
Subscribers favorite #5
PoC Exploit for Microsoft bug CVE-2024-38054 released
Security researcher ‘Frost’ has released proof-of-concept exploit code for the high-severity vulnerability in the Kernel Streaming WOW Thunk Service Driver could enable local attackers to escalate privileges to SYSTEM level by exploiting a heap-based buffer overflow.
The vulnerability tracked as CVE-2024-38054, with a CVSS score of 7.8, stems from a boundary error within the Kernel Streaming WOW Thunk Service Driver, triggering a heap-based buffer overflow and can be exploited to escalate privileges, potentially giving the attacker SYSTEM-level access……
This brings end of this month in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
