TheCyberThrone Security Weekly Review – January 11, 2025
Posted inSecurity NewsLetter

TheCyberThrone Security Weekly Review – January 11, 2025

1

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, January 11, 2025.

Redis was affected by CVE-2024-51741 and CVE-2024-46981

CVE-2024-51741

Description:
This vulnerability affects Redis, an open-source in-memory data structure store used as a database, cache, and message broker. The issue arises when an authenticated user with sufficient privileges creates a malformed Access Control List (ACL) selector. When this malformed selector is accessed, it causes the Redis server to panic and crash, leading to a denial of service (DoS).

CVE-2024-46981

Description:
This vulnerability also affects Redis. It involves the misuse of the Lua scripting functionality within Redis. An authenticated user can craft a specific Lua script that manipulates the garbage collector in a way that could lead to remote code execution (RCE). This allows an attacker to execute arbitrary code on the server, potentially leading to full system compromise…..

Advertisements

CVE-2024-12108: Progress WhatsUp Gold Vulnerability

CVE-2024-12108 with a CVSS score of 9.6 is a critical security vulnerability affecting WhatsUp Gold, a network monitoring software developed by Progress Software Corporation.

Affected Versions

  • The vulnerability affects all versions of WhatsUp Gold released before version 2024.0.2…..

CVE-2024-43405 Vulnerability in Nuclei

CVE-2024-43405 is a high severity vulnerability identified in Nuclei, a widely used open-source vulnerability scanner. This vulnerability, affecting versions 3.0.0 to 3.3.1, allows attackers to bypass the template signature verification system, potentially leading to the execution of malicious code. This detailed analysis will provide a comprehensive understanding of the vulnerability, its impact, and mitigation measures…..

Exploit Code Released for Microsoft CVE-2024-38193

A critical use-after-free vulnerability, tracked as CVE-2024-38193 with a CVSS score of 7.8, has been discovered in the afd.sys Windows driver that allows attackers to escalate privileges and execute arbitrary code. This vulnerability has been fixed during the August 2024 patch on Tuesday.

Security researchers from Gen Digita discovered and reported the vulnerability to Microsoft, stated that this flaw allows attackers to bypass normal security restrictions and access sensitive system areas that are typically inaccessible to most users and administrator This attack is both complex and cunning, potentially worth hundreds of thousands of dollars on the black market…..

Advertisements

CVE-2024-10957: UpdraftPlus WordPress Plugin Vulnerability

CVE-2024-10957 is a high-severity vulnerability affecting the UpdraftPlus: WP Backup & Migration Plugin for WordPress. This vulnerability, present in versions up to and including 1.24.11, enables attackers to perform PHP Object Injection through the deserialization of untrusted input in the recursive_unserialized_replace function. Here’s a comprehensive analysis of this vulnerability, its potential impact, and mitigation strategies…..

This brings the end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us, please follow us on FacebookTwitterInstagram

Tags:

1 Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.