Welcome to TheCyberThrone. Cybersecurity week in review will be posted covering the important security happenings. This review is for the bi-weekly ending on Saturday, January 25, 2025.
CVE-2025-0411 impacts 7-Zip with Code Execution
CVE-2025-0411 is a security flaw identified in 7-Zip, a widely-used open-source file archiver. This vulnerability allows attackers to execute arbitrary code by bypassing the “Mark-of-the-Web” (MOTW) security feature in Windows, which is designed to help protect users from files downloaded from untrusted sources. The vulnerability was assigned a CVSS of 7.0…..
CVE-2024-5594 is a critical vulnerability identified in OpenVPN versions prior to 2.6.11. This vulnerability stems from improper sanitization of PUSH_REPLY messages, which allows attackers to inject unexpected arbitrary data into third-party executables or plugins. It poses a significant risk due to its potential to lead to arbitrary code execution….
Oracle has released a substantial Critical Patch Update for January 2025, addressing a total of 320 new security vulnerabilities across its wide-ranging product portfolio. This update spans over 90 products and services, including Oracle’s Communications Applications, Construction and Engineering Appliances, middleware, servers, and the E-Business Suite…..
Exploit Code released for Apache Traffic Control Flaw CVE-2024-45387
CVE-2024-45387 is a critical vulnerability identified in Apache Traffic Control, specifically affecting the Traffic Ops module in versions 8.0.0 to 8.0.1. The nature of this vulnerability is an SQL injection flaw, which allows an attacker to inject and execute arbitrary SQL commands against the backend database…
Exploit Code Released for Microsoft CVE-2024-38193
A critical use-after-free vulnerability, tracked as CVE-2024-38193 with a CVSS score of 7.8, has been discovered in the afd.sys Windows driver that allows attackers to escalate privileges and execute arbitrary code. This vulnerability has been fixed during the August 2024 patch on Tuesday….
CVE-2024-49415 : Samsung Android devices Impacted
CVE-2024-49415 is a critical vulnerability found in Samsung devices running Android versions 12, 13, and 14. This vulnerability was discovered by researchers from Google Project Zero, a team dedicated to identifying and reporting zero-day vulnerabilities. The issue resides in the libsaped.so library and allows remote attackers to execute arbitrary code on affected devices…..
This brings the end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us, please follow us on Facebook, Twitter, Instagram
😮 I have 7-zip! Guess no longer…