Test Blog - Cloud WAF

CVE-2024-45160 : LEMONLDAP::NG UP TO 2.19.1 OAUTH2 CLIENT AUTHENTICATION CLIENT_PASSWORD IMPROPER AUTHENTICATION

Description Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret).…

Common Vulnerabilities and Exposures

CVE-2024-45179 : ZA-INTERNET C-MOR VIDEO SURVEILLANCE 5.2401/6.00PL01 WEB INTERFACE SETTIMEZONE.PML CITY OS COMMAND INJECTION

Description An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to…

Common Vulnerabilities and Exposures

CVE-2024-9412 : ROCKWELL AUTOMATION VERVE ASSET MANAGER PRIOR 1.38 PLACEMENT OF USER INTO INCORRECT GROUP

Description An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all…

Common Vulnerabilities and Exposures

CVE-2024-27457 : INTEL TDX MODULE 1.5.01.00.592/1.5.05.46.698 UNUSUAL CONDITION

Description Improper check for unusual or exceptional conditions in Intel(R) TDX Module firmware before version 1.5.06 may allow a privileged user to potentially enable information…

Common Vulnerabilities and Exposures

CVE-2024-35215 : BLACKBERRY QNX SOFTWARE DEVELOPMENT PLATFORM 7.0/7.1 NULL POINTER DEREFERENCE

Description NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow…

Common Vulnerabilities and Exposures

CVE-2024-47773 : DISCOURSE UP TO 3.3.1/3.4.0.BETA1 DISCOURSE_DISABLE_ANON_CACHE EXTERNAL REFERENCE

Description Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response…