Test Blog - Cloud WAF

CVE-2024-6445 : DATAFLOWX TECHNOLOGY DATADIODEX UP TO 3.4.X PATH TRAVERSAL

Description Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal. This issue affects DataDiodeX: before…

Common Vulnerabilities and Exposures

CVE-2024-34155 : GOOGLE GO UP TO 1.22.6/1.23.0 GO-PARSER PARSE RESOURCE CONSUMPTION

Description Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. References…

Common Vulnerabilities and Exposures

CVE-2024-40711 : VEEAM BACKUP & REPLICATION UP TO 12.1.2.172 REMOTE CODE EXECUTION

Description A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). References https://www.veeam.com/kb4649 For More Information CVERecord

Common Vulnerabilities and Exposures

CVE-2024-40865 : APPLE VISIONOS UP TO 1.2 VIRTUAL KEYBOARD PRIVILEGE ESCALATION

Description The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fixed in visionOS 1.3. Inputs to the virtual…

Common Vulnerabilities and Exposures

CVE-2024-8395 : FLYCASS COCKPIT ACCESS SECURITY SYSTEM/KNOWN CREWMEMBER SQL INJECTION

Description FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside attackers with no authentication. References…

Common Vulnerabilities and Exposures

CVE-2024-38486 : DELL SMARTFABRIC OS10 SOFTWARE UP TO 10.5.5.10/10.5.6.X COMMAND INJECTION

Description Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection')…