Test Blog - Cloud WAF

CVE-2024-42363 : ZENDESK SAMSON UP TO 3384 ROLEVERIFICATIONSCONTROLLER ROLE DESERIALIZATION

Description Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. The role parameter flows into the RoleConfigFile initializer and then into…

Common Vulnerabilities and Exposures

CVE-2024-7711 : GITHUB ENTERPRISE SERVER UP TO 3.11.13/3.12.7/3.13.2 AUTHORIZATION

Description An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside…

Common Vulnerabilities and Exposures

CVE-2024-38175 : MICROSOFT AZURE MANAGED INSTANCE FOR APACHE CASSANDRA ACCESS CONTROL

Description An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network. References…

Common Vulnerabilities and Exposures

CVE-2024-43406 : LF-EDGE EKUIPER UP TO 1.14.1 SQL INJECTION

Description LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit…

Common Vulnerabilities and Exposures

CVE-2024-43404 : NICPWNS MEGABOT UP TO 1.4.X /MATH EVAL EXPRESSION NEUTRALIZATION OF DIRECTIVES

Description MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote…

Common Vulnerabilities and Exposures

CVE-2024-42813 : TRENDNET TEW-752DRU 1.03B01 GENA.CGI SERVICE BUFFER OVERFLOW

Description In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers…