Test Blog - Cloud WAF

CVE-2024-42815 : TP-LINK RE365 V1_180213 / USR/BIN/HTTPD USER_AGENT BUFFER OVERFLOW

Description In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd.…

Common Vulnerabilities and Exposures

CVE-2024-7592 : PYTHON SOFTWARE CPYTHON UP TO 3.13.0 HTTP.COOKIES COOKIE RESOURCE CONSUMPTION

Description There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in…

Common Vulnerabilities and Exposures

CVE-2024-43400 : XWIKI-PLATFORM UP TO 14.10.20/15.5.4/15.10.5 URL NEUTRALIZATION OF DIRECTIVES

Description XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without…

Common Vulnerabilities and Exposures

CVE-2024-42633 : LINKSYS E1500 1.0.06.001 DO_UPGRADE_POST OS COMMAND INJECTION

Description A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. As a result, an authenticated attacker can…

Common Vulnerabilities and Exposures

CVE-2024-43399 : MOBSF MOBILE-SECURITY-FRAMEWORK-MOBSF UP TO 4.0.6 A EXTENSION FILE PATH TRAVERSAL

Description Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is…

Common Vulnerabilities and Exposures

CVE-2024-43379 : TRUFFLESECURITY TRUFFLEHOG UP TO 3.81.8 ENDPOINT SERVER-SIDE REQUEST FORGERY

Description TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerability allows a malicious actor to craft data in a way that, when scanned…