Test Blog - Cloud WAF

CVE-2024-6121 : NI SYSTEMLINK SERVER/FLEXLOGGER REDIS VULNERABLE THIRD-PARTY COMPONENT

Description An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects NI SystemLink Server 2024 Q1…

Common Vulnerabilities and Exposures

CVE-2024-40634 : ARGOPROJ ARGO-CD UP TO 2.9.19/2.10.14/2.11.5 /API/WEBHOOK RESOURCE CONSUMPTION

Description Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo CD, where an unauthenticated attacker…

Common Vulnerabilities and Exposures

CVE-2024-39685 : FISHAUDIO BERT-VITS2 UP TO 2.3 RESAMPLE DATA_DIR OS COMMAND INJECTION

Description Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd,…

Common Vulnerabilities and Exposures

CVE-2024-37998 : SIEMENS CPCI85 CENTRAL PROCESSING UNVERIFIED PASSWORD CHANGE

Description A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative…

Common Vulnerabilities and Exposures

CVE-2024-38437 : D-LINK DSL-225 BZ_1.00.16 AUTHENTICATION BYPASS

Description D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel. References https://www.gov.il/en/Departments/faq/cve_advisories For More Information CVERecord

Common Vulnerabilities and Exposures

CVE-2024-5618 : PRUVASOFT INFORMATICS APINIZER MANAGEMENT CONSOLE PRIOR 2024.05.1 PERMISSION ASSIGNMENT

Description Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects…