Test Blog - Cloud WAF

CVE-2024-39069 : IFOOD ORDER MANAGER 3.35.5 GESTOR DE PEDDIOS.EXE UNCONTROLLED SEARCH PATH

Description An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows attackers to execute arbitrary code via a DLL hijacking attack. References https://youtu.be/oMIobV2M0T8 https://github.com/AungSoePaing/CVE-2024-39069…

Common Vulnerabilities and Exposures

CVE-2024-38301 : DELL ALIENWARE COMMAND CENTER UP TO 5.7.3.0 UNKNOWN VULNERABILITY

Description Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading…

Common Vulnerabilities and Exposures

CVE-2024-21522 : AUDIFY OPUSDECODER.DECODE/OPUSDECODER.DECODEFLOAT ARRAY INDEX

Description All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new…

Common Vulnerabilities and Exposures

CVE-2024-21524 : NODE-STRINGBUILDER TOBUFFER/TOSTRING/CHARAT OUT-OF-BOUNDS

Description All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on…

Common Vulnerabilities and Exposures

CVE-2024-21521 : DISCORDJS OPUS TOSTRING RESOURCE CONSUMPTION

Description All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object with a property toString to…

Common Vulnerabilities and Exposures

CVE-2024-35154 : IBM WEBSPHERE APPLICATION SERVER 8.5/9.0 UNNECESSARY PRIVILEGES

Description IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary…