Test Blog - Cloud WAF

CVE-2024-2973 : JUNIPER NETWORKS SESSION SMART ROUTER AUTHENTICATION BYPASS

Description An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows…

Common Vulnerabilities and Exposures

CVE-2024-36755 : D-LINK DIR-1950 UP TO 1.11B03 SSL CERTIFICATE VALIDATION

Description D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to…

Common Vulnerabilities and Exposures

CVE-2024-36075 : NETWRIX COSOSYS ENDPOINT PROTECTOR/COSOSYS UNIFY APPLICATION CONFIGURATION IMPROPER AUTHENTICATION

Description Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the application configuration component of the…

Common Vulnerabilities and Exposures

CVE-2024-5642 : PYTHON SOFTWARE CPYTHON UP TO 3.9.X SSLCONTEXT.SET_NPN_PROTOCOLS BUFFER OVERFLOW

Description CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This…

Learning Web Application Firewall

What Is Identity And Access Management (IAM)?

Identity and Access Management (IAM or IdAM) is a set of policies, procedures, and technologies that enable organizations to manage digital identity and manage user…

Common Vulnerabilities and Exposures

CVE-2024-37140 : DELL POWERPROTECT DD PRIOR 8.0 OS COMMAND INJECTION

Description Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A…