Test Blog - Cloud WAF

CVE-2024-36011 : LINUX KERNEL UP TO 6.6.30/6.8.9 BLUETOOTH HCI_LE_BIG_SYNC_ESTABLISHED_EVT NULL POINTER DEREFERENCE

Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hci_le_big_sync_established_evt(). References https://git.kernel.org/stable/c/1f7ebb69c1d65732bcac2fda9d15421f76f01e81 https://git.kernel.org/stable/c/9f3be61f55d4eedc20eedc56c0f04a5ce2b4a55a https://git.kernel.org/stable/c/d2706004a1b8b526592e823d7e52551b518a7941…

Common Vulnerabilities and Exposures

CVE-2024-21683 : ATLASSIAN CONFLUENCE DATA CENTER UP TO 8.9.0 PRIVILEGE ESCALATION

Description This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution)…

Common Vulnerabilities and Exposures

CVE-2024-3927 : ELEMENT PACK ELEMENTOR ADDONS PLUGIN UP TO 5.6.3 ON WORDPRESS ACCESS CONTROL

Description The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin…

Common Vulnerabilities and Exposures

CVE-2024-36053 : LINUXMINT MINTUPLOAD UP TO 4.2.0 SERVICE OS COMMAND INJECTION

Description In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in check_connection, drop_data_received_cb, and Service.remove. A…

Common Vulnerabilities and Exposures

CVE-2024-36080 : WESTERMO EDW-100 DEVICES UP TO 2024-05-03 HARD-CODED PASSWORD

Description Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet…

Learning Web Application Firewall

What is Cross-Site Request Forgery (CSRF)?

Cross-Site Request Forgery (CSRF) is an attack method that tricks users into performing an unwanted action on a website they are authenticated to. For example,…