all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ZDI-24-364: Arista NG Firewall ReportEntry SQL Injection Remote Code Execution Vulnerability

Add to bookmarks
April 9, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-27889.

arbitrary code arista attackers authentication code code execution cve cve-2024 cves cvss exploit firewall injection rating remote code remote code execution sql sql injection vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-419: (Pwn2Own) Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability 3 days, 15 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +18
ZDI-24-418: (Pwn2Own) Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability 3 days, 15 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +18
ZDI-24-417: Xiaomi Pro 13 isUrlMatchLevel Permissive List of Allowed Inputs Remote Code Execution Vulnerability 3 days, 15 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +16
ZDI-24-416: Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability 5 days, 15 hours ago | www.zerodayinitiative.com
arbitrary code attackers centreon code +12
ZDI-24-407: X.Org Server ProcRenderAddGlyphs Use-After-Free Local Privilege Escalation Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com
attacker attackers code cve +23
ZDI-24-406: Adobe After Effects AEP File Parsing Use-After-Free Remote Code Execution Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com
adobe adobe after effects aep after effects +18
ZDI-24-405: Lexmark CX331adwe IPP Server Authorization HTTP Header Heap-Based Buffer Overflow Remote Code Execution Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com
arbitrary code attackers authentication authorization +20
ZDI-24-415: (Pwn2Own) Oracle VirtualBox E1000 Uninitialized Memory Information Disclosure Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com
attacker attackers code cves +22
ZDI-24-414: (Pwn2Own) Oracle VirtualBox AHCI Controller Uninitialized Memory Information Disclosure Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com
attacker attackers code controller +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Security Officer

@ eSimplicity | Remote
View on infosec-jobs.com

Senior - Automated Cyber Attack Engineer

@ Deloitte | Madrid, España
View on infosec-jobs.com

Public Key Infrastructure (PKI) Senior Engineer

@ Sherwin-Williams | Cleveland, OH, United States
View on infosec-jobs.com

Consultant, Technology Consulting, Cyber Security - Privacy (Senior) (Multiple Positions) (1502793)

@ EY | Chicago, IL, US, 60606
View on infosec-jobs.com

Principal Associate, CSOC Analyst

@ Capital One | McLean, VA
View on infosec-jobs.com

Real Estate Portfolio & Corporate Security Lead

@ Lilium | Munich
View on infosec-jobs.com
View more jobs