Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-12-20 CVE-2024-12829 OS Command Injection vulnerability in Arista NG Firewall 17.1.1
Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability.
network
low complexity
arista CWE-78
8.8
8.8
2024-12-20 CVE-2024-12830 Path Traversal vulnerability in Arista NG Firewall 17.1.1
Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability.
network
low complexity
arista CWE-22
7.3
7.3
2024-12-20 CVE-2024-12831 Incorrect Authorization vulnerability in Arista NG Firewall 17.1.1
Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability.
local
low complexity
arista CWE-863
7.8
7.8
2024-12-20 CVE-2024-12832 SQL Injection vulnerability in Arista NG Firewall 17.1.1
Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability.
network
low complexity
arista CWE-89
6.3
6.3
2024-12-20 CVE-2024-54538 Unspecified vulnerability in Apple products
A denial-of-service issue was addressed with improved input validation.
network
low complexity
apple
7.5
7.5
2024-12-19 CVE-2024-11157 Out-of-bounds Write vulnerability in Rockwellautomation Arena
A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file.
local
low complexity
rockwellautomation CWE-787
7.3
7.3
2024-12-19 CVE-2024-11364 Use of Uninitialized Resource vulnerability in Rockwellautomation Arena
Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized.
local
low complexity
rockwellautomation CWE-908
7.3
7.3
2024-12-19 CVE-2024-12175 Use After Free vulnerability in Rockwellautomation Arena
Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used.
local
low complexity
rockwellautomation CWE-416
7.8
7.8
2024-12-19 CVE-2024-12791 SQL Injection vulnerability in Codezips E-Commerce Site 1.0
A vulnerability was found in Codezips E-Commerce Site 1.0.
network
low complexity
codezips CWE-89
critical
 9.8
9.8
2024-12-19 CVE-2024-12792 SQL Injection vulnerability in Codezips E-Commerce Site 1.0
A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0.
network
low complexity
codezips CWE-89
critical
 9.8
9.8