CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12830 – Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-12830
Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. • https://www.zerodayinitiative.com/advisories/ZDI-24-1718 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12832 – Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-12832
An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the www-data user. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the www-data user. • https://www.zerodayinitiative.com/advisories/ZDI-24-1719 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12695
https://notcve.org/view.php?id=CVE-2024-12695
Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. • https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html https://issues.chromium.org/issues/383647255 • CWE-787: Out-of-bounds Write •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12693
https://notcve.org/view.php?id=CVE-2024-12693
Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. • https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html https://issues.chromium.org/issues/382190919 •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56145 – RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms
https://notcve.org/view.php?id=CVE-2024-56145
For these users an unspecified remote code execution vector is present. ... For these users an unspecified remote code execution vector is present. • https://github.com/craftcms/cms/commit/82e893fb794d30563da296bca31379c0df0079b3 https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9 • CWE-94: Improper Control of Generation of Code ('Code Injection') •