#input-validation
#input-validation

[ follow ]

Zero Day Initiative - CVE-2025-6978: Arbitrary Code Execution in the Arista NG Firewall

Arista NG Firewall's runTroubleshooting() fails to properly validate inputs, enabling command injection by passing unsanitized environment variables to network-troubleshooting.sh.

Information security

fromDroids On Roids

1 week ago

When ZeroWidth Isn't Zero: How I Found and Fixed a Vulnerability | Blog

Unicode Variation Selectors can inflate UTF-16 storage size while still passing perceived-length checks, enabling payload injection, performance issues, and possible database crashes.

Information security

fromSecurityWeek

4 months ago

ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities

Multiple high-severity input-validation vulnerabilities in Ivanti Endpoint Manager allow authenticated attackers to achieve remote code execution or local privilege escalation.

[ Load more ]

#input-validation#input-validation

Zero Day Initiative - CVE-2025-6978: Arbitrary Code Execution in the Arista NG Firewall

When ZeroWidth Isn't Zero: How I Found and Fixed a Vulnerability | Blog

ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities

#input-validation
#input-validation