Gereon Huppertz

**Name of the Vulnerable Software and Affected Versions** Arista NG Firewall (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall with minimal user interaction required. The flaw exists within the processing of the `User-Agent` HTTP header due to the lack of proper validation of user-supplied data, leading to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Software (affected versions not specified) **Description** The issue involves specially constructed queries that cause cross-platform scripting, resulting in the leakage of administrator tokens. This allows for potential unauthorized access and exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.