9 matches found
EUVD-2025-42057
Malicious code in rina-ragi5-sumpek npm...
VulnCheck KEV: CVE-2024-42057
A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from...
Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers
Zyxel has released software updates to address a critical security flaw impacting certain access point AP and security router versions that could result in the execution of unauthorized commands. Tracked as CVE-2024-7261 CVSS score: 9.8, the vulnerability has been described as a case of operating...
CVE-2024-42057
creationtimestamp| type| source ---|---|--- 2024-09-03 04:55:48+00:00| seen| https://t.me/cvedetector/4663 2024-09-04 12:00:00+00:00| seen| https://t.me/truesecator/6165 2024-09-05 08:37:49+00:00| seen| https://vulnerability.circl.lu/bundle/c854b418-a4e1-4135-958a-a523843c27f0 2024-11-19...
CVE-2024-42057
CVE-2024-42057 affects Zyxel Zyxel ATP and USG FLEX/USG FLEX 50(W)/USG20(W)-VPN firmware from V4.16–V5.38 (and V4.32–V5.38 for ATP/USG), with an unauthenticated OS command injection via a crafted username. The root cause is in the IPSec VPN feature; successful exploitation requires User-Based-PSK...
CVE-2021-42057
creationtimestamp| type| source ---|---|--- 2021-11-04 23:25:42+00:00| seen| https://t.me/cibsecurity/31860...
CVE-2021-42057
Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases...
CVE-2021-42057
Summary (CVE-2021-42057) Obsidian Dataview (plugin) up to 0.4.12-hotfix1 is vulnerable due to the evalInContext function executing user input, enabling an attacker to craft malicious Markdown files that will execute arbitrary code when opened. The issue is mitigated for some use cases by 0.4.13. ...
Web Server Allows Password Auto-Completion (PCI-DSS variant) (deprecated)
This plugin has been deprecated because the corresponding failure item in the ASV Program Guide no longer pertains, as of the May 2013 release. Plugin ID 42057 should be used instead. %NASLMINLEVEL 999999 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2016/06/13. Confirmed not required...