EUVD-2025-201467

nitro-tpm-pcr-compute may allow kernel command line modification by an account operator...

GHSA-XRV8-2PF5-F3Q7 nitro-tpm-pcr-compute may allow kernel command line modification by an account operator

Summary Adding default PCR12 validation to ensure that account operators can not modify kernel command line parameters, potentially bypassing root filesystem integrity validation. Attestable AMIs are based on the systemd Unified Kernel Image UKI concept which uses systemd-boot to create a single...

CVE-2023-22913

A post-authentication command injection vulnerability in the “accountoperator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data,...

The vulnerability of the account_operator.cgi file in the microprogramming software for ZyXEL USG FLEX and VPN devices allows a hacker to alter the device’s configuration data and trigger a service failure.

The vulnerability of the accountoperator.cgi file in the ZyXEL USG FLEX and VPN networking devices relates to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow a malicious actor to remotely alter the device’s...

Zyxel USG FLEX 命令注入漏洞

Zyxel USG FLEX is a firewall from China Hopkins Zyxel. Offering flexible VPN options IPsec, SSL or L2TP, it provides flexible and secure remote access for remote work and management. A security vulnerability exists in the Zyxel USG FLEX Series 4.50 to 5.35 firmware versions, and the VPN Series 4....