EUVD-2024-37235

Malicious code in bioql PyPI...

EUVD-2024-49453

Malicious code in bioql PyPI...

EUVD-2023-38240

Malicious code in bioql PyPI...

EUVD-2023-38243

Malicious code in bioql PyPI...

EUVD-2024-49454

Malicious code in bioql PyPI...

CVE-2023-33011

A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.10 through 5.36 Patch 2, USG20W-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN...

CVE-2024-8881

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system OS commands on an affected device by...

CVE-2024-8882

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service DoS conditions via a crafted URL...

CVE-2024-8881

CVE-2024-8881 describes a post-authentication command-injection in the CGI component of Zyxel GS1900-48 switches. Affected firmware: V2.80(AAHN.1)C0 and earlier. Exploitation requires an authenticated attacker with administrator privileges on the LAN, who can send a crafted HTTP request to execut...

CVE-2024-38270

An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80AAZI.0C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid...

CVE-2024-38270

The CVE-2024-38270 entry concerns Zyxel GS1900-10HP firmware v2.80(AAZI.0)C0. The root cause is the improper use of a randomness function with low entropy to generate web authentication tokens. This enables a LAN-based attacker, under the condition that multiple authenticated sessions are active,...

CVE-2023-28768

Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80ABXN.1, XMG1930-30 firmware version V4.80ACAR.1, and XS1930-10 firmware version V4.80ABQE.1 could allow an unauthenticated LAN-based attacker to cause denial-of-service DoS conditions by sending crafted frames to an affected...

Zyxel USG < 5.37 / ATP < 5.37 / VPN < 5.37 Multiple Vulnerabilities

Firmware version of the Zyxel USG, ATP, VPN is less than 5.37. This Zyxel device firmware is affected by multiple vulnerabilities: - A command injection vulnerability in the Free Time WiFi hotspot feature of some firewall versions could allow an unauthenticated, LAN-based attacker to execute some...

CVE-2023-34141

A command injection vulnerability in the access point AP management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.00 through 5.36 Patch 2, USG20W-VPN series firmware...

CVE-2023-33012

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.10 through 5.36 Patch 2, USG20W-VPN series firmware versions 5.10...

Command injection

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.10 through 5.36 Patch 2, USG20W-VPN series firmware versions 5.10...

Format string

A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.10 through 5.36 Patch 2, USG20W-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN...

Command injection

A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affecte...

Buffer overflow

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50W series firmware versions 4.16 through 5.36 Patch 2, USG20W-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN...

Command injection

A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50W series firmware versions 4.60 through 5.36 Patch 2, USG20W-VPN series firmware version...