https://cve.circl.lu/bundles/feed.atom 2025-02-22T14:09:54.289567+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent bundles. https://cve.circl.lu/bundle/c854b418-a4e1-4135-958a-a523843c27f0 2025-02-22T14:09:54.301958+00:00 Jean-Louis Huynen http://cvepremium.circl.lu/user/gally Zyxel has released patches addressing multiple vulnerabilities in some firewall versions. Users are advised to install the patches for optimal protection. | Firewall series | CVE-2024-6343 | CVE-2024-7203 | CVE-2024-42057 | CVE-2024-42058 | CVE-2024-42059 | CVE-2024-42060 | CVE-2024-42061 | Patch availability | |-----------------------------------|-----------------------|-----------------------|------------------------|------------------------|------------------------|------------------------|------------------------|---------------------| | ATP | ZLD V4.32 to V5.38 | ZLD V4.60 to V5.38 | ZLD V4.32 to V5.38 | ZLD V4.32 to V5.38 | ZLD V5.00 to V5.38 | ZLD V4.32 to V5.38 | ZLD V4.32 to V5.38 | ZLD V5.39 | | USG FLEX | ZLD V4.50 to V5.38 | ZLD V4.60 to V5.38 | ZLD V4.50 to V5.38 | ZLD V4.50 to V5.38 | ZLD V5.00 to V5.38 | ZLD V4.50 to V5.38 | ZLD V4.50 to V5.38 | ZLD V5.39 | | USG FLEX 50(W)/USG20(W)-VPN | ZLD V4.16 to V5.38 | Not affected | ZLD V4.16 to V5.38 | ZLD V4.20 to V5.38 | ZLD V5.00 to V5.38 | ZLD V4.16 to V5.38 | ZLD V4.16 to V5.38 | ZLD V5.39 | 2024-09-05T08:38:26.837494+00:00 https://cve.circl.lu/bundle/e49e5ff3-cc60-4b0f-b772-473ad67c3c8c 2025-02-22T14:09:54.301725+00:00 Jean-Louis Huynen http://cvepremium.circl.lu/user/gally Two critical vulnerabilities in Cisco's Smart Licensing Utility allow remote, unauthenticated attackers to gain privileges or access sensitive data. Vulnerabilities: * CVE-2024-20439 (CVSS: 9.8): An undocumented static admin account can be exploited to access affected systems. * CVE-2024-20440 (CVSS: 7.5): An overly verbose debug log can be exploited via a crafted HTTP request, exposing API credentials. ⚠️ These issues are only exploitable if the licensing utility is actively running. Cisco strongly advises updating systems to mitigate these threats. 2024-09-05T15:32:24.185197+00:00 https://cve.circl.lu/bundle/0f4cd48e-b3f2-4cb5-81ea-77ddf45a56e0 2025-02-22T14:09:54.298558+00:00 Jean-Louis Huynen http://cvepremium.circl.lu/user/gally CVE-2024-20353 is a denial-of-service attack that allows a remote, unauthenticated attacker to cause the device to reload unexpectedly, resulting in a denial-of-service condition. CVE-2024-20358 is a command injection attack that allows a local, authenticated attacker with Administrator level privileges to run arbitrary commands as root on the underlying device operating system. CVE-2024-20359 is similar and is an arbitrary code execution attack that allows a local, authenticated attacker with Administrator level privileges to execute arbitrary code as root on the underlying device operating system. 2024-12-20T07:12:35.208963+00:00