CVE-2023-3866 ksmbd: validate session id and tree id in the compound request

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session id and tree id in compound request. If first operation in the compound is SMB2 ECHO request, ksmbd bypass session and tree validation. So...

[SECURITY] Fedora 41 Update: iputils-20250602-3.fc41

The iputils package contains basic utilities for monitoring a network, including ping. The ping command sends a series of ICMP protocol ECHOREQUEST packets to a specified network host to discover whether the target machine is alive and receiving network traffic...

CVE-2019-5304

Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset...

CVE-2019-6989

TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevate...

CVE-2011-2059

The ipv6 component in Cisco IOS before 15.14M1.3 allows remote attackers to conduct fingerprinting attacks and obtain potentially sensitive information about the presence of the IOS operating system via an ICMPv6 Echo Request packet containing a Hop-by-Hop HBH extension header EH with a 0x0c01050...

CVE-2010-4562

Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typ...

CVE-2009-1683

The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service device reset via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue."...

Azure Linux 3.0 Security Update: kernel (CVE-2010-4563)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2010-4563 advisory. - The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the networ...

Network Policy Bypass

github.com/cilium/cilium is vulnerable to Network Policy Bypass. The vulnerability is due to the inherent design of ICMP traffic handling in conjunction with specific network policy settings in Cilium, allows ICMP Echo Requests to bypass intended restrictions...

FreeBSD : FreeBSD -- pf incorrectly matches different ICMPv6 states in the state table (f140cff0-771a-11ef-9a62-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f140cff0-771a-11ef-9a62-002590c1f29c advisory. In ICMPv6 Neighbor Discovery ND, the ID is always 0. When pf is configured to allow ND and block incomi...

CBL Mariner 2.0 Security Update: kernel (CVE-2010-4563)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2010-4563 advisory. - The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the networ...

CVE-2024-6640

In ICMPv6 Neighbor Discovery ND, the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation NS can trigger an Echo Reply. The packet has to come from the same host as the NS and have a zero as identifier to...

CVE-2024-6640 pf incorrectly matches different ICMPv6 states in the state table

In ICMPv6 Neighbor Discovery ND, the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation NS can trigger an Echo Reply. The packet has to come from the same host as the NS and have a zero as identifier to...

PT-2024-37769 · Pf +1 · Pf +1

Name of the Vulnerable Software and Affected Versions: pf affected versions not specified Description: The issue concerns ICMPv6 Neighbor Discovery ND where the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor...

DEBIAN-CVE-2024-42108

In the Linux kernel, the following vulnerability has been resolved: net: rswitch: Avoid use-after-free in rswitchpoll The use-after-free is actually in rswitchtxfree, which is inlined in rswitchpoll. Since skb and gq-skbsgq-dirty are in fact the same pointer, the skb is first freed using...

CVE-2024-42108 net: rswitch: Avoid use-after-free in rswitch_poll()

In the Linux kernel, the following vulnerability has been resolved: net: rswitch: Avoid use-after-free in rswitchpoll The use-after-free is actually in rswitchtxfree, which is inlined in rswitchpoll. Since skb and gq-skbsgq-dirty are in fact the same pointer, the skb is first freed using...

Cisco NX-OS Software MPLS OAM Denial of Service (CVE-2021-1588)

A vulnerability in the MPLS Operation, Administration, and Maintenance OAM feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper input validation when an affected devi...

SUSE CVE-2010-4563

The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping...

SUSE CVE-2014-0100

Race condition in the inetfragintern function in net/ipv4/inetfragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service use-after-free error or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system wi...

SUSE CVE-2020-17443

An issue was discovered in picoTCP 1.7.0. The code for creating an ICMPv6 echo replies doesn't check whether the ICMPv6 echo request packet's size is shorter than 8 bytes. If the size of the incoming ICMPv6 request packet is shorter than this, the operation that calculates the size of the ICMPv6...