CVE-2024-6640

CVE-2024-6640 concerns FreeBSD pf: In ICMPv6 Neighbor Discovery, the ND state ID is always 0. When pf is configured to allow ND but block incoming Echo Requests, a crafted Echo Request after a Neighbor Solicitation from the same host with identifier 0 can trigger an Echo Reply, causing ICMPv6 pac...

CVE-2024-6640 pf incorrectly matches different ICMPv6 states in the state table

In ICMPv6 Neighbor Discovery ND, the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation NS can trigger an Echo Reply. The packet has to come from the same host as the NS and have a zero as identifier to...

CVE-2024-6640 pf incorrectly matches different ICMPv6 states in the state table

In ICMPv6 Neighbor Discovery ND, the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation NS can trigger an Echo Reply. The packet has to come from the same host as the NS and have a zero as identifier to...

PT-2024-37769 · Pf +1 · Pf +1

Name of the Vulnerable Software and Affected Versions: pf affected versions not specified Description: The issue concerns ICMPv6 Neighbor Discovery ND where the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor...

POC

Apache ActiveMQ远程命令执行漏洞 影响版本: 5.18.0 beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:spring="http://camel.apache.org/schema/spring" xmlns:context="http://www.springframework.org/schema/context"...

DEBIAN-CVE-2024-42108

In the Linux kernel, the following vulnerability has been resolved: net: rswitch: Avoid use-after-free in rswitchpoll The use-after-free is actually in rswitchtxfree, which is inlined in rswitchpoll. Since skb and gq-skbsgq-dirty are in fact the same pointer, the skb is first freed using...

CVE-2024-42108 net: rswitch: Avoid use-after-free in rswitch_poll()

In the Linux kernel, the following vulnerability has been resolved: net: rswitch: Avoid use-after-free in rswitchpoll The use-after-free is actually in rswitchtxfree, which is inlined in rswitchpoll. Since skb and gq-skbsgq-dirty are in fact the same pointer, the skb is first freed using...

AZL-47983 CVE-2024-41088 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: can: mcp251xfd: fix infinite loop when xmit fails When the mcp251xfdstartxmit function fails, the driver stops processing messages, and the interrupt routine does not return, running indefinitely even after killing the running...

DEBIAN-CVE-2022-48805

In the Linux kernel, the following vulnerability has been resolved: net: usb: ax88179178a: Fix out-of-bounds accesses in RX fixup ax88179rxfixup contains several out-of-bounds accesses that can be triggered by a malicious or defective USB device, in particular: - The metadata array...

CVE-2022-48805 net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup

In the Linux kernel, the following vulnerability has been resolved: net: usb: ax88179178a: Fix out-of-bounds accesses in RX fixup ax88179rxfixup contains several out-of-bounds accesses that can be triggered by a malicious or defective USB device, in particular: - The metadata array...

CVE-2024-39894

OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur...

CVE-2024-39894

OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur...

CVE-2024-39894

OpenSSH CVE-2024-39894 affects OpenSSH 9.5–9.7 (before 9.8). A logic error in the ObscureKeystrokeTiming feature can enable timing attacks on keystroke entry (e.g., echo-off password input for su and sudo) and potentially reveal keystrokes. Mitigation per linked advisories is to upgrade to OpenSS...

TWCMS Security Vulnerabilities

TWCMS is an enterprise website management system from China's Tong Wang CMS TWCMS company. A security vulnerability exists in TWCMS version 2.0.3, which originates from a PHP file directly echoing parameters entered from an external source, allowing remote attackers to perform cross-site scriptin...

RHEL 7 : bash (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - bash: when effective UID is not equal to its real UID the saved UID is not dropped CVE-2019-18276 - A...

SUSE CVE-2023-52878

In the Linux kernel, the following vulnerability has been resolved: can: dev: canputechoskb: don't crash kernel if canpriv::echoskb is accessed out of bounds If the "struct canpriv::echooskb" is accessed out of bounds, this would cause a kernel crash. Instead, issue a meaningful warning message a...

The vulnerability of GE HealthCare EchoPAC medical software lies in the incorrect granting of permissions for critical resources, allowing an intruder to gain unauthorized access to protected information, enhance their privileges, or execute arbitrary codes.

The vulnerability of GE HealthCare EchoPAC medical software is related to the incorrect granting of permissions for critical resources. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information, increase their privileges, or execute arbitrary code...

DEBIAN-CVE-2023-52878

In the Linux kernel, the following vulnerability has been resolved: can: dev: canputechoskb: don't crash kernel if canpriv::echoskb is accessed out of bounds If the "struct canpriv::echooskb" is accessed out of bounds, this would cause a kernel crash. Instead, issue a meaningful warning message a...

UBUNTU-CVE-2023-52878

In the Linux kernel, the following vulnerability has been resolved: can: dev: canputechoskb: don't crash kernel if canpriv::echoskb is accessed out of bounds If the "struct canpriv::echooskb" is accessed out of bounds, this would cause a kernel crash. Instead, issue a meaningful warning message a...

CVE-2024-35929 rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()

In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix WARNONONCE in the rcunocbbypasslock For the kernels built with CONFIGRCUNOCBCPUDEFAULTALL=y and CONFIGRCULAZY=y, the following scenarios will trigger WARNONONCE in the rcunocbbypasslock and rcunocbwaitcontended...