K98053339: HTTP/2 Ping Flood vulnerability CVE-2019-9512

Security Advisory Description Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, th...

K01226413: The BIG-IP APM PingAccess component caching vulnerability may lead to user impersonation

Security Advisory Description This issue occurs when all of the following conditions are met: You configure Ping Identity Services in the BIG-IP APM system for user authentication and authorization. You are running a BIG-IP APM version using the Ping Access SDK that is vulnerable. Impact This...

CVE-2022-45701

Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution RCE via the ping utility feature...

CVE-2022-45701

Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution RCE via the ping utility feature...

Remote code execution

Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution RCE via the ping utility feature...

CVE-2022-45701

Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution RCE via the ping utility feature...

ARRIS TG2482A 安全漏洞

The ARRIS TG2482A is a high performance, high quality home gateway from ARRIS, Inc. for delivering high-speed broadband, VoIP telephony, and whole-home Wi-Fi. A security vulnerability exists in the ARRIS TG2482A version 9.1.103GEM9. An attacker could exploit this vulnerability to conduct Remote...

CVE-2022-45701

Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution RCE via the ping utility feature...

CVE-2022-45701

CVE-2022-45701 affects Arris TG2482A firmware up to 9.1.103GEM9. The Red Hat/NVD/CVE records describe an authenticated Remote Code Execution (RCE) vulnerability exposed via the device’s ping utility feature, affecting TG2482A (and related models tested on TG2492, SBG10). Exploitation requires val...

SUSE CVE-2009-2288

statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 ping or 2 Traceroute parameters...

SUSE CVE-2009-4024

Argument injection vulnerability in the ping function in Ping.php in the NetPing package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem...

SUSE CVE-2010-2529

Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service hang via a crafted echo response...

SUSE CVE-2013-2223

GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information uninitialized heap memory or cause a denial of service out-of-bounds read via a crafted packet, as demonstrated by a truncated Ping packet that is not properly handled by the getEpHash function...

SUSE CVE-2013-6432

The pingrecvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service NULL pointer dereference and system crash by leveraging unspecified privileges to execute a crafte...

SUSE CVE-2014-2851

Integer overflow in the pinginitsock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service use-after-free and system crash or possibly gain privileges via a crafted application that leverages an improperly managed reference counter...

SUSE CVE-2015-0228

The luawebsocketread function in luarequest.c in the modlua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service child-process crash by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function...

SUSE CVE-2015-3636

The pingunhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service use-after-free and system crash by leveraging the ability to make a...

SUSE CVE-2019-9512

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...

SUSE CVE-2019-16713

ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c...

VulnCheck KEV: CVE-2022-36267

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...