CVE-2020-7058

datainput.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection - Data Input Methods - Unix - Ping Host. NOTE: the vendor has stated "This is a false alarm...

PT-2020-19364 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.8 Description: The issue concerns remote code execution via a crafted Input String to Data Collection - Data Input Methods - Unix - Ping Host in the data input.php file. However, the vendor has stated that this is a false...

SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0059-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)

This update for nodejs12 fixes the following issues : Update to LTS release 12.13.0 jscSLE-8947. Security issues fixed : CVE-2019-9511: Fixed the HTTP/2 implementation that was vulnerable to window size manipulations bsc1146091. CVE-2019-9512: Fixed the HTTP/2 implementation that was vulnerable t...

Ping Identity: Forbidden access to https://apps-staging.pingone.com but "/packages.json" visible and full path disclosure

Summary: If you visit the application https://apps-staging.pingone.com/. The application is protected from unauthorized users displays Forbidden. In spite of having this protection, an attacker would be able to see the packages information of the application. Steps To Reproduce: Go to...

Oracle Linux 8 : container-tools:1.0 (ELSA-2019-4273)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4273 advisory. - rebuild because of CVE-2019-9512 and CVE-2019-9514 - rebuild because of CVE-2019-9512 and CVE-2019-9514 - rebuild because of CVE-2019-9512 and...

CVE-2020-5179

Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. In some cases, authentication can be achieved with the comtech password fo...

CVE-2020-5179

Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. In some cases, authentication can be achieved with the comtech password fo...

CVE-2020-5179

Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. In some cases, authentication can be achieved with the comtech password fo...

PT-2020-18285

Name of the Vulnerable Software and Affected Versions Comtech Stampede FX-1010 version 7.4.3 Description The issue allows remote authenticated administrators to execute arbitrary OS commands. This can be achieved by navigating to the Diagnostics Ping page and entering shell metacharacters in the...

NewStart CGSL CORE 5.05 / MAIN 5.05 : mod_auth_openidc Multiple Vulnerabilities (NS-SA-2019-0243)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has modauthopenidc packages installed that are affected by multiple vulnerabilities: - The OpenID Connect Relying Party and OAuth 2.0 Resource Server aka modauthopenidc module before 2.1.6 for the Apache HTTP Server does not sk...

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

Red Hat JBoss Enterprise Application Platform 7.x < 7.2.5 Multiple Vulnerabilities

The version of Red Hat JBoss Enterprise Application Platform EAP installed on the remote host is 7.x prior to 7.2.5. It is therefore, affected my multiple vulnerabilities as referenced in the RHSA-2019:4021 advisory: - undertow: HTTP/2: large amount of data requests leads to denial of service...

Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed the following vulnerabilities in Node.js CVE-2019-9511, CVE-2019-9516, CVE-2019-9512, CVE-2019-9517, CVE-2019-9518, CVE-2019-9515, CVE-2019-9513, CVE-2019-9514 Vulnerability Details CVEID: CVE-2019-9511 DESCRIPTION: Some HTTP/2 implementation...

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

Important: container-tools:rhel8 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: HTTP/2: flood using PING frames results in unbounded memory growth CVE-2019-9512 HTTP/2: flood using HEADERS frames results in unbounded memory growth CVE-2019-9514...

The vulnerability of the implementation of diagnostic functions for ping and tracert in the microprogramming software of TP-Link TL-R600VPN allows a intruder to execute arbitrary code.

The vulnerability of the ping and tracert diagnostic functions in the microprogramming software for TP-Link TL-R600VPN implementations lies in the fact that the operation’s results are stored outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute...

VulnCheck KEV: CVE-2019-18396

An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OIFwV20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mntping.cgi. NOTE: This...

Exploit for OS Command Injection in Netis-Systems Wf2419_Firmware

NETIS router WF2419 RCE CVE-2019-19356 Context The vul...

OpenNetAdmin 18.1.1 - Command Injection Exploit (Metasploit)

OpenNetAdmin 18.1.1 - Command Injection Exploit Metasploit class MetasploitModule 'OpenNetAdmin Ping Command Injection', 'Description' = %q This module exploits a command injection in OpenNetAdmin between 8.5.14 and 18.1.1. , 'Author' = 'mattpascoe', Vulnerability discovery 'Onur ER ' Metasploit...