Synway SMG Gateway Management Software 注入漏洞

Synway SMG Gateway Management Software is a gateway management software from Synway. An injection vulnerability exists in Synway SMG Gateway Management Software 20250204 and prior versions, which stems from the parameter retry in file 9-12ping.php that can lead to command injection...

SUSE CVE-2025-26466

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to ...

UBUNTU-CVE-2025-26466

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to ...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the sshpacketreadpollseqnr function in packet.c. Ping packets SSH2MSGPING received without authentication buffer but neither send nor free PONG responses, which can consume unlimit...

CVE-2022-48580

A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

CVE-2024-29961

A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the...

Red Hat Infinispan 日志信息泄露漏洞

Red Hat Infinispan is a distributed caching and key-value NoSQL data store software from Red Hat, Inc. A log information disclosure vulnerability exists in Red Hat Infinispan that stems from the use of JDBCPING, where sensitive information may be exposed through the logging mechanism, leading to...

CVE-2024-48419

Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access t...

VulnCheck KEV: CVE-2022-44149

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required...

CVE-2024-56749 dlm: fix dlm_recover_members refcount on error

In the Linux kernel, the following vulnerability has been resolved: dlm: fix dlmrecovermembers refcount on error If dlmrecovermembers fails we don't drop the references of the previous created rootlist that holds and keep all rsbs alive during the recovery. It might be not an unlikely event becau...

Overtek OT-E801G 安全漏洞

The Overtek OT-E801G is a network device from Overtek. Overtek OT-E801G OTE801G65.1.1.0 has a security vulnerability that originates from the file /diagping.cmd?action=test&interface=ppp0.1&ipaddr=8.8.8.8%26%26cat%20/etc/passwd& ipversion=4&sessionKey=test causes OS command injection...

PT-2024-17848 · Overtek · Overtek Ot-E801G

Name of the Vulnerable Software and Affected Versions: Overtek OT-E801G version OTE801G65.1.1.0 Description: A critical issue was found in the Overtek OT-E801G, affecting the file /diag ping.cmd. This issue leads to os command injection when the action parameter is set to test and the ipaddr...

VulnCheck KEV: CVE-2021-42912

FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands...

VulnCheck KEV: CVE-2022-36559

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at pingexec.cgi...

PT-2024-35983

Name of the Vulnerable Software and Affected Versions: Victure RX1800 WiFi 6 Router version EN V1.0.0 r12 110933 Description: An issue was discovered in Victure RX1800 WiFi 6 Router devices, where certain "/cgi-bin/luci/admin" endpoints are vulnerable to command injection. Attackers can exploit...

Victure RX1800 WiFi 6 安全漏洞

The Victure RX1800 WiFi 6 is a wireless router from Victure. A security vulnerability exists in the Victure RX1800 WiFi 6 that stems from susceptibility to a command injection attack, where an attacker can send a crafted payload with parameters designed for the ping utility to execute arbitrary...

EnGenius多款产品 注入漏洞

The EnGenius ENH1350EXT and others are an outdoor wireless access point from EnGenius. An injection vulnerability exists in several EnGenius products, which stems from a mis-manipulation of the parameter diagping that can lead to command injection. The following products are affected: EnGenius...

PT-2024-17164 · Engenius · Engenius Ens500-Ac +2

Name of the Vulnerable Software and Affected Versions: EnGenius ENH1350EXT versions up to 20241118 EnGenius ENS500-AC versions up to 20241118 EnGenius ENS620EXT versions up to 20241118 Description: A critical vulnerability was found in the specified EnGenius devices, affecting the file...

Monero: low-level p2p ping + tcp flooding leads to a remote crash in monerod

The vulnerability allowed remote crashes of the P2P daemon through low-level ping and TCP flooding...

PT-2024-33071 · Linksys · Linksys E3000

Name of the Vulnerable Software and Affected Versions: Linksys E3000 version 1.0.06.002 US Description: The issue is related to command injection via the diag ping start function. Recommendations: For Linksys E3000 version 1.0.06.002 US, consider disabling the diag ping start function until a pat...