kernel security update

5.14.0-503.14.15.OL9 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

D-Link DIR-820L Code Execution Vulnerability

The D-Link DIR-820L is a dual-band wireless router from China's AUO D-Link. The D-Link DIR-820L suffers from a code execution vulnerability that stems from the pingaddr parameter in the pingv4 and pingv6 functions failing to properly filter the special elements of the constructed code segment. An...

CVE-2024-51186

D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution RCE vulnerability via the pingaddr parameter in the pingv4 and pingv6 functions...

CVE-2024-51186

D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution RCE vulnerability via the pingaddr parameter in the pingv4 and pingv6 functions...

CVE-2024-36061

EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities...

CVE-2024-36061

EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities...

CVE-2024-36061

EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities...

CVE-2024-36061

EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities...

EnGenius EWS356-FIT 安全漏洞

The EnGenius EWS356-FIT is an indoor wireless access point from EnGenius. A security vulnerability exists in the EnGenius EWS356-FIT version 1.1.30 and earlier. An attacker can exploit the vulnerability to execute arbitrary operating system commands via shell metacharacters to the Ping and Speed...

Ping Identity PingAccess 安全漏洞

Ping Identity PingAccess is a centralized access security solution with a comprehensive policy engine from Ping Identity, Inc. It is used to provide secure access to applications and Api's up to the Url level and ensures that only authorized users can access the resources they need. A security...

CVE-2024-36061

CVE-2024-36061 affects EnGenius EWS356-FIT devices (versions up to 1.1.30). The vulnerability is a blind OS command injection that lets an attacker execute arbitrary OS commands by injecting shell metacharacters into the Ping and Speed Test utilities. This could lead to full device compromise, de...

D-Link DIR-820L 安全漏洞

The D-Link DIR-820L is a dual-band wireless router from China's AUO D-Link. The D-Link DIR-820L suffers from a code execution vulnerability that stems from the pingaddr parameter in the pingv4 and pingv6 functions failing to properly filter the special elements of the constructed code segment. An...

CVE-2024-51186

CVE-2024-51186 affects the D-Link DIR-820L router (firmware 1.05b03). A remote code execution vulnerability exists via the ping_addr parameter in the ping_v4 and ping_v6 functions. Public sources in the connected documents consistently describe an RCE outcome, with high impact on confidentiality,...

PT-2024-10857 · Circontrol · Circontrol Raption

Name of the Vulnerable Software and Affected Versions: Circontrol Raption versions through 5.6.2 Description: The pwrstudio web application of EV Charger is vulnerable to OS command injection via three fields of the configuration menu for ntpserver0, ntpserver1, and pingip. This issue affects...

PT-2024-26872 · Engenius · Engenius Enstation5-Ac

Name of the Vulnerable Software and Affected Versions: EnGenius EnStation5-AC A8J-ENS500AC version 1.0.0 Description: The issue allows blind OS command injection via shell metacharacters in the Ping and Speed Test parameters. This can potentially be exploited to execute unauthorized commands on t...

CVE-2024-36060

CVE-2024-36060 affects EnGenius EnStation5-AC A8J-ENS500AC (version 1.0.0). The vulnerability is a blind OS command injection through shell metacharacters in the Ping and Speed Test parameters. CVSSv3.1 base score is 8.8 (HIGH) with adjacent access, no user interaction, and all impact metrics HIG...

EnGenius EnStation5-AC A8J-ENS500AC 安全漏洞

The EnGenius EnStation5-AC A8J-ENS500AC is a wireless access point from EnGenius. A security vulnerability exists in the EnGenius EnStation5-AC A8J-ENS500AC version 1.0.0, which originates from allowing blind injection of operating system commands via shell metacharacters in the parameters Ping a...

CVE-2024-36060

EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell metacharacters in the Ping and Speed Test parameters...

CVE-2024-36060

EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell metacharacters in the Ping and Speed Test parameters...

CVE-2024-22065

There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands...