CVE-2024-22065

There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands...

CVE-2024-22065 ZTE MF258 Pro product has a OS Command injection vulnerability

There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands...

CVE-2024-22065 ZTE MF258 Pro product has a OS Command injection vulnerability

There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands...

ZTE MF258 Pro 安全漏洞

ZTE MF258 Pro is a desktop router from ZTE Corporation ZTE, China. A security vulnerability exists in ZTE MF258 Pro version 1.0.0B03, which originates from insufficient validation of Ping diagnostic interface parameters, resulting in a command injection vulnerability...

PT-2024-19179 · Zte · Zte Mf258 Pro

Name of the Vulnerable Software and Affected Versions: ZTE MF258 Pro affected versions not specified Description: The issue is related to a command injection vulnerability. It occurs due to insufficient validation of the Ping Diagnosis interface parameter, allowing an authenticated attacker to...

PT-2024-8854 · D Link · D-Link Dir-820L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-820L version 1.05b03 Description: The issue is related to the ping v4 and ping v6 functions in the D-Link DIR-820L router's firmware, which fails to properly sanitize data when handling the ping addr parameter. This can allow a...

CVE-2024-45242

EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2c1.9.51 allow blind OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin panel is configured with the default credential...

CVE-2024-45242

EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2c1.9.51 allow blind OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin panel is configured with the default credential...

PT-2024-31500

Name of the Vulnerable Software and Affected Versions EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2 c1.9.51 Description The issue allows for OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During initial setup, the device creates an open unsecured...

CVE-2024-10193

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function pingddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has...

kernel security update

5.14.0-427.40.14.OL9 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

LOREX com.lorexcorp.lorexping 安全漏洞

LOREX com.lorexcorp.lorexping is a driver from LOREX Corporation. A security vulnerability exists in LOREX com.lorexcorp.lorexping version 1.4.22. A remote attacker could exploit the vulnerability to obtain sensitive information through the firmware update process...

CentOS 7 : containernetworking-plugins (RHSA-2020:0406)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0406 advisory. - Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/...

D-Link DIR-820 Router OS Command Injection Vulnerability

D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the pingaddr parameter to ping.ccp...

CVE-2024-46854

In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETHZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETHZLEN, ensuring nothing is leaked in the padding...

DEBIAN-CVE-2024-46854

In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETHZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETHZLEN, ensuring nothing is leaked in the padding...

CVE-2024-46854

CVE-2024-46854 – Linux kernel net: dpaa padding has been fixed. When sending small packets (

ABB Cylon Aspect 3.07.00 Remote Code Execution

ABB Cylon Aspect 3.07.00 networkDiagAjax.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.00 Summary: ASPECT is an award-winning scalable building energy management...

CVE-2024-46800

A use-after-free vulnerability was found in the Linux kernel. If netemdequeue enqueues a packet to inner qdisc and that qdisc returns NETXMITSTOLEN, the packet is dropped but qdisctreereducebacklog is not called to update the parent's q.qlen. Mitigation Mitigation for this issue is either not...

CVE-2024-46800 sch/netem: fix use after free in netem_dequeue

In the Linux kernel, the following vulnerability has been resolved: sch/netem: fix use after free in netemdequeue If netemdequeue enqueues packet to inner qdisc and that qdisc returns NETXMITSTOLEN. The packet is dropped but qdisctreereducebacklog is not called to update the parent's q.qlen,...