NG Security Vulnerabilities
The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths...
6.6CVSS
6.6AI Score
0.001EPSS
Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the "Application Starter" module).....
8.8CVSS
8.6AI Score
0.004EPSS
Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists...
6.1CVSS
6AI Score
0.001EPSS
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM...
7.2CVSS
7AI Score
0.001EPSS
Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a...
8.8CVSS
8.7AI Score
0.001EPSS
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable MySQL Load Data Local (rogue MySQL server)...
5.3CVSS
5.2AI Score
0.001EPSS
4.9CVSS
5.2AI Score
0.001EPSS
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV...
8.8CVSS
8.7AI Score
0.006EPSS
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the...
7.2CVSS
6.9AI Score
0.001EPSS
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local...
7.5CVSS
7.3AI Score
0.003EPSS
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITY\SYSTEM...
4.9CVSS
5.2AI Score
0.001EPSS
An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js"...
9.8CVSS
9.1AI Score
0.019EPSS
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writing parsed OID values. The function snmp_oid_decode_oid() may overwrite memory areas beyond the...
9.8CVSS
9.5AI Score
0.002EPSS
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. When a bulk get...
9.8CVSS
9.7AI Score
0.006EPSS
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. If the number of variables in the request exceeds the...
9.8CVSS
9.5AI Score
0.003EPSS
Memory access out of buffer boundaries issues was discovered in Contiki-NG 4.4 through 4.5, in the SNMP BER encoder/decoder. The length of provided input/output buffers is insufficiently verified during the encoding and decoding of data. This may lead to out-of-bounds buffer read or write access...
9.1CVSS
9.1AI Score
0.005EPSS
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server...
7.8CVSS
7.5AI Score
0.0004EPSS
An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face of forged fragment offsets in...
9.8CVSS
9.3AI Score
0.002EPSS
An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflow during 6LoWPAN fragment processing in the face of truncated fragments in os/net/ipv6/sicslowpan.c. This results in accesses of unmapped memory, crashing the...
7.5CVSS
7.5AI Score
0.002EPSS
diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path...
9.8CVSS
9.7AI Score
0.017EPSS
Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter...
9.8CVSS
9.6AI Score
0.088EPSS
Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified...
7.8CVSS
8.9AI Score
0.0004EPSS
The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to...
6.2CVSS
5.2AI Score
0.0004EPSS
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket...
5.5CVSS
5AI Score
0.0004EPSS
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin...
7.2CVSS
7.2AI Score
0.001EPSS
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin...
7.2CVSS
7.1AI Score
0.002EPSS
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input...
4.8CVSS
4.9AI Score
0.001EPSS
When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored...
4.8CVSS
5AI Score
0.001EPSS
A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted...
7.8CVSS
7.8AI Score
0.02EPSS
An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19.0.3 and earlier allows remote attackers to execute arbitrary code via an unspecified...
9.8CVSS
9.6AI Score
0.034EPSS
A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future...
4.3CVSS
4.5AI Score
0.002EPSS
A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview...
5.4CVSS
5.1AI Score
0.001EPSS
OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in a malicious attacker can include own SQL commands which database.....
9.8CVSS
9.7AI Score
0.003EPSS
OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The "id" and "operation" GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response that can...
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote...
9.8CVSS
9.7AI Score
0.007EPSS
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP...
8.8CVSS
8.7AI Score
0.002EPSS
An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and....
10CVSS
8.7AI Score
0.011EPSS
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of...
7.8CVSS
7.8AI Score
0.0005EPSS
An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersection,...
7CVSS
7AI Score
0.0005EPSS
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation,...
7CVSS
7.2AI Score
0.0005EPSS
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvm_shift_for_operator in...
6.1CVSS
6.5AI Score
0.0005EPSS
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aql-lexer.c while parsing AQL (parsing next...
7.8CVSS
7.8AI Score
0.0005EPSS
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of...
9.1CVSS
8.9AI Score
0.015EPSS
OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this...
8.8CVSS
8.7AI Score
0.002EPSS
OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the...
8.8CVSS
8.9AI Score
0.001EPSS
OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims' browser. This attack appear to be exploitable via Victim.....
6.1CVSS
6.1AI Score
0.001EPSS
OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted...
6.5CVSS
6.9AI Score
0.001EPSS
procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a...
5.9CVSS
5.5AI Score
0.002EPSS
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file()...
7.3CVSS
7.4AI Score
0.0004EPSS
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a...
7.5CVSS
7.6AI Score
0.005EPSS