CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...

9.8CVSS7.5AI score0.00241EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 5:16 a.m.•7 views

CVE-2023-38321

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service NULL pointer dereference, daemon crash, and Captive Portal outage via a GET request to /openndsauth/ that lacks a custom query string parameter and client-token...

7.5CVSS6.8AI score0.00053EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 4:40 a.m.•13 views

CVE-2023-41101

An issue was discovered in the captive portal in OpenNDS before version 10.1.3. getquery in httpmicrohttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions...

9.8CVSS8AI score0.05439EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 4:30 a.m.•7 views

CVE-2023-38320

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a showpreauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS a Denial-of-Service condition. This problem...

7.5CVSS6.7AI score0.00589EPSS

Exploits0

RedhatCVE•added 2025/05/23 2:22 a.m.•4 views

CVE-2023-38324

An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...

5.3CVSS6.7AI score0.00558EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:21 a.m.•3 views

CVE-2023-38317

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...

9.8CVSS7.5AI score0.00315EPSS

Exploits1References1

Tenable Nessus•added 2025/03/05 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2023-38324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS ke...

5.3CVSS5.7AI score0.00558EPSS

Exploits0References2

Ubuntu•added 2025/03/03 12:33 a.m.•7 views

USN-7312-1: openNDS vulnerability

It was discovered that openNDS did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

5.5CVSS5.8AI score0.00152EPSS

Exploits1

Tenable Nessus•added 2025/03/03 12:0 a.m.•3 views

Ubuntu 24.04 LTS / 24.10 : openNDS vulnerability (USN-7312-1)

The remote Ubuntu 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7312-1 advisory. It was discovered that openNDS did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service ...

5.5CVSS6AI score0.00152EPSS

Exploits1References2

OSV•added 2024/02/26 4:27 p.m.•2 views

CVE-2024-25763

openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c...

5.5CVSS6.6AI score

Exploits0References1

Prion•added 2024/02/26 4:27 p.m.•5 views

Design/Logic Flaw

openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c...

7.1AI score0.00152EPSS

Exploits1References1

Vulnrichment•added 2024/01/26 12:0 a.m.•3 views

CVE-2023-38317

7.4AI score0.00315EPSS

Exploits1References4

Vulnrichment•added 2024/01/26 12:0 a.m.•1 views

CVE-2023-38319

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...

9.7AI score0.00315EPSS

Exploits1References4

CNNVD•added 2024/01/26 12:0 a.m.•3 views

openNDS Security Vulnerabilities

openNDS is openNDS open source a high-performance, small footprint portal system. A security vulnerability exists in openNDS prior to version 10.1.3 that stems from an inability to clean up a stateful path script entry in a configuration file, which could allow an attacker with direct or indirect...

9.8CVSS7.2AI score0.00315EPSS

Exploits1References5

Vulnrichment•added 2024/01/26 12:0 a.m.•4 views

CVE-2023-38323

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...

9.7AI score0.00315EPSS

Exploits1References4

Vulnrichment•added 2024/01/26 12:0 a.m.•1 views

CVE-2023-38318

9.7AI score0.00241EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by