Lucene search
+L
OpenndsOpennds

7 matches found

CVE
CVE
added 2024/02/26 12:0 a.m.6673 views

CVE-2024-25763

CVE-2024-25763 affects openNDS 10.2.0 with a Use-After-Free in /openNDS/src/auth.c. The Red Hat/OSV/Ubuntu/NASL entries confirm the same description across multiple sources. The CVE’s metrics show a CVSS v3.1 base score of 5.5 (Medium) with network attack vector, low attack complexity, and privil...

5.5CVSS6.7AI score0.00454EPSS
CVE
CVE
added 2023/11/17 12:0 a.m.79 views

CVE-2023-41101

CVE-2023-41101 affects OpenNDS prior to 10.1.3. The vulnerability is in get_query() of http_microhttpd.c, which does not validate the length of the GET query string, leading to a stack-based overflow on 9.x and earlier and a heap-based overflow on 10.x and later. Impacted systems may crash (DoS) ...

9.8CVSS10AI score0.01904EPSS
CVE
CVE
added 2023/11/17 12:0 a.m.59 views

CVE-2023-41102

The CVE-2023-41102 vulnerability affects OpenNDS before version 10.1.3, where the captive portal has multiple memory leaks due to not freeing allocated memory, potentially causing a Denial-of-Service by exhausting memory. The issue is mitigated by upgrading to OpenNDS version 10.2.0, which has be...

7.5CVSS7.5AI score0.00972EPSS
CVE
CVE
added 2024/01/26 12:0 a.m.56 views

CVE-2023-38318

OpenNDS before 10.1.3 is affected. The issue arises from inadequate sanitization of the gateway FQDN entry in the configuration file, allowing an attacker with access to that file to execute arbitrary OS commands. Impact is high: confidentiality, integrity, and availability can be compromised (CV...

9.8CVSS9.6AI score0.01096EPSS
CVE
CVE
added 2024/01/26 12:0 a.m.54 views

CVE-2023-38319

CVE-2023-38319 affects OpenNDS prior to 10.1.3. The issue is that the configuration file’s FAS key entry is not sanitized, allowing an attacker with direct or indirect access to the file to execute arbitrary OS commands. The vulnerability impact is described as high/critical in CVSS v3.1 (AV:N/AC...

9.8CVSS9.6AI score0.01096EPSS
CVE
CVE
added 2024/01/26 12:0 a.m.49 views

CVE-2023-38317

OpenNDS

9.8CVSS9.6AI score0.01096EPSS
CVE
CVE
added 2024/01/26 12:0 a.m.43 views

CVE-2023-38323

OpenNDS before 10.1.3 contains a vulnerability where the status path script entry in the configuration file is not sanitized, allowing attackers with direct or indirect access to that file to execute arbitrary OS commands. CVSSv3.1 base score 9.8 (CRITICAL) with Network attack vector, no privileg...

9.8CVSS9.6AI score0.01096EPSS