LuMingYinDetect

18 exploits Active since Nov 2023
CVE-2023-38317 WRITEUP CRITICAL WRITEUP
OpenNDS <10.1.3 - Command Injection
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
CVSS 9.8
CVE-2023-38318 WRITEUP CRITICAL WRITEUP
OpenNDS <10.1.3 - Command Injection
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
CVSS 9.8
CVE-2023-38319 WRITEUP CRITICAL WRITEUP
OpenNDS <10.1.3 - Command Injection
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
CVSS 9.8
CVE-2023-38321 WRITEUP HIGH WRITEUP
Sierra Wireless ALEOS <4.17.0.12 - DoS
OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token.
CVSS 7.5
CVE-2023-38323 WRITEUP CRITICAL WRITEUP
OpenNDS <10.1.3 - Command Injection
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
CVSS 9.8
CVE-2023-38324 WRITEUP MEDIUM WRITEUP
OpenNDS Captive Portal < 10.1.2 - Authentication Bypass via Default FAS Key
An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.
CVSS 5.3
CVE-2024-24262 WRITEUP HIGH WRITEUP
ireader media-server 1.0.0 - Use-After-Free via sip_uac_stop_timer
media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c.
CVSS 7.5
CVE-2024-24263 WRITEUP HIGH WRITEUP
Lotos WebServer v0.1.1 - Use-After-Free in response_append_status_line
Lotos WebServer v0.1.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the response_append_status_line function at /lotos/src/response.c.
CVSS 7.5
CVE-2024-25763 WRITEUP MEDIUM WRITEUP
openNDs 10.2.0 - Use-After-Free in auth.c
openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c.
CVSS 5.5
CVE-2024-25767 WRITEUP MEDIUM WRITEUP
nanomq 0.21.2 - Use-After-Free in socket.c
nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c.
CVSS 6.5
CVE-2024-25768 WRITEUP HIGH WRITEUP
OpenDMARC 1.4.2 - NULL Pointer Dereference in opendmarc_policy.c
OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/libopendmarc/opendmarc_policy.c.
CVSS 7.5
CVE-2024-25770 WRITEUP MEDIUM WRITEUP
libming 0.4.8 - Memory Leak in listaction.c
libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c.
CVSS 4.3
CVE-2024-26455 WRITEUP HIGH WRITEUP
fluent-bit 2.2.2 - Use-After-Free in calyptia.c
fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.
CVSS 7.5
CVE-2024-26458 WRITEUP MEDIUM WRITEUP
MIT Kerberos 5 1.21.2 - Memory Leak in PMAP_RMT
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.
CVSS 5.3
CVE-2024-26461 WRITEUP HIGH WRITEUP
MIT Kerberos 5 1.21.2 - Memory Leak in k5sealv3.c
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.
CVSS 7.5
CVE-2024-26462 WRITEUP MEDIUM WRITEUP
MIT Kerberos 5 1.21.2 - Memory Leak in NDR Component
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.
CVSS 5.5
CVE-2024-27507 WRITEUP HIGH WRITEUP
libLAS 1.8.1 - Use-After-Free in ts2las.cpp
libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp.
CVSS 7.5
CVE-2024-27508 WRITEUP HIGH WRITEUP
atheme 7.2.12 - Memory Leak in crypto-benchmark main.c
Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c.
CVSS 7.5