LuMingYinDetect

18 exploits Active since Nov 2023
CVE-2023-38317 WRITEUP CRITICAL WRITEUP
OpenNDS <10.1.3 - Command Injection
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
CVSS 9.8
CVE-2023-38318 WRITEUP CRITICAL WRITEUP
OpenNDS <10.1.3 - Command Injection
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
CVSS 9.8
CVE-2023-38319 WRITEUP CRITICAL WRITEUP
OpenNDS <10.1.3 - Command Injection
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
CVSS 9.8
CVE-2023-38321 WRITEUP HIGH WRITEUP
Sierra Wireless ALEOS <4.17.0.12 - DoS
OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token.
CVSS 7.5
CVE-2023-38323 WRITEUP CRITICAL WRITEUP
OpenNDS <10.1.3 - Command Injection
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
CVSS 9.8
CVE-2023-38324 WRITEUP MEDIUM WRITEUP
OpenNDS <10.1.2 - Auth Bypass
An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.
CVSS 5.3
CVE-2024-24262 WRITEUP HIGH WRITEUP
Ireader Media-server - Use After Free
media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c.
CVSS 7.5
CVE-2024-24263 WRITEUP HIGH WRITEUP
Chendotjs Lotos Webserver - Use After Free
Lotos WebServer v0.1.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the response_append_status_line function at /lotos/src/response.c.
CVSS 7.5
CVE-2024-25763 WRITEUP MEDIUM WRITEUP
Opennds - Use After Free
openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c.
CVSS 5.5
CVE-2024-25767 WRITEUP MEDIUM WRITEUP
Emqx Nanomq - Use After Free
nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c.
CVSS 6.5
CVE-2024-25768 WRITEUP HIGH WRITEUP
Trusteddomain Opendmarc - NULL Pointer Dereference
OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/libopendmarc/opendmarc_policy.c.
CVSS 7.5
CVE-2024-25770 WRITEUP MEDIUM WRITEUP
Libming - Memory Leak
libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c.
CVSS 4.3
CVE-2024-26455 WRITEUP HIGH WRITEUP
Treasuredata Fluent Bit - Use After Free
fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.
CVSS 7.5
CVE-2024-26458 WRITEUP MEDIUM WRITEUP
MIT Kerberos 5 - Memory Leak
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.
CVSS 5.3
CVE-2024-26461 WRITEUP HIGH WRITEUP
MIT Kerberos 5 - Resource Allocation Without Limits
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.
CVSS 7.5
CVE-2024-26462 WRITEUP MEDIUM WRITEUP
MIT Kerberos 5 - Memory Leak
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.
CVSS 5.5
CVE-2024-27507 WRITEUP HIGH WRITEUP
libLAS 1.8.1 - Memory Corruption
libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp.
CVSS 7.5
CVE-2024-27508 WRITEUP HIGH WRITEUP
Atheme 7.2.12 - Memory Corruption
Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c.
CVSS 7.5