opennds (Ubuntu:24.10) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Ubuntu:24.10 package opennds, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (13)
CVE-2023-38319 — CVSS 9.8 (critical): An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that…
CVE-2023-41101 — CVSS 9.8 (critical): An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length…
CVE-2023-38316 — CVSS 9.8 (critical): An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can…
CVE-2023-38317 — CVSS 9.8 (critical): An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing…
CVE-2023-38323 — CVSS 9.8 (critical): An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing…
CVE-2023-38318 — CVSS 9.8 (critical): An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers…
CVE-2023-41102 — CVSS 7.5 (high): An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up…
CVE-2023-38315 — CVSS 7.5 (high): An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be…
CVE-2023-38320 — CVSS 7.5 (high): An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be…
CVE-2023-38321 — CVSS 7.5 (high): OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL…
CVE-2023-38322 — CVSS 7.5 (high): An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered…
CVE-2023-38313 — CVSS 7.5 (high): An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a…
CVE-2023-38314 — CVSS 6.5 (medium): An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can…