Opennds Captive_portal
7 CVEs affecting Opennds Captive_portal. Latest disclosed: 2023-11-17. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-38316 | Critical | 9.8 | 2023-11-17 | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS comma… |
CVE-2023-38322 | High | 7.5 | 2023-11-17 | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP… |
CVE-2023-38320 | High | 7.5 | 2023-11-17 | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafte… |
CVE-2023-38315 | High | 7.5 | 2023-11-17 | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a cra… |
CVE-2023-38313 | High | 7.5 | 2023-11-17 | An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP req… |
CVE-2023-38314 | Medium | 6.5 | 2023-11-17 | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a c… |
CVE-2023-38324 | Medium | 5.3 | 2023-11-17 | An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS… |