Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: perl538Packages.WebServiceValidatorHTMLW3C

Found 4 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-4007
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 1 week, 2 days ago
Tenda W3 POST Parameter wifiSSIDget stack-based overflow

A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.

References

Affected products

W3
  • ==1.0.0.3(2204)

Matching in nixpkgs

Untriaged
Permalink CVE-2026-4008
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 1 week, 2 days ago
Tenda W3 POST Parameter wifiSSIDset stack-based overflow

A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.

References

Affected products

W3
  • ==1.0.0.3(2204)

Matching in nixpkgs

Untriaged
Permalink CVE-2024-7202
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
Simopro Technology WinMatrix3 Web package - SQL Injection

The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.

References

Affected products

Web
  • =<1.2.35.3
winmatrix3
  • =<1.2.35.3

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2024-7201
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
Simopro Technology WinMatrix3 Web package - SQL Injection

The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.

References

Affected products

Web
  • =<1.2.33.3
winmatrix3
  • =<1.2.33.3

Matching in nixpkgs

Package maintainers