Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged
Filter by:
With package: perlPackages.WebServiceValidatorHTMLW3C

Found 7 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-4007
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 1 month ago
Tenda W3 POST Parameter wifiSSIDget stack-based overflow

A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.

Affected products

W3
  • ==1.0.0.3(2204)

Matching in nixpkgs

pkgs.w3m

Text-mode web browser

pkgs.Xaw3d

3D widget set based on the Athena Widget set

pkgs.revpfw3

Reverse proxy to bypass the need for port forwarding

pkgs.ilspycmd

Tool for decompiling .NET assemblies and generating portable PDBs

pkgs.libxaw3d

3D appearance variant of the X Athena Widget Set

Permalink CVE-2026-3972
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 1 month ago
Tenda W3 HTTP setcfm formSetCfm stack-based overflow

A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The attack can only be performed from the local network. The exploit has been made public and could be used.

Affected products

W3
  • ==1.0.0.3(2204)

Matching in nixpkgs

pkgs.w3m

Text-mode web browser

pkgs.Xaw3d

3D widget set based on the Athena Widget set

pkgs.revpfw3

Reverse proxy to bypass the need for port forwarding

pkgs.ilspycmd

Tool for decompiling .NET assemblies and generating portable PDBs

pkgs.libxaw3d

3D appearance variant of the X Athena Widget Set

Permalink CVE-2026-3973
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 1 month ago
Tenda W3 POST Parameter setAutoPing formSetAutoPing stack-based overflow

A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Parameter Handler. This manipulation of the argument ping1/ping2 causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

Affected products

W3
  • ==1.0.0.3(2204)

Matching in nixpkgs

pkgs.w3m

Text-mode web browser

pkgs.Xaw3d

3D widget set based on the Athena Widget set

pkgs.revpfw3

Reverse proxy to bypass the need for port forwarding

pkgs.ilspycmd

Tool for decompiling .NET assemblies and generating portable PDBs

pkgs.libxaw3d

3D appearance variant of the X Athena Widget Set

Permalink CVE-2026-3976
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 1 month ago
Tenda W3 POST Parameter WifiMacFilterSet formWifiMacFilterSet stack-based overflow

A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

Affected products

W3
  • ==1.0.0.3(2204)

Matching in nixpkgs

pkgs.w3m

Text-mode web browser

pkgs.Xaw3d

3D widget set based on the Athena Widget set

pkgs.revpfw3

Reverse proxy to bypass the need for port forwarding

pkgs.ilspycmd

Tool for decompiling .NET assemblies and generating portable PDBs

pkgs.libxaw3d

3D appearance variant of the X Athena Widget Set

Permalink CVE-2026-4008
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 1 month ago
Tenda W3 POST Parameter wifiSSIDset stack-based overflow

A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.

Affected products

W3
  • ==1.0.0.3(2204)

Matching in nixpkgs

pkgs.w3m

Text-mode web browser

pkgs.Xaw3d

3D widget set based on the Athena Widget set

pkgs.revpfw3

Reverse proxy to bypass the need for port forwarding

pkgs.ilspycmd

Tool for decompiling .NET assemblies and generating portable PDBs

pkgs.libxaw3d

3D appearance variant of the X Athena Widget Set

Permalink CVE-2026-3974
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 1 month ago
Tenda W3 HTTP exeCommand formexeCommand stack-based overflow

A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used.

Affected products

W3
  • ==1.0.0.3(2204)

Matching in nixpkgs

pkgs.w3m

Text-mode web browser

pkgs.Xaw3d

3D widget set based on the Athena Widget set

pkgs.revpfw3

Reverse proxy to bypass the need for port forwarding

pkgs.ilspycmd

Tool for decompiling .NET assemblies and generating portable PDBs

pkgs.libxaw3d

3D appearance variant of the X Athena Widget Set

Permalink CVE-2026-3975
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 1 month ago
Tenda W3 POST Parameter WifiMacFilterGet formWifiMacFilterGet stack-based overflow

A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component POST Parameter Handler. Performing a manipulation of the argument wl_radio results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

Affected products

W3
  • ==1.0.0.3(2204)

Matching in nixpkgs

pkgs.w3m

Text-mode web browser

pkgs.Xaw3d

3D widget set based on the Athena Widget set

pkgs.revpfw3

Reverse proxy to bypass the need for port forwarding

pkgs.ilspycmd

Tool for decompiling .NET assemblies and generating portable PDBs

pkgs.libxaw3d

3D appearance variant of the X Athena Widget Set