Comparison Overview

A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.

• https://lavender-bicycle-a5a.notion.site/Tenda_AC5_QuickIndex_PPPOEPassword-32053a41781f808dae98f99c99bcb21c?source=copy_link
• https://vuldb.com/?ctiid.353654
• https://vuldb.com/?id.353654
• https://vuldb.com/?submit.777380
• https://www.tenda.com.cn/

A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.

• https://lavender-bicycle-a5a.notion.site/Tenda_AC5_addressNat_page-32053a41781f8017938dda66f0193ebd?source=copy_link
• https://vuldb.com/?ctiid.353653
• https://vuldb.com/?id.353653
• https://vuldb.com/?submit.777378
• https://www.tenda.com.cn/

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.

• https://github.com/TigerVNC/tigervnc/commit/0b5cab169d847789efa54459a87659d3fd484393
• https://groups.google.com/g/tigervnc-announce/c/anHL9WLshLI
• https://sourceforge.net/projects/tigervnc/files/stable/1.16.2
• https://www.openwall.com/lists/oss-security/2026/03/26/7

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to template files inside of the instance. This particular implementation of pongo2 within Incus allowed for file read/write but with the expectation that the pongo2 chroot feature would isolate all such access to the instance's filesystem. This was allowed such that a template could theoretically read a file and then generate a new version of said file. Unfortunately the chroot isolation mechanism is entirely skipped by pongo2 leading to easy access to the entire system's filesystem with root privileges. Version 6.23.0 patches the issue.

• https://github.com/lxc/incus/security/advisories/GHSA-83xr-5xxr-mh92

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a denial of service of the control plane API. This does not impact any running workload, existing containers and virtual machines will keep operating. Version 6.23.0 fixes the issue.

• https://github.com/lxc/incus/security/advisories/GHSA-vg76-xmhg-j5x3