CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21812
https://notcve.org/view.php?id=CVE-2021-21812
13 Aug 2021 — A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a static sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities. Se prese... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1280 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2021-21829
https://notcve.org/view.php?id=CVE-2021-21829
13 Aug 2021 — A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de búfer en la región heap de la memoria en la funcionalidad XML Decompression EnumerationUncompressor::UncompressItem de Xmill versión 0.7 de AT&T Labs. Un archivo XMI ... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1292 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2021-21830
https://notcve.org/view.php?id=CVE-2021-21830
13 Aug 2021 — A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de búfer en la región heap de la memoria en la funcionalidad XML Decompression LabelDict::Load de Xmill versión 0.7 de AT&T Labs. Un archivo XMI especialmente diseñado puede conllevar a una eje... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1293 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-22650
https://notcve.org/view.php?id=CVE-2020-22650
19 Jul 2021 — A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 causes a denial of service (DOS) via a system crash triggered by the occurrence of a large number of alarm events. Una vulnerabilidad de pérdida de memoria en el archivo sim-organizer.c de AlienVault Ossim versión v5, causa una denegación de servicio (DOS) por medio de un fallo del sistema desencadenado por la aparición de un gran número de eventos de alarma • https://github.com/jpalanco/alienvault-ossim/issues/4 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.3EPSS: 4%CPEs: 2EXPL: 1CVE-2017-14116
https://notcve.org/view.php?id=CVE-2017-14116
03 Sep 2017 — The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with "nc -l" support. El firmware ATT U-verse 9.2.2h0d83 para el dispositivo Arris NVG599, cuando el modo IP Passthrough no está en uso, configura el acceso WAN a un s... • http://www.securityfocus.com/bid/100585 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.9EPSS: 31%CPEs: 3EXPL: 1CVE-2017-14117
https://notcve.org/view.php?id=CVE-2017-14117
03 Sep 2017 — The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values. El firmware ATT U-verse 9.2.2h0d83 para los dispositivos Arris NVG589 and NVG599, cuando el modo IP Passthrough no está en uso, configura un servicio de proxy sin autenticar en el ... • http://www.securityfocus.com/bid/100585 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 4%CPEs: 3EXPL: 1CVE-2017-14115
https://notcve.org/view.php?id=CVE-2017-14115
03 Sep 2017 — The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a "Terminal shell v1.0" service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands. El firmware ATT U-verse 9.2.2h0d83 para dispositivos Arris NVG589 y N... • http://www.securityfocus.com/bid/100585 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.1EPSS: 1%CPEs: 3EXPL: 1CVE-2017-10793
https://notcve.org/view.php?id=CVE-2017-10793
03 Sep 2017 — The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive information (such as the Wi-Fi password) by leveraging knowledge of a hardware identifier, related to the Bulk Data Collection (BDC) mechanism defined in Broadband Forum technical reports. El firmware ATT U-verse 9.2.2h0d83... • http://www.securityfocus.com/bid/100585 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2013-7286 – MobileIron VSP / Sentry Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-7286
02 Apr 2014 — MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm MobileIron VSP versiones anteriores a 5.9.1 y Sentry versiones anteriores a 5.0, poseen un algoritmo débil de ofuscación de contraseña. MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 suffer from password obfuscation and XPath injection vulnerabilities. • https://packetstorm.news/files/id/125990 • CWE-326: Inadequate Encryption Strength •
CVSS: 9.8EPSS: 2%CPEs: 8EXPL: 0CVE-2013-6029
https://notcve.org/view.php?id=CVE-2013-6029
04 Dec 2013 — Stack-based buffer overflow in the AT&T Connect Participant Application before 9.5.51 on Windows allows remote attackers to execute arbitrary code via a malformed .SVT file. Desbordamiento de búfer en AT T Connect Participant Application anterior a 9.5.51 sobre Windows permite a atacantes remotos ejecutar código de su elección a través de un archivo SVT mal formado. • http://www.kb.cert.org/vuls/id/346278 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •