CVSS: 8.4EPSS: 0%CPEs: 14EXPL: 0CVE-2019-11862 – ALEOS SSH Service Allows Traffic Proxying
https://notcve.org/view.php?id=CVE-2019-11862
The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying. El servicio SSH en ALEOS versiones anteriores a 4.12.0, 4.9.5, 4.4.9, permite un proxy del tráfico. • https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-004 •
CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0CVE-2019-11858 – ALEOS Multiple Web UI vulnerabilities
https://notcve.org/view.php?id=CVE-2019-11858
Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Se presentan múltiples vulnerabilidades de desbordamiento del búfer en la AceManager Web API de ALEOS versiones anteriores a 4.13.0, 4.9.5 y 4.4.9. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2019-11853 – ALEOS AT Command Injections
https://notcve.org/view.php?id=CVE-2019-11853
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4. Se presentan varias vulnerabilidades potenciales de inyecciones de comandos en la interfaz de comandos AT de ALEOS versiones anteriores a 4.11.0 y 4.9.4. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 15EXPL: 0CVE-2019-11859 – ALEOS SMS Handler Buffer Overflow
https://notcve.org/view.php?id=CVE-2019-11859
A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root. Se presenta un desbordamiento del búfer en la API del manejador de SMS de ALEOS versiones anteriores a 4.13.0, 4.9.5, 4.9.4, que puede permitir una ejecución de código como root. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.1EPSS: 0%CPEs: 15EXPL: 0CVE-2019-11857 – ALEOS AceManager Information Disclosure
https://notcve.org/view.php?id=CVE-2019-11857
Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information. Una falta de saneamiento de entrada en AceManager de ALEOS versiones anteriores a 4.12.0, 4.9.5 y 4.4.9, permite una divulgación de información confidencial del sistema. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004 • CWE-20: Improper Input Validation •