EUVD-2023-45029

Malicious code in bioql PyPI...

CVE-2020-8781

Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process...

CVE-2023-40463 Use of Hard-Coded Credentials

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

Sierra Wireless ALEOS Security Vulnerability

Sierra Wireless ALEOS AAF is Sierra Wireless Canada's framework for creating applications in Sierra Wireless AirLink gateways. A security vulnerability exists in Sierra Wireless ALEOS 4.16 and prior versions that stems from the presence of an infinite loop, which allows an attacker to trigger a...

PT-2023-7456 · Aleos · Aleos

Name of the Vulnerable Software and Affected Versions: ALEOS versions 4.16.0 and earlier Description: The issue is related to an open-source third-party component in ALEOS that can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal...

Sierra Wireless ALEOS Code Execution Vulnerability

Sierra Wireless ALEOS AAF is Sierra Wireless Canada's framework for creating applications in Sierra Wireless AirLink gateways. ALEOS versions 4.4.9, 4.9.5, and prior to 4.14.0 have a security vulnerability that originates from an unauthenticated RPC server allowing remote code execution. No...

Remote code execution

Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution...

ALEOS Stack Overflow Vulnerability

ALEOS is an integrated development environment for building customized embedded M2M applications. A stack overflow vulnerability exists in the AT command interface in ALEOS versions prior to 4.11.0, which can be exploited by an attacker to execute code...

ALEOS Information Disclosure Vulnerability

ALEOS is an integrated development environment for building customized embedded M2M applications. An information disclosure vulnerability exists in ALEOS versions prior to 4.12.0, 4.9.5, and 4.4.9, which stems from a lack of input validation in ALEOS' AceManager, and can be exploited by an attack...

ALEOS Command Injection Vulnerability

ALEOS is an integrated development environment for building customized embedded M2M applications. A command injection vulnerability exists in the AT command interface in ALEOS versions prior to 4.11.0, 4.9.4, and no detailed vulnerability details are available at this time...

CVE-2019-11847

An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell...

Sierra Wireless ALEOS Administrator Access Gain Vulnerability

Founded in 1993 in Canada, Sierra Wireless provides hardware, software, and services in the wireless marketplace, delivering innovative, reliable, and high-performance solutions to its customers.ALEOS is the application framework... A security vulnerability in Sierra Wireless ALEOS versions prior...