18 matches found
Fedora 40 : tinyxml (2024-763ac380b6)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-763ac380b6 advisory. Automatic update for tinyxml-2.6.2-28.fc40. Changelog Wed Jan 3 2024 Dominik Mierzejewski - 2.6.2-28 - apply Debian patch to fix CVE-2021-42260...
CVE-2023-40460
The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...
CVE-2023-40463
When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...
CVE-2023-40462
The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting withi...
CVE-2023-40460
The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...
Design/Logic Flaw
The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting withi...
Design/Logic Flaw
The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by...
Design/Logic Flaw
The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...
CVE-2023-40462 Improper input leads to DoS
The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting withi...
CVE-2023-40462
The CVE-2023-40462 issue affects Sierra Wireless AirLink ALEOS ACEManager (4.16 and earlier). The root cause is inadequate input sanitization during authentication, potentially enabling a DoS on ACEManager with a restart recovery within about ten seconds. The connected documents confirm the vulne...
CVE-2023-40461
CVE-2023-40461 : Stored Cross-Site Scripting in the ACEManager file upload field of Sierra Wireless AirLink ALEOS (versions 4.16 and earlier). An authenticated administrator can upload files with names that are not fully validated, enabling client-side script execution within ACEManager and affec...
CVE-2023-40461 Cross-site scripting vulnerability in ACEManager
The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition...
CVE-2023-40460 Improper input leads to DoS
The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...
CVE-2023-40459
The CVE-2023-40459 issue affects the ACEManager component in Sierra Wireless ALEOS firmware 4.16 and earlier, caused by inadequate input sanitization during authentication. This can lead to a Denial of Service (DoS) against ACEManager while other router functions remain operational. The vulnerabl...
CVE-2023-40459 Improper input leads to DoS
The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by...
Sierra Wireless ALEOS Security Vulnerability
Sierra Wireless ALEOS AAF is a framework for creating applications in Sierra Wireless AirLink gateways from Sierra Wireless Canada. A security vulnerability exists in Sierra Wireless ALEOS 4.16 and prior versions that stems from the ACEManager component not validating input, allowing an attacker ...
PT-2023-7520 · Aleos · Aleos
Name of the Vulnerable Software and Affected Versions: ALEOS versions 4.16 and earlier Description: The issue is related to the ACEManager component of the ALEOS operating system, which does not properly validate file names in a file upload field. This can lead to a Stored Cross-Site Scripting...
Code injection
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page...