Lucene search
K

18 matches found

Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.22 views

Fedora 40 : tinyxml (2024-763ac380b6)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-763ac380b6 advisory. Automatic update for tinyxml-2.6.2-28.fc40. Changelog Wed Jan 3 2024 Dominik Mierzejewski - 2.6.2-28 - apply Debian patch to fix CVE-2021-42260...

7.5CVSS7.3AI score0.03055EPSS
Exploits1References4
OSV
OSV
added 2023/12/04 11:15 p.m.4 views

CVE-2023-40460

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...

5.4CVSS5.9AI score
Exploits0References1
NVD
NVD
added 2023/12/04 11:15 p.m.31 views

CVE-2023-40463

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

8.1CVSS0.00631EPSS
Exploits0References1
NVD
NVD
added 2023/12/04 11:15 p.m.17 views

CVE-2023-40462

The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting withi...

7.5CVSS0.00878EPSS
Exploits0References2
NVD
NVD
added 2023/12/04 11:15 p.m.23 views

CVE-2023-40460

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...

7.1CVSS0.00482EPSS
Exploits0References1
Prion
Prion
added 2023/12/04 11:15 p.m.22 views

Design/Logic Flaw

The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting withi...

5CVSS7AI score0.00878EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2023/12/04 11:15 p.m.23 views

Design/Logic Flaw

The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by...

5CVSS7.2AI score0.02296EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2023/12/04 11:15 p.m.18 views

Design/Logic Flaw

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...

4.9CVSS7.1AI score0.00482EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/04 10:53 p.m.27 views

CVE-2023-40462 Improper input leads to DoS

The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting withi...

7.5CVSS7.7AI score0.00878EPSS
Exploits0References2
CVE
CVE
added 2023/12/04 10:53 p.m.77 views

CVE-2023-40462

The CVE-2023-40462 issue affects Sierra Wireless AirLink ALEOS ACEManager (4.16 and earlier). The root cause is inadequate input sanitization during authentication, potentially enabling a DoS on ACEManager with a restart recovery within about ten seconds. The connected documents confirm the vulne...

7.5CVSS7.4AI score0.00878EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/12/04 10:52 p.m.48 views

CVE-2023-40461

CVE-2023-40461 : Stored Cross-Site Scripting in the ACEManager file upload field of Sierra Wireless AirLink ALEOS (versions 4.16 and earlier). An authenticated administrator can upload files with names that are not fully validated, enabling client-side script execution within ACEManager and affec...

8.1CVSS6AI score0.00456EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/04 10:52 p.m.23 views

CVE-2023-40461 Cross-site scripting vulnerability in ACEManager

The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition...

8.1CVSS8.2AI score0.00456EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/04 10:50 p.m.23 views

CVE-2023-40460 Improper input leads to DoS

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...

7.1CVSS7.1AI score0.00482EPSS
Exploits0References1
CVE
CVE
added 2023/12/04 10:48 p.m.56 views

CVE-2023-40459

The CVE-2023-40459 issue affects the ACEManager component in Sierra Wireless ALEOS firmware 4.16 and earlier, caused by inadequate input sanitization during authentication. This can lead to a Denial of Service (DoS) against ACEManager while other router functions remain operational. The vulnerabl...

7.5CVSS7.7AI score0.02296EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/12/04 10:48 p.m.50 views

CVE-2023-40459 Improper input leads to DoS

The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by...

7.5CVSS7.7AI score0.02296EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/12/04 12:0 a.m.4 views

Sierra Wireless ALEOS Security Vulnerability

Sierra Wireless ALEOS AAF is a framework for creating applications in Sierra Wireless AirLink gateways from Sierra Wireless Canada. A security vulnerability exists in Sierra Wireless ALEOS 4.16 and prior versions that stems from the ACEManager component not validating input, allowing an attacker ...

7.5CVSS6.6AI score0.00878EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/08/14 12:0 a.m.5 views

PT-2023-7520 · Aleos · Aleos

Name of the Vulnerable Software and Affected Versions: ALEOS versions 4.16 and earlier Description: The issue is related to the ACEManager component of the ALEOS operating system, which does not properly validate file names in a file upload field. This can lead to a Stored Cross-Site Scripting...

8.5CVSS4.8AI score0.00456EPSS
Exploits0References12
Prion
Prion
added 2023/02/10 6:15 p.m.23 views

Code injection

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page...

3.3CVSS5.9AI score0.1228EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder