Lucene search
+L

107 matches found

cve
cve
added 2021/08/13 6:16 p.m.100 views

CVE-2021-21830

AT&T Labs Xmill 0.7 contains a heap-based buffer overflow in the XML Decompression LabelDict::Load path that can be triggered by a crafted XMI file, leading to remote code execution. CVE-2021-21830 is the assigned identifier for this vulnerability, with Red Hat and CVE listings reiterating the sa...

9.8CVSS9.8AI score0.02274EPSS
Exploits1References1Affected Software1
cnnvd
cnnvd
added 2021/08/12 12:0 a.m.6 views

AT&T Labs Xmill 缓冲区错误漏洞

AT&T Labs Xmill is a new tool for efficiently compressing XML data from AT&T Labs, USA. A security vulnerability exists in AT&T Labs Xmill due to a boundary error in the xml parsing ParseAttribs function. A remote attacker could exploit the vulnerability could send a specially crafted XML file,...

9.8CVSS8.5AI score0.01136EPSS
Exploits1References5
cnnvd
cnnvd
added 2021/08/12 12:0 a.m.7 views

AT&T Labs Xmill 缓冲区错误漏洞

AT&T Labs Xmill is a new tool for efficiently compressing XML data from AT&T Labs, USA. A buffer error vulnerability exists in AT&T Labs Xmill due to a boundary error in the command line parsing HandleFileArg function in memcpy. A local user can use a specially crafted command line argument to...

7.8CVSS8.3AI score0.00333EPSS
Exploits1References5
cnnvd
cnnvd
added 2021/08/12 12:0 a.m.4 views

AT&T Labs Xmill 参数注入漏洞

AT&T Labs Xmill is a new tool for efficient compression of XML data from AT&T Labs, USA. AT&T Labs Xmill suffers from a parameter injection vulnerability that exists due to a boundary error in the command line parsing HandleFileArg function in strlen. A local user can use a specially crafted...

7.8CVSS8.1AI score0.00344EPSS
Exploits1References5
cnnvd
cnnvd
added 2021/08/12 12:0 a.m.5 views

AT&T Labs Xmill 缓冲区错误漏洞

Xmill is an efficient compressor of XML data. a stack buffer overflow vulnerability exists in the command line parsing HandleFileArg function in Xmill version 0.7. An attacker could exploit the vulnerability by providing malicious input via the filepattern parameter to cause a denial of service...

7.8CVSS6AI score0.00333EPSS
Exploits1References5
talos
talos
added 2021/08/11 12:0 a.m.47 views

AT&T Labs Xmill XML parsing CreateLabelOrAttrib memory corruption vulnerability

Summary A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AT&T Labs Xmill 0...

9.8CVSS9.1AI score0.01136EPSS
Exploits1
cnnvd
cnnvd
added 2021/08/11 12:0 a.m.7 views

AT&T Labs Xmill 数字错误漏洞

AT&T Labs Xmill is a new tool for efficiently compressing XML data from AT&T Labs. A numeric error vulnerability exists in AT&T Labs Xmill that stems from a memory corruption vulnerability in the parsing CreateLabelOrAttrib function. A specially crafted XML file could result in a heap buffer...

9.8CVSS8.2AI score0.01136EPSS
Exploits1References5
talosblog
talosblog
added 2021/08/10 10:22 a.m.20 views

Vulnerability Spotlight: Multiple vulnerabilities in AT&T Labs’ Xmill utility

Carl Hurd of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in AT&T Labs’ Xmill utility. An attacker could take advantage of these issues to carry out a variety of malicious actions, including corrupting the... This is...

0.7AI score
Exploits0
talos
talos
added 2021/08/10 12:0 a.m.66 views

AT&T Labs Xmill XML decompression DecodeTreeBlock multiple heap-based buffer overflow vulnerabilities

Summary Multiple heap-based buffer overflow vulnerabilities exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. A specially crafted XMI File can lead to remote code execution. An attacker can provide a malicious file to trigger these vulnerabilities. Tested...

8.7AI score
Exploits0
cnnvd
cnnvd
added 2021/08/10 12:0 a.m.5 views

AT&T Labs Xmill 缓冲区错误漏洞

AT&T Labs Xmill is a new tool for efficiently compressing XML data from AT&T Labs, USA. A security vulnerability exists in the XML Decompression DecodeTreeBlock feature of AT&T Labs Xmill 0.7, which allows an attacker to supply a specially crafted XMI file leading to remote code execution...

9.8CVSS8.2AI score0.01136EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2021/08/10 12:0 a.m.4 views

PT-2021-7815 · Xmill · Xmill

Name of the Vulnerable Software and Affected Versions: Xmill version 0.7 Description: The issue is related to a heap-based buffer overflow error in the PlainTextUncompressor::UncompressItem function when handling XML files. This can be exploited by a remote attacker to execute arbitrary code by...

10CVSS8.7AI score0.02274EPSS
Exploits1References12
ptsecurity
ptsecurity
added 2021/08/10 12:0 a.m.6 views

PT-2021-7820 · At&T · At&T Labs Xmill

Name of the Vulnerable Software and Affected Versions: AT&T Labs Xmill version 0.7 Description: A heap-based buffer overflow issue exists in the XML Decompression DecodeTreeBlock functionality. Within DecodeTreeBlock, which is called during the decompression of an XMI file, a UINT32 is loaded fro...

9.8CVSS8.6AI score0.01136EPSS
Exploits1References13
talos
talos
added 2021/08/10 12:0 a.m.50 views

AT&T Labs Xmill XML decompression EnumerationUncompressor::UncompressItem heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS9.3AI score0.02545EPSS
Exploits1
ptsecurity
ptsecurity
added 2021/08/10 12:0 a.m.5 views

PT-2021-7823 · Xmill · Xmill

Name of the Vulnerable Software and Affected Versions: Xmill affected versions not specified Description: The issue is related to a memory boundary error in the HandleFileArg function of the Xmill XML compression tool when processing an XML file. This can be exploited by a local attacker to execu...

7.8CVSS7.9AI score0.00333EPSS
Exploits1References7
cnnvd
cnnvd
added 2021/08/10 12:0 a.m.8 views

AT&T Labs Xmill 缓冲区错误漏洞

AT&T Labs Xmill is a new tool for efficiently compressing XML data from AT&T Labs, USA. A security vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem function in AT&T Labs Xmill version 0.7. An attacker could exploit the vulnerability to remotely execute code...

9.8CVSS7.8AI score0.02274EPSS
Exploits1References4
talos
talos
added 2021/08/10 12:0 a.m.55 views

AT&T Labs Xmill XML decompression PlainTextUncompressor::UncompressItem heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS9.2AI score0.02274EPSS
Exploits1
cnnvd
cnnvd
added 2021/08/10 12:0 a.m.7 views

AT&T Labs Xmill 缓冲区错误漏洞

AT&T Labs Xmill is a new tool for efficient compression of XML data from AT&T Labs, USA. A security vulnerability exists in the XML Decompression LabelDict::Load function in AT&T Labs Xmill version 0.7. An attacker could exploit the vulnerability to remotely execute code...

9.8CVSS7.8AI score0.02274EPSS
Exploits1References6
talos
talos
added 2021/08/10 12:0 a.m.42 views

AT&T Labs Xmill XML decompression LabelDict::Load heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AT&T La...

9.8CVSS9.1AI score0.02274EPSS
Exploits1
cnnvd
cnnvd
added 2021/08/10 12:0 a.m.6 views

AT&T Labs Xmill 缓冲区错误漏洞

AT&T Labs Xmill is a new tool for efficiently compressing XML data from AT&T Labs, USA. A security vulnerability exists in the XML Decompression DecodeTreeBlock feature of AT&T Labs Xmill 0.7, which allows an attacker to supply a specially crafted XMI file leading to remote code execution...

9.8CVSS8.2AI score0.01136EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2021/08/10 12:0 a.m.6 views

PT-2021-7814 · Xmill · Xmill

Name of the Vulnerable Software and Affected Versions: Xmill version 0.7 Description: A memory corruption issue exists in the XML-parsing CreateLabelOrAttrib functionality. This can be triggered by a specially crafted XML file, leading to a heap buffer overflow. An attacker can exploit this by...

10CVSS8.6AI score0.01136EPSS
Exploits1References10
Rows per page
Query Builder