Lucene search

K

Airlink Mp At&T Security Vulnerabilities - February

cve
cve

CVE-2013-2819

The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action.

7AI Score

0.005EPSS

2014-01-15 04:08 PM
26
cve
cve

CVE-2013-2820

The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388.

7AI Score

0.005EPSS

2014-01-15 04:08 PM
37
cve
cve

CVE-2021-21810

A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

9.8CVSS

9.5AI Score

0.003EPSS

2021-08-17 08:15 PM
29
cve
cve

CVE-2021-21811

A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

9.8CVSS

9.5AI Score

0.003EPSS

2021-08-31 05:15 PM
33
2
cve
cve

CVE-2021-21812

A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcp...

7.8CVSS

7.9AI Score

0.001EPSS

2021-08-13 11:15 PM
86
6
cve
cve

CVE-2021-21813

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow.

7.8CVSS

7.8AI Score

0.0005EPSS

2021-08-13 11:15 PM
95
3
cve
cve

CVE-2021-21814

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char* passed in by the user, no checks are done to see if the passed in char* is longer th...

7.8CVSS

7.8AI Score

0.0005EPSS

2021-08-13 11:15 PM
79
3
cve
cve

CVE-2021-21815

A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs' Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcp...

7.8CVSS

7.9AI Score

0.001EPSS

2021-08-13 11:15 PM
77
5
cve
cve

CVE-2021-21825

A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.

9.8CVSS

9.8AI Score

0.006EPSS

2021-08-18 01:15 PM
36
4
cve
cve

CVE-2021-21826

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within DecodeTreeBlock which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An a...

9.8CVSS

9.5AI Score

0.003EPSS

2021-08-20 10:15 PM
42
6
cve
cve

CVE-2021-21827

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within DecodeTreeBlock which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An a...

9.8CVSS

9.6AI Score

0.003EPSS

2021-08-20 10:15 PM
36
8
cve
cve

CVE-2021-21828

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious file ...

9.8CVSS

9.5AI Score

0.003EPSS

2021-08-20 10:15 PM
37
5
cve
cve

CVE-2021-21829

A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.

9.8CVSS

9.8AI Score

0.006EPSS

2021-08-13 07:15 PM
77
7
cve
cve

CVE-2021-21830

A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.

9.8CVSS

9.8AI Score

0.006EPSS

2021-08-13 07:15 PM
71
7