Vulnerabilities > ATT > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-04-14 CVE-2022-26507 Out-of-bounds Write vulnerability in multiple products
A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7.
network
low complexity
att schneider-electric CWE-787
critical
9.8
2021-08-13 CVE-2021-21829 Out-of-bounds Write vulnerability in ATT Xmill 0.7
A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7.
network
low complexity
att CWE-787
critical
9.8
2021-08-13 CVE-2021-21830 Out-of-bounds Write vulnerability in ATT Xmill 0.7
A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7.
network
low complexity
att CWE-787
critical
9.8
2017-09-03 CVE-2017-14116 Use of Hard-coded Credentials vulnerability in ATT U-Verse Firmware 9.2.2H0D83
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with "nc -l" support.
network
att arris CWE-798
critical
9.3
2017-09-03 CVE-2017-14115 Use of Hard-coded Credentials vulnerability in ATT U-Verse Firmware 9.2.2H0D83
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a "Terminal shell v1.0" service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands.
network
att CWE-798
critical
9.3
2001-05-03 CVE-2001-0168 Buffer Overflow vulnerability in AT&T; WinVNC Server
Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0.
network
low complexity
att
critical
10.0
2001-01-09 CVE-2000-1164 Unspecified vulnerability in ATT Winvnc 3.3.3/3.3.3R7
WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which allows users to read and modify sensitive information such as passwords and gain access to the system.
network
low complexity
att
critical
9.0
1992-02-25 CVE-1999-1059 Unspecified vulnerability in ATT Svr4 4.0
Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands.
network
low complexity
att
critical
10.0