Vulnerabilities > ATT > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-13 CVE-2021-21812 Out-of-bounds Write vulnerability in ATT Xmill 0.7
A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7.
local
low complexity
att CWE-787
4.6
2021-08-13 CVE-2021-21815 Out-of-bounds Write vulnerability in ATT Xmill 0.7
A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs' Xmill 0.7.
local
low complexity
att CWE-787
4.6
2021-07-19 CVE-2020-22650 Memory Leak vulnerability in ATT Alienvault Ossim 5.0
A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 causes a denial of service (DOS) via a system crash triggered by the occurrence of a large number of alarm events.
network
low complexity
att CWE-401
5.0
2020-02-12 CVE-2013-7286 Inadequate Encryption Strength vulnerability in ATT products
MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm
network
low complexity
att CWE-326
5.0
2017-09-03 CVE-2017-14117 Improper Authentication vulnerability in ATT U-Verse Firmware 9.2.2H0D83
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values.
network
att arris CWE-287
4.3
2017-09-03 CVE-2017-10793 Information Exposure vulnerability in ATT U-Verse Firmware 9.2.2H0D83
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive information (such as the Wi-Fi password) by leveraging knowledge of a hardware identifier, related to the Bulk Data Collection (BDC) mechanism defined in Broadband Forum technical reports.
network
att CWE-200
4.3
2013-12-04 CVE-2013-6029 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in ATT Connect Participant Application
Stack-based buffer overflow in the AT&T Connect Participant Application before 9.5.51 on Windows allows remote attackers to execute arbitrary code via a malformed .SVT file.
network
att CWE-119
6.8
2003-03-03 CVE-2002-1511 Authentication Cookie Predictability vulnerability in TightVNC Server
The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.
network
low complexity
att tightvnc
5.0
2002-09-24 CVE-2002-0971 Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box.
local
low complexity
att tightvnc tridia
4.6