Vulnerabilities > Sierrawireless > Aleos > 4.12.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-10 | CVE-2022-46650 | Information Exposure vulnerability in Sierrawireless Aleos Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page. | 4.9 |
| 2022-12-26 | CVE-2019-11851 | Classic Buffer Overflow vulnerability in Sierrawireless Aleos The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow. | 9.8 |
| 2020-10-06 | CVE-2020-8782 | Unspecified vulnerability in Sierrawireless Aleos Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. | 9.8 |
| 2020-10-06 | CVE-2020-8781 | Unspecified vulnerability in Sierrawireless Aleos Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process. | 7.8 |
| 2020-08-21 | CVE-2019-11852 | Out-of-bounds Read vulnerability in Sierrawireless Aleos An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. | 9.1 |
| 2020-08-21 | CVE-2019-11848 | Out-of-bounds Write vulnerability in Sierrawireless Aleos An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values. | 7.2 |