CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

ATT : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-21830 91 Exec Code Overflow 2021-08-13 2021-08-26
7.5
None Remote Low Not required Partial Partial Partial
A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
2 CVE-2021-21829 91 Exec Code Overflow 2021-08-13 2021-08-26
7.5
None Remote Low Not required Partial Partial Partial
A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
3 CVE-2021-21828 787 Overflow 2021-08-20 2021-08-26
7.5
None Remote Low Not required Partial Partial Partial
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious file to trigger this vulnerability.
4 CVE-2021-21827 787 Overflow 2021-08-20 2021-08-26
7.5
None Remote Low Not required Partial Partial Partial
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability.
5 CVE-2021-21826 787 Overflow 2021-08-20 2021-08-26
7.5
None Remote Low Not required Partial Partial Partial
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability.
6 CVE-2021-21825 787 Exec Code Overflow 2021-08-18 2021-08-26
7.5
None Remote Low Not required Partial Partial Partial
A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
7 CVE-2021-21815 787 Overflow 2021-08-13 2021-08-26
4.6
None Local Low Not required Partial Partial Partial
A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs' Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger this vulnerability.
8 CVE-2021-21814 88 2021-08-13 2021-11-18
4.6
None Local Low Not required Partial Partial Partial
Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char* passed in by the user, no checks are done to see if the passed in char* is longer than the staticly sized buffer data is memcpy‘d into, but after the memcpy a null byte is written to what is assumed to be the end of the buffer to terminate the char*, but without length checks, this null write occurs at an arbitrary offset from the buffer. An attacker can provide malicious input to trigger this vulnerability.
9 CVE-2021-21813 787 Overflow 2021-08-13 2021-11-18
4.6
None Local Low Not required Partial Partial Partial
Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow.
10 CVE-2021-21812 787 Overflow 2021-08-13 2021-08-26
4.6
None Local Low Not required Partial Partial Partial
A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a static sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.
11 CVE-2021-21811 772 Overflow Mem. Corr. 2021-08-31 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
12 CVE-2021-21810 787 Overflow Mem. Corr. 2021-08-17 2021-08-25
7.5
None Remote Low Not required Partial Partial Partial
A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
13 CVE-2020-22650 401 DoS 2021-07-19 2021-07-29
5.0
None Remote Low Not required None None Partial
A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 causes a denial of service (DOS) via a system crash triggered by the occurrence of a large number of alarm events.
14 CVE-2013-7286 326 2020-02-12 2021-07-28
5.0
None Remote Low Not required Partial None None
MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm
15 CVE-2013-6029 119 Exec Code Overflow 2013-12-04 2016-12-31
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the AT&T Connect Participant Application before 9.5.51 on Windows allows remote attackers to execute arbitrary code via a malformed .SVT file.
16 CVE-2012-2980 255 +Info 2012-08-21 2012-08-21
7.1
None Remote Medium Not required Complete None None
The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages.
17 CVE-2002-1511 2003-03-03 2008-09-10
5.0
None Remote Low Not required Partial None None
The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.
18 CVE-2002-0971 Exec Code Bypass 2002-09-24 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box.
19 CVE-2001-1422 Bypass 2001-01-23 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
20 CVE-2001-0168 Exec Code Overflow 2001-05-03 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0.
21 CVE-2001-0167 Exec Code Overflow 2001-05-03 2017-12-19
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string.
22 CVE-2000-1164 2001-01-09 2017-10-10
9.0
None Remote Low ??? Complete Complete Complete
WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which allows users to read and modify sensitive information such as passwords and gain access to the system.
23 CVE-1999-1059 Exec Code 1992-02-25 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands.
24 CVE-1999-1034 +Priv 1991-05-23 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in login in AT&T System V Release 4 allows local users to gain privileges.
Total number of vulnerabilities : 24   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.