RSS   Podatności dla 'Expresscluster x'   RSS

2021-11-03
 
CVE-2021-20700

CWE-120
 

 
Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote code execution via a network.

 
 
CVE-2021-20701

CWE-120
 

 
Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote code execution via a network.

 
 
CVE-2021-20702

CWE-120
 

 
Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote code execution via a network.

 
 
CVE-2021-20703

CWE-120
 

 
Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote code execution via a network.

 
 
CVE-2021-20704

CWE-120
 

 
Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote code execution via a network.

 
 
CVE-2021-20705

CWE-20
 

 
Improper input validation vulnerability in the WebManager CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote file upload via network.

 
 
CVE-2021-20706

CWE-20
 

 
Improper input validation vulnerability in the WebManager CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote file upload via network.

 
 
CVE-2021-20707

CWE-20
 

 
Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to read files upload via network..

 
2020-09-10
 
CVE-2020-17408

CWE-611
 

 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-10801.

 
2016-01-30
 
CVE-2016-1145

 

 
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.

 


Copyright 2021, cxsecurity.com

 

Back to Top