CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20707
https://notcve.org/view.php?id=CVE-2021-20707
02 Nov 2021 — Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network.. Una vulnerabilidad de validación de entrada inadecuada en el Servidor de Transacciones CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTER... • https://jpn.nec.com/security-info/secinfo/nv21-015_en.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2021-20703
https://notcve.org/view.php?id=CVE-2021-20703
02 Nov 2021 — Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network. La vulnerabilidad de desbordamiento del búfer en el Servidor de Transacciones CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 Sing... • https://jpn.nec.com/security-info/secinfo/nv21-015_en.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2021-20701
https://notcve.org/view.php?id=CVE-2021-20701
02 Nov 2021 — Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network. La vulnerabilidad de desbordamiento del búfer en el Agente de Disco CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 SingleServerSafe para ... • https://jpn.nec.com/security-info/secinfo/nv21-015_en.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20706
https://notcve.org/view.php?id=CVE-2021-20706
02 Nov 2021 — Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network. Una vulnerabilidad de validación de entrada inadecuada en el WebManager CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 SingleServerS... • https://jpn.nec.com/security-info/secinfo/nv21-015_en.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2021-20704
https://notcve.org/view.php?id=CVE-2021-20704
02 Nov 2021 — Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network. La vulnerabilidad de desbordamiento del búfer en la API compatible con las versiones anteriores CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Window... • https://jpn.nec.com/security-info/secinfo/nv21-015_en.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2021-20702
https://notcve.org/view.php?id=CVE-2021-20702
02 Nov 2021 — Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network. La vulnerabilidad de desbordamiento del búfer en el Servidor de Transacciones CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 Sing... • https://jpn.nec.com/security-info/secinfo/nv21-015_en.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2021-20700
https://notcve.org/view.php?id=CVE-2021-20700
02 Nov 2021 — Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network. La vulnerabilidad de desbordamiento de búfer en el Agente de Disco CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 SingleServerSafe para W... • https://jpn.nec.com/security-info/secinfo/nv21-015_en.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 14%CPEs: 2EXPL: 0CVE-2020-17408 – NEC ExpressCluster ApplyConfig XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-17408
08 Sep 2020 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this ... • https://www.support.nec.co.jp/en/View.aspx?id=9510100319 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1145
https://notcve.org/view.php?id=CVE-2016-1145
30 Jan 2016 — Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en WebManager en NEC EXPRESSCLUSTER X hasta la versión 3.3 11.31 en Windows y hasta la versión 3.3 3.3.1-1 en Linux y Solaris permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • http://jpn.nec.com/security-info/secinfo/nv16-001.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •