CVSS: 9.0EPSS: 0%CPEs: 52EXPL: 0CVE-2023-39544
https://notcve.org/view.php?id=CVE-2023-39544
17 Nov 2023 — CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. CLUSTERPRO X Ver5.1 y anteriores y EXPRESSCLUSTER X 5.1 y anteriores, CLUSTERPRO X SingleServerSafe 5.0 y anteriores, EXPRESSCLUSTER X SingleServerSafe 5.0 y anteriores permiten que un atacante inicie sesión en el producto y pueda ejecutar un comando arbitrario. • https://jpn.nec.com/security-info/secinfo/nv23-009_en.html • CWE-862: Missing Authorization •
CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 0CVE-2023-39341
https://notcve.org/view.php?id=CVE-2023-39341
09 Aug 2023 — "FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure χ versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by F... • https://jvn.jp/en/jp/JVN42527152 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.3EPSS: 0%CPEs: 34EXPL: 0CVE-2023-3333
https://notcve.org/view.php?id=CVE-2023-3333
28 Jun 2023 — Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities. Improper Neutralization of Special Elements used in an OS Co... • https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.8EPSS: 0%CPEs: 34EXPL: 0CVE-2023-3332
https://notcve.org/view.php?id=CVE-2023-3332
28 Jun 2023 — Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities. Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corpora... • https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0CVE-2023-3331
https://notcve.org/view.php?id=CVE-2023-3331
28 Jun 2023 — Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to delete specific files in the product. Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600... • https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 0CVE-2023-3330
https://notcve.org/view.php?id=CVE-2023-3330
28 Jun 2023 — Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product. Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP,... • https://jpn.nec.com/security-info/secinfo/nv23-007_en.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25011
https://notcve.org/view.php?id=CVE-2023-25011
15 Feb 2023 — PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges. • https://jpn.nec.com/security-info/secinfo/nv23-001_en.html • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 0CVE-2022-34822
https://notcve.org/view.php?id=CVE-2022-34822
08 Nov 2022 — Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. Vulnerabilidad de path traversal en CLUSTERPRO X 5.0 para Windows y versiones anteriores, EXPRESSCLUSTER X 5.0 para Windows y versiones ante... • https://jpn.nec.com/security-info/secinfo/nv22-014_en.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 0CVE-2022-34823
https://notcve.org/view.php?id=CVE-2022-34823
08 Nov 2022 — Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. Vulnerabilidad de desbordamiento de búfer en CLUSTERPRO X 5.0 para Windows y versiones anteriores, EXPRESSCLUSTER X 5.0 para Windows y vers... • https://jpn.nec.com/security-info/secinfo/nv22-014_en.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 0CVE-2022-34824
https://notcve.org/view.php?id=CVE-2022-34824
08 Nov 2022 — Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. Vulnerabilidad de permisos débiles de archivos y carpetas en CLUSTERPRO X 5.0 para Windows y versiones anteriores, EXPRESS... • https://jpn.nec.com/security-info/secinfo/nv22-014_en.html • CWE-276: Incorrect Default Permissions •