CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20702
https://notcve.org/view.php?id=CVE-2021-20702
Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network. La vulnerabilidad de desbordamiento del búfer en el Servidor de Transacciones CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 SingleServerSafe para Windows y anteriores, EXPRESSCLUSTER X 4.3 SingleServerSafe para Windows y anteriores permite a un atacante la ejecución remota de código a través de una red • https://jpn.nec.com/security-info/secinfo/nv21-015_en.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20700
https://notcve.org/view.php?id=CVE-2021-20700
Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network. La vulnerabilidad de desbordamiento de búfer en el Agente de Disco CLUSTERPRO X 4.3 para Windows y anteriores, EXPRESSCLUSTER X 4.3 para Windows y anteriores, CLUSTERPRO X 4.3 SingleServerSafe para Windows y anteriores, EXPRESSCLUSTER X 4.3 SingleServerSafe para Windows y anteriores permite a un atacante la ejecución remota de código a través de una red • https://jpn.nec.com/security-info/secinfo/nv21-015_en.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 5%CPEs: 2EXPL: 0CVE-2020-17408 – NEC ExpressCluster ApplyConfig XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-17408
This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. • https://www.support.nec.co.jp/en/View.aspx?id=9510100319 https://www.zerodayinitiative.com/advisories/ZDI-20-1102 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1145
https://notcve.org/view.php?id=CVE-2016-1145
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en WebManager en NEC EXPRESSCLUSTER X hasta la versión 3.3 11.31 en Windows y hasta la versión 3.3 3.3.1-1 en Linux y Solaris permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • http://jpn.nec.com/security-info/secinfo/nv16-001.html http://jvn.jp/en/jp/JVN03050861/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000015 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •