CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2019-18780
https://notcve.org/view.php?id=CVE-2019-18780
An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows. Una vulnerabilidad de inyección de comandos arbitraria en el componente Cluster Server de Veritas InfoScale, permite a un atacante remoto no autenticado ejecutar comandos arbitrarios como root o administrador. Estos productos de Veritas están afectados: Access versión 7.4.2 y anteriores, Access Appliance versión 7.4.2 y anteriores, Flex Appliance versión 1.2 y anteriores, InfoScale versión 7.3.1 y anteriores, InfoScale versiones entre 7.4.0 y 7.4.1, Veritas Cluster Server (VCS) versión 6.2.1 y anteriores en Linux/UNIX, Veritas Cluster Server (VCS) versión 6.1 y anteriores en Windows, Storage Foundation HA (SFHA) versión 6.2.1 y anteriores en Linux/UNIX y Storage Foundation HA (SFHA) versión 6.1 y anteriores en Windows. • https://www.veritas.com/content/support/en_US/security/VTS19-003 https://www.veritas.com/content/support/en_US/security/VTS19-004 https://www.veritas.com/content/support/en_US/security/VTS19-005 https://www.veritas.com/content/support/en_US/security/VTS19-006 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 2CVE-2005-3566 – Veritas Storage Foundation 4.0 - VCSI18N_LANG Local Overflow
https://notcve.org/view.php?id=CVE-2005-3566
Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8) hadebug, (9) hagrp, (10) hahb, (11) halog, (12) hareg, (13) hares, (14) hastatus, (15) hasys, (16) hatype, (17) hauser, and (18) tststew. • https://www.exploit-db.com/exploits/1316 http://marc.info/?l=bugtraq&m=113199516516880&w=2 http://osvdb.org/20673 http://secunia.com/advisories/17502 http://securityreason.com/securityalert/174 http://securityresponse.symantec.com/avcenter/security/Content/2005.11.08a.html http://securitytracker.com/id?1015169 http://www.securityfocus.com/bid/15349 http://www.vupen.com/english/advisories/2005/2350 https://exchange.xforce.ibmcloud.com/vulnerabilities/22986 •
CVSS: 7.2EPSS: 0%CPEs: 56EXPL: 0CVE-2004-2205
https://notcve.org/view.php?id=CVE-2004-2205
Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 allows local users to gain root access via unspecified vectors. • http://secunia.com/advisories/12833 http://securitytracker.com/id?1011693 http://seer.support.veritas.com/docs/271040.htm http://www.osvdb.org/10757 http://www.securityfocus.com/bid/11421 https://exchange.xforce.ibmcloud.com/vulnerabilities/17719 •