MidnightBSD

Advisories for fujitsu

CVE-1999-0672 MEDIUM

Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
fujitsu chocoa 1.0beta7r
CVE-2002-2212 MEDIUM

The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 8.2.3
isc bind 8.2
isc bind 4.9.7
isc bind 8.2.6
isc bind 8.3.2
isc bind 8.2.5
isc bind 4.9.9
isc bind 4.9.8
isc bind 8.2.7
isc bind 8.3.1
isc bind 4.9.4
isc bind 8.2.2
isc bind 4.9.2
fujitsu uxp_v *
isc bind 8.2.1
isc bind 8.2.4
isc bind 4.9.5
isc bind 8.3.3
isc bind 8.3.0
isc bind 4.9.6
isc bind 4.9.10
isc bind 4.9.3
isc bind 8.3.4
isc bind 4.9
CVE-2003-1528 HIGH

nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrsh[PID] temporary file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,

Products Affected

Vendor Product Version
fujitsu siemens_networker 6.0
CVE-2006-2240 MEDIUM

Unspecified vulnerability in the (1) web cache or (2) web proxy in Fujitsu NetShelter/FW allows remote attackers to cause a denial of service (device unresponsiveness) via certain DNS packets, as demonstrated by the OUSPG PROTOS DNS test suite.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
fujitsu netshelter_fw-l *
fujitsu netshelter_fw *
fujitsu netshelter_fw-p *
fujitsu netshelter_fw-m *
CVE-2006-2517 HIGH

SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
fujitsu myweb_portal_office *
CVE-2006-3578 MEDIUM

Directory traversal vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to read arbitrary files via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
fujitsu serverview *
fujitsu serverview 2.50
CVE-2006-3579 MEDIUM

Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
fujitsu serverview 4.10l11
fujitsu serverview 2.50
fujitsu serverview 4.10l81
fujitsu serverview 3.60l98
CVE-2010-1942 MEDIUM

Unspecified vulnerability in the Servlet service in Fujitsu Limited Interstage Application Server 3.0 through 7.0, as used in Interstage Application Framework Suite, Interstage Business Application Server, and Interstage List Manager, allows attackers to obtain sensitive information or force invalid requests to be processed via unknown vectors related to unspecified invalid requests and settings on the load balancing device.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fujitsu interstage_application_server 5.0
fujitsu interstage_application_server 7.0.1
fujitsu interstage_application_server 4.1
fujitsu interstage_application_server 6.0
fujitsu interstage_application_server 7.0
fujitsu interstage_application_server 4.0
fujitsu interstage_application_server 3.0
fujitsu interstage_application_server 5.0.1
CVE-2010-2149 MEDIUM

Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
fujitsu e-pares l03
fujitsu e-pares v01
fujitsu e-pares l30
fujitsu e-pares l01
fujitsu e-pares l10
fujitsu e-pares l20
CVE-2010-2150 MEDIUM

Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
fujitsu e-pares v01
fujitsu e-pares l01
CVE-2010-2151 LOW

Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-352,

Products Affected

Vendor Product Version
fujitsu e-pares l03
fujitsu e-pares v01
fujitsu e-pares l30
fujitsu e-pares l01
fujitsu e-pares l40
fujitsu e-pares l10
fujitsu e-pares l20
CVE-2013-2251 HIGH

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,CWE-74,

Products Affected

Vendor Product Version
fujitsu interstage_business_process_manager_analytics 12.0
apache archiva 1.2.2
apache struts *
fujitsu gp7000f_firmware -
apache archiva 1.2
oracle siebel_apps_-_e-billing 6.1.1
fujitsu gp5000_firmware -
oracle siebel_apps_-_e-billing 6.1
fujitsu interstage_business_process_manager_analytics 12.1
fujitsu primepower_firmware -
fujitsu gp-s_firmware -
fujitsu sparc_firmware -
fujitsu primergy_firmware -
oracle siebel_apps_-_e-billing 6.2
apache archiva *
CVE-2013-2566 MEDIUM

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
fujitsu sparc_enterprise_m5000_firmware *
oracle http_server 12.2.1.2.0
oracle http_server 12.2.1.1.0
fujitsu m10-1_firmware *
mozilla firefox *
oracle communications_application_session_controller *
oracle http_server 11.1.1.7.0
canonical ubuntu_linux 12.10
canonical ubuntu_linux 13.04
mozilla thunderbird_esr *
fujitsu sparc_enterprise_m8000_firmware *
fujitsu m10-4s_firmware *
canonical ubuntu_linux 13.10
mozilla seamonkey *
mozilla thunderbird *
oracle integrated_lights_out_manager_firmware *
fujitsu sparc_enterprise_m4000_firmware *
fujitsu sparc_enterprise_m3000_firmware *
canonical ubuntu_linux 12.04
fujitsu m10-4_firmware *
oracle http_server 11.1.1.9.0
oracle http_server 12.1.3.0.0
fujitsu sparc_enterprise_m9000_firmware *
CVE-2013-7105 HIGH

Buffer overflow in the Interstage HTTP Server log functionality, as used in Fujitsu Interstage Application Server 9.0.0, 9.1.0, 9.2.0, 9.3.1, and 10.0.0; and Interstage Studio 9.0.0, 9.1.0, 9.2.0, and 10.0.0, has unspecified impact and attack vectors related to "ihsrlog/rotatelogs."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fujitsu interstage_application_server 9.3.1
fujitsu interstage_application_server 10.0.0
fujitsu interstage_application_server 9.2.0
fujitsu interstage_studio 9.0.0
fujitsu interstage_studio 9.1.0
fujitsu interstage_studio 9.2.0
fujitsu interstage_studio 10.0.0
fujitsu interstage_application_server 9.0.0
fujitsu interstage_application_server 9.1.0
CVE-2014-3898 MEDIUM

Cross-site scripting (XSS) vulnerability in Fujitsu ServerView Operations Manager 5.00.09 through 6.30.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
fujitsu serverview_operations_manager 6.30.05
fujitsu serverview_operations_manager 5.00.09
CVE-2014-7252 MEDIUM

Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local users to execute arbitrary code or read kernel memory via unknown vectors related to userland data and "improper data validation."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sharp softbank_102sh -
fujitsu regza_phone_t-01d -
fujitsu arrows_x_lte_f-05d -
lg prada_phone_l-02d -
disney_interactive disney_mobile -
fujitsu arrows_tab_lte_f-01d *
CVE-2014-7253 HIGH

FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
fujitsu arrows_tab_lte_f-01d -
fujitsu arrows_kiss_f-03d -
fujitsu regza_phone_t-01d -
fujitsu f-12c -
CVE-2014-7254 MEDIUM

Unspecified vulnerability in ARROWS Me F-11D allows physically proximate attackers to read or modify flash memory via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fujitsu arrows_me_f-11d -
CVE-2015-2808 MEDIUM

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
huawei te60_firmware -
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_aus 6.6
huawei oceanstor_s6800t_firmware -
canonical ubuntu_linux 15.04
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_workstation 6.0
huawei oceanstor_18800f_firmware -
redhat enterprise_linux_server 5.0
suse linux_enterprise_debuginfo 11
huawei s5720ei_firmware -
suse linux_enterprise_software_development_kit 12
huawei s2750_firmware -
huawei s5700hi_firmware -
suse linux_enterprise_software_development_kit 11
huawei quidway_s9300_firmware -
huawei policy_center v100r003c00
huawei smc2.0 v100r002c04
oracle communications_application_session_controller *
huawei s7700_firmware -
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_eus 7.6
oracle integrated_lights_out_manager_firmware *
oracle communications_policy_management *
fujitsu sparc_enterprise_m4000_firmware *
suse linux_enterprise_desktop 12
huawei s12700_firmware -
fujitsu sparc_enterprise_m3000_firmware *
huawei smc2.0 v100r002c02
redhat enterprise_linux_server_aus 7.4
fujitsu sparc_enterprise_m9000_firmware *
opensuse opensuse 13.1
huawei s5700li_firmware -
redhat satellite 5.7
huawei s5700si_firmware -
canonical ubuntu_linux 14.04
suse linux_enterprise_desktop 11
redhat enterprise_linux_eus 7.7
huawei e6000_firmware -
huawei smc2.0 v100r002c01
oracle http_server 12.2.1.2.0
huawei oceanstor_s5800t_firmware -
redhat enterprise_linux_desktop 5.0
redhat satellite 5.6
suse linux_enterprise_server 10
ibm cognos_metrics_manager 10.1
huawei oceanstor_replicationdirector v100r003c00
huawei ultravr v100r003c00
redhat enterprise_linux_eus 7.2
huawei s5700s-li_firmware -
ibm cognos_metrics_manager 10.2
huawei s5710hi_firmware -
huawei s6700_firmware -
redhat enterprise_linux_server_tus 7.7
huawei s5710ei_firmware -
huawei oceanstor_18500_firmware -
huawei oceanstor_vis6600t_firmware -
ibm cognos_metrics_manager 10.1.1
redhat enterprise_linux_server_aus 7.6
huawei smc2.0 v100r002c03
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_server_aus 7.3
huawei s2700_firmware -
redhat enterprise_linux_server 6.0
oracle http_server 12.2.1.1.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_eus 6.6
huawei policy_center v100r003c10
huawei 9700_firmware -
redhat enterprise_linux_eus 7.3
huawei oceanstor_s5500t_firmware -
opensuse opensuse 13.2
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.5
debian debian_linux 7.0
oracle http_server 11.1.1.7.0
huawei oceanstor_s2600t_firmware -
suse linux_enterprise_server 12
fujitsu sparc_enterprise_m8000_firmware *
huawei e9000_firmware -
huawei s3700_firmware -
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 12.04
debian debian_linux 8.0
oracle http_server 11.1.1.9.0
oracle http_server 12.1.3.0.0
huawei oceanstor_9000_firmware -
huawei s5720hi_firmware -
fujitsu sparc_enterprise_m5000_firmware *
huawei oceanstor_hvs85t_firmware -
huawei oceanstor_cse_firmware -
huawei oceanstor_18800_firmware -
ibm cognos_metrics_manager 10.2.1
ibm cognos_metrics_manager 10.2.2
suse linux_enterprise_server 11
redhat enterprise_linux_workstation 7.0
huawei oceanstor_s5600t_firmware -
suse manager 1.7
huawei s5700ei_firmware -
CVE-2016-8610 MEDIUM

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
fujitsu m10-1_firmware *
redhat enterprise_linux_server_tus 7.6
oracle adaptive_access_manager 11.1.2.3.0
oracle core_rdbms 12.1.0.2
redhat enterprise_linux_server_aus 7.6
oracle peoplesoft_enterprise_peopletools 8.57
netapp oncommand_workflow_automation -
redhat enterprise_linux_workstation 6.0
fujitsu m10-4s_firmware *
netapp cn1610_firmware -
netapp snapcenter_server -
fujitsu m12-1_firmware *
netapp service_processor -
netapp smi-s_provider -
openssl openssl 1.0.1
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server 6.0
openssl openssl 0.9.8
oracle weblogic_server 12.1.3.0.0
redhat enterprise_linux_server_eus 7.6
oracle communications_ip_service_activator 7.4.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_desktop 7.0
paloaltonetworks pan-os *
redhat enterprise_linux_desktop 6.0
oracle core_rdbms 18c
openssl openssl *
netapp clustered_data_ontap_antivirus_connector -
oracle application_testing_suite 13.3.0.1
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
netapp e-series_santricity_os_controller *
oracle enterprise_manager_ops_center 12.3.3
netapp clustered_data_ontap -
oracle communications_analytics 12.1.1
oracle core_rdbms 11.2.0.4
oracle core_rdbms 19c
redhat enterprise_linux_server_eus 7.3
netapp host_agent -
netapp snapdrive -
oracle communications_ip_service_activator 7.3.4
oracle retail_predictive_application_server 15.0.3
netapp oncommand_balance -
netapp storagegrid_webscale -
redhat jboss_enterprise_application_platform 6.0.0
oracle jd_edwards_enterpriseone_tools 9.2
redhat enterprise_linux_server 7.0
debian debian_linux 8.0
oracle peoplesoft_enterprise_peopletools 8.56
oracle weblogic_server 10.3.6.0.0
oracle peoplesoft_enterprise_peopletools 8.58
oracle enterprise_manager_ops_center 12.4.0
openssl openssl 1.1.0
oracle core_rdbms 12.2.0.1
netapp storagegrid -
netapp data_ontap -
fujitsu m12-2s_firmware *
netapp ontap_select_deploy -
oracle timesten_in-memory_database *
netapp oncommand_unified_manager -
netapp data_ontap_edge -
redhat enterprise_linux_server_eus 7.5
oracle weblogic_server 12.2.1.4.0
oracle retail_predictive_application_server 16.0.3
redhat enterprise_linux_workstation 7.0
redhat jboss_enterprise_application_platform 6.4.0
fujitsu m10-4_firmware *
fujitsu m12-2_firmware *
oracle goldengate_application_adapters 12.3.2.1.0
oracle weblogic_server 12.2.1.3.0
CVE-2017-10855 HIGH

Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-426,

Products Affected

Vendor Product Version
fujitsu fence-explorer *
CVE-2017-3210 HIGH

Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,CWE-16,

Products Affected

Vendor Product Version
hp display_assistant 2.1
portrait portrait_display_sdk *
philips smart_control_premium 2.23
hp my_display 2.0
philips smart_control_premium 2.25
fujitsu displayview_click 6.01
fujitsu displayview_click_suite 5.0
fujitsu displayview_click 6.0
CVE-2018-1000007 MEDIUM

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 7.0
haxx curl *
debian debian_linux 9.0
fujitsu m10-1_firmware *
redhat enterprise_linux_server_eus 7.4
fujitsu m12-2s_firmware *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 17.10
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.5
canonical ubuntu_linux 16.04
fujitsu m10-4s_firmware *
fujitsu m12-1_firmware *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 12.04
fujitsu m10-4_firmware *
debian debian_linux 8.0
fujitsu m12-2_firmware *
redhat enterprise_linux_server_aus 7.4
CVE-2018-16156 HIGH

In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString. The default install does not contain this library and therefore if any DLL with that name exists in any directory listed in the PATH variable, it can be used to escalate to SYSTEM level privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-426,

Products Affected

Vendor Product Version
fujitsu paperstream_ip_(twain) 1.42.0.5685
CVE-2018-20685 LOW

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-863,CWE-863,

Products Affected

Vendor Product Version
oracle solaris 10
debian debian_linux 9.0
fujitsu m10-1_firmware *
redhat enterprise_linux 7.0
siemens scalance_x204rna_eec_firmware *
netapp element_software -
netapp storage_automation_store -
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_eus 8.6
canonical ubuntu_linux 16.04
fujitsu m10-4s_firmware *
fujitsu m12-1_firmware *
netapp cloud_backup -
debian debian_linux 8.0
redhat enterprise_linux_eus 8.1
netapp steelstore_cloud_integrated_storage -
redhat enterprise_linux 8.0
siemens scalance_x204rna_firmware *
redhat enterprise_linux_server_tus 8.6
fujitsu m12-2s_firmware *
netapp ontap_select_deploy -
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_aus 8.6
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
openbsd openssh *
fujitsu m10-4_firmware *
redhat enterprise_linux_eus 8.4
fujitsu m12-2_firmware *
winscp winscp *
CVE-2018-3693 MEDIUM

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.6 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 1.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
intel xeon_gold 6134m
intel xeon_e5 2699a_v4
intel xeon e5530
intel xeon_e3_1285_v6 -
intel atom_x3 c3235rk
intel core_i5 4350u
intel core_i3 4150t
intel xeon_e7 8891_v4
redhat enterprise_linux_workstation 6.0
intel celeron_n n3060
intel xeon_e7 8850
intel xeon_e7 2830
intel core_i5 760
intel atom_z z3775d
intel celeron_n n2910
intel core_i3 6100te
intel xeon_e5 4650_v3
arm cortex-a 15
intel xeon_e5_2609_v2 -
intel atom_c c2508
intel core_i5 680
intel core_i3 5157u
intel xeon_e3_1240_v2 -
intel atom_z z2580
intel xeon lc5518
intel atom_e e3826
intel core_i3 530
intel core_i7 3610qm
intel xeon_e7 2890_v2
intel core_i7 720qm
intel core_i7 4980hq
intel core_i3 6102e
intel core_i7 975
intel xeon_e3_1125c -
intel core_i7 4770t
intel xeon_e5 4620_v3
intel core_i5 3317u
intel xeon_e5 2670
intel xeon_e3_1240l_v5 -
intel xeon_platinum 8153
intel atom_c c2750
intel celeron_n n4000
intel xeon_gold 6144
intel xeon_e3_1265l_v4 -
intel xeon_e7 8880l_v2
intel core_i5 3210m
intel core_i5 3570k
intel core_i5 2450m
intel xeon_e7 8880l_v3
intel core_i5 2500s
intel xeon x3480
intel xeon_e5_2648l -
intel xeon_e3_1275_v6 -
intel atom_z z2560
intel core_i7 960
intel core_i7 4722hq
intel core_i5 4570te
intel xeon_e3_1225_v2 -
intel xeon_e7 8870_v4
intel atom_c c2350
intel xeon_e5_1650 -
intel core_i7 4771
intel core_i3 2350m
intel core_i7 4720hq
intel core_i7 7y75
intel atom_z z3745d
intel xeon_e5 2650l_v4
intel xeon_e3_1276_v3 -
redhat enterprise_linux 7.0
intel core_i3 6300
intel core_i7 660um
intel core_i3 2100
intel core_i3 4005u
intel xeon e5507
intel celeron_j j1850
intel xeon_e5 2695_v3
intel xeon_e3_1230l_v3 -
intel xeon_e5_2650_v3 -
intel core_i5 4690t
intel xeon_e7 4809_v4
intel xeon_e7 8880_v2
intel core_i3 2130
intel core_i5 5675r
intel core_i3 4360t
intel xeon_phi 7210f
intel core_i5 480m
intel core_i7 4770te
intel xeon_e5_2430l_v2 -
intel core_i3 2115c
intel xeon_platinum 8180
intel celeron_j j3455
intel xeon_e3_1285l_v4 -
intel core_i7 4960hq
intel atom_z z3770
intel core_i7 8700
intel core_i3 3210
intel core_i3 5015u
intel xeon_e5_1428l -
intel xeon_e5 4667_v3
intel core_i7 680um
intel xeon_e5_2430 -
intel core_i5 4210y
intel core_i3 4112e
intel core_i3 4370t
intel xeon_e3_1285l_v3 -
intel atom_c c3808
intel xeon_e3_1220_v6 -
intel core_i5 655k
intel xeon_e5 2699_v3
intel atom_c c3308
intel core_m7 6y75
intel xeon_e7 8893_v2
intel atom_c c3858
intel core_i3 3250
intel core_i5 6400
intel xeon x5550
intel xeon_e3_1230_v2 -
intel xeon_e3_1220_v5 -
intel core_i5 3570t
intel xeon_e5_2637_v2 -
intel xeon_e7 4870
intel xeon_e7 4880_v2
intel core_i5 4302y
intel core_i5 5287u
intel core_i7 4770s
intel celeron_j j1800
intel xeon_e5_2630 -
intel core_i7 3537u
intel celeron_n n2815
intel atom_z z2460
intel xeon_e5 4667_v4
intel xeon_e3_1230_v6 -
intel atom_z z3480
intel core_i5 3330
intel xeon_e7 8890_v4
intel core_i5 560um
intel core_i7 980x
intel xeon_e3_1265l_v2 -
redhat enterprise_linux_eus 7.4
intel xeon_e3_1290 -
intel core_i5 580m
intel core_i7 4860hq
intel xeon e5504
intel xeon_e5_1428l_v2 -
intel xeon_bronze_3104 -
intel core_i5 4460s
intel xeon_e5 4648_v3
intel core_i5 8400
intel xeon_e5_2609_v4 -
intel xeon_e5_2608l_v3 -
intel xeon e6540
intel xeon_gold 6136
intel core_i3 3120m
intel xeon_e5_2623_v4 -
intel core_i3 4010y
intel xeon_gold 6146
intel xeon_e5 4610_v3
intel xeon_e5 4627_v2
intel core_i3 4350
intel celeron_n n3150
intel xeon_e3_1240 -
intel xeon_e5_2630_v3 -
redhat enterprise_linux_server_eus 7.6
intel xeon_gold 6130f
intel core_i5 4400e
intel xeon_platinum 8176f
intel xeon_e3_1268l_v5 -
intel core_i5 4360u
intel core_i7 620lm
intel core_i7 4550u
intel core_i7 2600k
intel xeon_e3_1286l_v3 -
intel core_i7 660lm
intel xeon e5603
intel core_i3 2100t
intel core_i5 6300hq
intel core_i7 2600s
intel core_i7 4710hq
intel xeon_e5 4610_v2
intel core_i3 4110e
intel core_i7 640um
intel xeon_e3 1558l_v5
intel xeon_e5 2697_v4
intel core_i3 4020y
intel xeon_silver 4112
intel core_i5 4220y
intel core_i7 2760qm
intel xeon_e5 2683_v3
intel xeon_e7 2860
intel core_i5 4410e
intel xeon_e5_2603_v2 -
intel core_i7 660ue
intel xeon_e5 4610
intel core_i7 7600u
intel xeon_gold 6138t
intel xeon e5620
intel core_i5 520um
arm cortex-a 8
intel core_i3 3217ue
intel xeon_e3_1240_v6 -
intel xeon_e5_1680_v3 -
intel core_i7 2860qm
intel atom_c c2550
intel xeon_e5_2618l_v3 -
intel core_i5 6500te
intel core_i7 4558u
intel xeon_e3 1535m_v6
intel xeon_e5 2690
intel xeon x7560
intel core_i3 350m
arm cortex-a 57
intel xeon_gold 6126t
intel core_i7 3632qm
intel xeon x7542
oracle communications_eagle_application_processor 16.1.0
intel xeon_e3_1270_v3 -
intel xeon x5667
intel core_i7 920
intel xeon_e7 4807
intel xeon_e5 2695_v4
intel core_i7 970
intel xeon_e5_2650_v4 -
intel xeon_silver 4116t
intel xeon_e5 2680_v4
intel xeon_e5 2687w_v2
intel xeon_silver 4114t
intel xeon_e7 2870_v2
intel xeon x5675
intel core_i3 4030u
intel core_i7 7560u
intel core_m5 6y57
intel core_i7 4950hq
intel xeon l5630
intel xeon_e5_2450l_v2 -
intel atom_z z3775
intel core_i5 6600t
intel atom_z z3735g
intel xeon_e3_1225_v6 -
arm cortex-a 17
intel xeon_e5 2667_v3
intel xeon_e5 4607
intel core_i5 661
intel atom_z z3530
intel atom_c c2530
intel xeon_e7 8880_v4
intel core_i5 4690
intel xeon_e5 2699r_v4
intel xeon_e3_12201_v2 -
intel core_i7 4770
intel core_i3 370m
intel xeon_e5 4660_v4
intel core_i7 3610qe
intel xeon x5670
intel core_i3 2310m
intel core_i5 4670k
intel core_i5 430m
intel xeon_e5_2628l_v2 -
intel xeon_e3_1260l -
intel atom_z z2760
intel xeon_e7 8860_v3
intel core_i5 4690s
intel core_i7 965
intel atom_c c2358
redhat enterprise_linux_workstation 7.0
intel atom_x3 c3130
intel core_i3 380um
intel pentium_n n4200
intel core_i5 2500k
intel core_i3 2367m
intel core_i7 8550u
intel xeon_e5_2407 -
intel xeon_e5_2650l_v3 -
intel xeon_e7 2803
intel xeon_e7 4830_v4
intel xeon_gold 6128
intel xeon_phi 7210
intel core_i3 6100u
intel atom_c c2718
intel xeon_e5 4650_v2
intel xeon l5618
intel core_i5 8600k
intel xeon x3430
intel core_i7 8700k
intel xeon_e3_12201 -
oracle communications_lsms *
intel core_i3 6157u
intel core_i7 7500u
intel xeon_gold 5120
intel xeon_gold 6140m
intel core_i3 3229y
intel core_i7 4770r
intel atom_c c2316
intel celeron_n n2807
intel core_i7 980
intel core_i7 4870hq
intel core_i5 3230m
intel core_m 5y70
intel core_i5 6500t
intel core_i5 6600k
intel core_i5 4670s
intel xeon_gold 6142f
intel xeon_e5 2698_v4
intel xeon_e5_2450l -
intel core_i5 750
intel celeron_n n3160
intel celeron_j j3355
intel xeon_e5 2658
intel xeon_e7 4860_v2
intel core_i3 2370m
intel xeon_e3 1535m_v5
intel xeon e5503
intel core_i7 950
intel core_i7 3615qe
intel xeon_e3_1275_v5 -
intel core_i3 4130t
intel core_i5 4300y
intel xeon l5609
intel core_i7 4600m
intel pentium_j j3710
intel xeon l5518
intel xeon_e3_1231_v3 -
intel core_i5 4258u
intel core_i7 640m
intel xeon_platinum 8176
intel core_i5 3337u
intel xeon_e5 4655_v4
intel xeon_e5 2658a_v3
intel pentium_j j2900
intel xeon_e3_1278l_v4 -
intel xeon_e5 4669_v3
intel core_i5 4308u
intel core_i7 4710mq
fujitsu m12-2_firmware *
intel xeon_e7 8894_v4
intel core_i3 2340ue
intel core_i3 2328m
intel xeon_e3_1275_v2 -
intel xeon_e5_2440_v2 -
intel xeon l5638
intel core_i5 2557m
intel core_i3 330e
intel core_i5 4300m
intel xeon x5687
intel core_i5 750s
intel atom_z z3740d
intel xeon_e5 4620
intel core_i3 4120u
intel atom_e e3825
redhat enterprise_linux_server 6.0
intel xeon_e5 4640_v2
intel core_i3 4100e
intel core_i7 5700hq
intel xeon w5590
intel core_i5 6402p
intel core_i7 2700k
intel atom_c c3758
intel core_i3 4010u
intel core_i3 3240t
intel xeon_e5_1620_v4 -
intel xeon_e5 2697a_v4
intel xeon_e5_2650 -
intel xeon_silver 4109t
intel xeon_e5 4650
intel core_i5 2500t
intel core_i7 3520m
intel xeon_e5_2418l_v3 -
intel core_i3 2330m
intel core_i5 2390t
intel xeon_gold 6154
intel xeon_e5 2667
intel core_m3 7y30
intel core_i7 2600
intel celeron_n n2840
intel xeon_e3_1245_v2 -
intel core_i7 930
intel xeon_e5 4607_v2
intel xeon lc5528
intel xeon_e3_1270_v6 -
intel xeon x3460
intel xeon_e5_2620_v3 -
intel celeron_n n2920
intel xeon_e5_1620_v2 -
intel core_i5 5300u
intel core_i5 3450
intel xeon_e7 8867_v3
intel core_i7 2920xm
intel core_i5 3550s
intel xeon_e5 2658_v4
intel core_i5 6442eq
intel xeon_e7 4820_v4
intel core_i5 540m
intel xeon_e3_1258l_v4 -
intel core_i5 450m
intel xeon x3470
intel atom_c c2538
intel xeon_e3_1268l_v3 -
intel xeon_e5_2418l -
intel core_i7 4810mq
intel xeon_e3_1220_v3 -
intel core_i5 540um
intel core_i3 3220
intel xeon_e3_1281_v3 -
intel core_i7 940xm
intel xeon_phi 7230f
intel core_i5 3470t
intel xeon_e7 4860
intel xeon_e7 4809_v3
intel xeon_silver 4114
intel xeon_e3_1505m_v5 -
intel core_i7 2630qm
intel core_i5 3360m
intel xeon_e5_2428l_v2 -
intel xeon_e7 8867l
intel xeon e5520
intel xeon_platinum 8160t
intel xeon_e7 8850_v2
intel core_i5 3427u
intel xeon_e7 4820_v2
intel core_i5 6360u
intel core_i5 2300
intel xeon_e3_1225_v5 -
intel core_i7 840qm
intel core_i5 4210m
intel core_i5 6287u
intel xeon_phi 7230
intel celeron_j j3060
intel core_i7 2637m
intel core_i7 2617m
intel xeon_platinum 8160f
intel celeron_n n4100
intel xeon_e5_2643_v3 -
intel core_m 5y51
intel core_i7 820qm
intel pentium_n n3710
intel xeon_e3_1280_v3 -
intel xeon e7530
intel core_i5 2405s
intel core_i7 870
intel xeon_e5_2430l -
intel xeon_e3_1235l_v5 -
intel xeon_platinum 8160m
intel xeon_e3_1280_v5 -
intel core_i5 4460t
intel core_i7 860s
intel xeon_e5_1650_v4 -
intel xeon_e5_1660_v2 -
intel xeon_e3_1240_v5 -
intel xeon_e3_1220_v2 -
intel xeon_e5_2428l_v3 -
intel core_i7 920xm
intel xeon_e5_2438l_v3 -
intel xeon_gold 5115
intel xeon_e3 1545m_v5
intel xeon_e3_1275_v3 -
intel xeon_e5_2440 -
intel core_i5 660
intel xeon_e5 2697_v2
intel atom_c c2738
intel xeon_e5_2420_v2 -
intel core_i7 5550u
intel xeon_e5_2428l -
intel xeon ec5509
intel core_i7 3555le
intel atom_e e3827
intel xeon_platinum 8170m
fujitsu m12-1_firmware *
arm cortex-r 7
intel core_i3 6100h
intel xeon_e5_2448l -
intel xeon_e7 2850_v2
intel xeon_e5_1680_v4 -
intel core_i3 3130m
intel xeon e5502
intel xeon_platinum 8170
intel core_i7 3540m
intel core_i3 5005u
intel xeon_e3_1125c_v2 -
intel core_i7 3615qm
intel atom_z z3745
intel core_i3 4158u
intel core_i7 5950hq
intel xeon_e5 2690_v4
intel xeon_e5 2660_v2
intel xeon_e5_2640_v4 -
intel xeon_e5 2698_v3
intel core_i3 4330
intel core_i7 4600u
intel core_i7 7567u
intel xeon_silver 4110
intel atom_z z3740
intel xeon_e5 4640_v3
intel core_i3 2310e
intel xeon_e5_2640_v2 -
intel core_i5 3439y
intel core_m5 6y54
intel core_i3 4130
intel core_i5 2435m
intel xeon_e5_2620_v4 -
intel atom_x3 c3230rk
intel atom_x3 c3200rk
intel atom_c c3850
intel xeon_e5_1630_v3 -
intel xeon_gold 6142
intel core_i7 4650u
intel core_i3 560
intel xeon_e5_2450 -
intel core_i3 8100
intel core_i7 4610y
intel core_i3 8350k
intel xeon_e5 4650l
intel core_i3 4340te
intel core_i5 3330s
intel xeon_e3 1565l_v5
intel xeon l3406
intel xeon_e3_1235 -
intel pentium_n n3700
intel xeon_e5_1650_v3 -
intel xeon_e3 1515m_v5
intel core_i5 4330m
intel xeon_e3_1230 -
intel core_i7 610e
intel core_i7 5850hq
intel xeon_gold 6132
intel core_i5 3570
intel core_i5 4310m
intel xeon_e5 2697_v3
intel core_i5 2400
intel core_i7 3770s
intel xeon x5672
arm cortex-a 9
intel core_i5 5350h
intel core_i7 2649m
intel core_i7 2720qm
intel xeon_e7 2850
intel xeon w3680
intel xeon_e3_1225 -
intel core_i5 6500
intel atom_c c2518
intel atom_z z3736f
intel core_i3 2348m
intel core_i7 4702mq
intel xeon_e7 8857_v2
intel core_i3 390m
intel core_i3 2375m
intel xeon_e5_2450_v2 -
intel core_i7 3689y
intel core_i7 4702ec
intel xeon_e5 4655_v3
intel xeon_platinum 8168
intel xeon_e3_1270_v2 -
intel xeon_e5 2660
intel core_i5 4402e
intel xeon_e5_2430_v2 -
intel core_i5 2515e
intel core_i5 520m
intel core_i5 3340s
intel core_i5 4440
intel atom_c c3750
intel core_i3 4360
intel core_i5 2430m
intel atom_z z3570
intel xeon_e5_2420 -
intel core_i7 940
intel xeon_e5_2637_v4 -
intel core_i5 3380m
intel core_i5 3437u
intel core_i3 4100m
intel core_i3 5020u
intel atom_c c3950
intel core_i7 4910mq
intel core_i7 2710qe
intel core_i5 6260u
intel core_i5 520e
intel celeron_n n3450
intel xeon_gold 5118
redhat enterprise_linux_server_tus 7.4
intel xeon_e5_2648l_v4 -
intel xeon_e7 8880_v3
intel core_i5 6267u
intel xeon_e3_1265l_v3 -
intel core_i3 3225
intel core_i3 4160
intel xeon_phi 7250
intel core_i3 4350t
intel core_i7 4760hq
intel xeon_e5_2650l -
oracle communications_eagle_application_processor 16.2.0
intel atom_c c2558
intel atom_c c2758
intel core_i7 5557u
intel xeon_e5 4669_v4
intel atom_z z3795
intel xeon_e3_1245 -
intel xeon_e5 2690_v3
intel core_i5 6400t
intel core_i7 7820eq
intel pentium_j j2850
intel core_i5 4288u
intel xeon e7540
intel xeon_e7 8893_v3
intel xeon_e5 4640
intel core_i7 4790t
intel xeon e5630
intel core_i5 4670t
intel core_i3 4160t
intel core_i7 5850eq
intel celeron_j j3160
intel core_i7 8650u
intel xeon_e5_2623_v3 -
intel xeon_e3 1585_v5
intel xeon_e5_2648l_v3 -
intel xeon_e7 8830
intel xeon_gold 6126
intel celeron_n n2810
intel xeon_gold 6152
intel xeon_e5_2618l_v2 -
intel core_i5 4670
intel xeon_e5_1620 -
intel xeon_e5_1620_v3 -
intel core_i7 3770t
intel xeon_e3_1241_v3 -
intel core_i7 5775r
intel xeon_e5_2630l_v3 -
intel atom_c c3955
intel core_i7 2820qm
intel core_i7 4900mq
intel core_i5 4440s
intel xeon ec5549
intel xeon_e7 2880_v2
intel xeon_e5_2403_v2 -
intel core_i7 3612qe
intel core_i7 3687u
intel xeon_e3_1270 -
intel xeon_e3_1230_v3 -
intel xeon_e3_1245_v5 -
intel xeon_e7 4830_v3
intel core_i3 6300t
intel core_i5 6585r
intel core_i5 4590
intel core_i5 4402ec
intel core_i7 4765t
intel atom_z z3735f
intel core_i5 4570t
intel core_i7 3740qm
intel xeon_e3_1280_v6 -
intel core_i3 4370
intel celeron_n n2820
intel core_i3 4025u
intel core_i7 4800mq
intel core_i7 7700t
intel xeon_e5_2650l_v2 -
intel core_i5 3470s
intel xeon e5607
intel core_i7 875k
intel xeon_e5_2637_v3 -
intel core_i3 4030y
intel xeon_e7 8870_v2
intel core_i5 560m
intel atom_z z3735d
intel xeon_phi 7250f
intel core_i5 4210h
intel xeon_e3_1245_v6 -
intel core_i3 550
intel core_i7 2675qm
intel core_i5 650
intel pentium_n n3540
intel core_i5 6300u
intel atom_c c3830
intel core_i5 2320
intel xeon_e5 2690_v2
intel xeon_e7 4830_v2
intel core_i5 5350u
intel core_i7 3770
intel core_i7 3635qm
intel xeon_e5 4624l_v2
intel core_i7 640lm
intel core_i5 4200m
intel xeon_e5 4617
intel core_i3 4170t
intel pentium_n n3530
intel core_i5 3550
intel xeon_e5 4650_v4
intel core_i3 2125
intel xeon_e5_2418l_v2 -
intel xeon_e5_2640 -
intel xeon_e5 4620_v4
intel core_i3 3115c
intel core_i3 5010u
redhat enterprise_linux_server_tus 7.6
intel core_i7 7700k
intel xeon_e7 4890_v2
intel xeon_silver 4108
intel core_i7 7820hq
intel atom_z z2520
intel atom_c c2730
intel xeon_e5_2403 -
intel core_i3 2120t
intel core_i7 7820hk
intel xeon_e3_1230_v5 -
intel xeon_e5_2637 -
intel core_i3 330um
intel core_i5 670
intel xeon_e3_1246_v3 -
intel core_i3 4330te
intel xeon_e3_1505l_v6 -
intel core_i5 4202y
intel core_i7 880
intel core_i7 4500u
intel xeon_e5 2667_v4
intel xeon x5647
intel core_i5 6350hq
intel xeon_e5 2670_v2
intel celeron_j j1900
intel atom_z z3736g
redhat enterprise_linux_desktop 6.0
intel core_i5 4590s
intel xeon_e7 8867_v4
intel atom_c c3538
intel xeon_e5 2670_v3
intel xeon l5640
intel xeon e5540
intel xeon_e3_1501m_v6 -
intel core_m 5y10
intel xeon_e7 2820
intel core_i3 4150
intel core_i7 3720qm
intel core_i7 2620m
intel xeon_e5_1660_v3 -
intel xeon x3450
intel core_m3 6y30
intel core_i3 3250t
intel core_i7 870s
intel core_m 5y10c
intel core_i5 3339y
intel core_i7 4700hq
intel xeon x5660
intel xeon_e5_2650_v2 -
intel xeon_e5_2643 -
intel xeon e5506
intel xeon ec5539
intel xeon_e5_2628l_v4 -
intel core_i3 6320
intel core_i5 4260u
intel pentium_n n3520
intel xeon_phi 7285
intel core_m 5y31
intel core_i7 620le
intel core_i5 3610me
intel celeron_n n3350
intel xeon_silver 4116
intel xeon e5606
intel core_i7 2677m
intel xeon_e3_1260l_v5 -
intel core_i3 2312m
intel atom_z z3770d
intel core_i7 4770hq
intel xeon_e3_1285_v4 -
intel celeron_n n2808
intel core_i3 6100t
intel xeon_gold 6140
intel xeon_gold 6138f
intel core_i7 3517ue
intel xeon_bronze_3106 -
intel xeon_e7 4870_v2
intel core_i7 4850hq
intel celeron_n n3010
arm cortex-a 75
intel xeon_e3_1275l_v3 -
intel xeon_e5_2640_v3 -
intel core_i7 2657m
intel atom_e e3815
intel core_i3 2105
intel core_i5 430um
intel core_i7 4578u
intel xeon_e7 4850
intel xeon_e7 4820_v3
intel xeon_e7 8860_v4
intel xeon_gold 6150
intel core_i7 3612qm
intel xeon l5530
intel xeon_e5_1630_v4 -
intel xeon_e5_2618l_v4 -
intel xeon_e5 2658_v2
intel xeon_e5_2603_v3 -
intel xeon_e5 2660_v4
intel xeon_e5 2667_v2
intel xeon_e7 8860
intel core_i5 4340m
intel xeon l7555
intel xeon_e3_1225_v3 -
intel xeon x6550
intel xeon_gold 6148f
intel xeon_e3_1501l_v6 -
arm cortex-a 72
intel core_i7 3667u
intel core_i7 5500u
intel xeon_e7 4850_v3
intel core_i7 3770k
intel xeon_e3_1280_v2 -
redhat enterprise_linux_server 7.0
intel core_i7 2640m
intel xeon_e5_2630l_v4 -
intel xeon_gold 6148
arm cortex-a 76
intel atom_e e3845
intel xeon_gold 6126f
intel xeon_e5_2470 -
intel celeron_n n2940
intel core_i3 6100e
intel core_i5 3320m
intel xeon_gold 5119t
intel core_i7 990x
intel core_i5 3340m
intel core_i7 740qm
arm cortex-a 73
intel celeron_n n3050
intel core_i5 5250u
intel core_m3 7y32
intel xeon_e5_2630_v2 -
intel xeon_e5_2408l_v3 -
intel core_i3 3245
intel core_i5 6200u
intel atom_z z3560
intel core_i5 8350u
intel xeon_e3 1575m_v5
intel xeon_e5_2448l_v2 -
intel xeon_e5_2470_v2 -
intel celeron_j j4105
intel core_i5 4200y
intel core_i7 4785t
intel xeon_e5 2699_v4
intel atom_c c3558
intel core_i5 4570s
intel atom_x3 c3205rk
intel core_i3 3240
intel atom_x3 c3405
intel core_i3 2365m
intel xeon_e3_1285_v3 -
intel xeon_e5 4627_v4
intel atom_x3 c3445
intel core_i5 4430s
intel xeon_e7 4850_v4
intel xeon x5680
intel xeon_e5_2620 -
intel atom_c c3708
intel xeon_e3_1271_v3 -
intel core_i5 4422e
redhat enterprise_linux_desktop 7.0
intel xeon_e5_1660 -
intel xeon_e7 8890_v3
intel xeon_e5 4610_v4
intel xeon_e7 8837
intel core_i3 4340
intel atom_c c2308
intel core_i5 2467m
intel xeon_e5 4627_v3
redhat enterprise_linux_server_aus 7.4
intel core_i5 2510e
intel core_i3 3220t
intel core_i5 2540m
intel xeon_e5_2630l_v2 -
intel xeon_e5_2603 -
intel core_i7 4770k
intel xeon_e3_1245_v3 -
intel xeon_gold 6142m
intel xeon_e7 2870
intel celeron_n n2806
intel core_i3 330m
intel xeon_e3_1105c_v2 -
intel xeon_e3 1578l_v5
intel xeon_e3_1226_v3 -
intel xeon_e3_1290_v2 -
intel xeon_e5_2407_v2 -
intel core_i3 4170
intel core_i5 4200h
intel celeron_j j1750
intel xeon_gold 6138
intel xeon_phi 7295
intel xeon_gold 5120t
intel xeon_platinum 8176m
intel xeon_e5 2680
intel xeon_phi 7290f
intel core_i5 4250u
intel xeon_e5 2687w
intel xeon_platinum 8164
intel core_i5 5257u
intel xeon_e5_2630l -
intel core_i5 3470
intel xeon x3440
intel xeon_e5_2630_v4 -
intel core_i5 3340
intel core_i5 470um
intel atom_c c2516
intel xeon_e5_1660_v4 -
intel core_i7 3840qm
intel core_i5 2537m
intel core_i7 4790k
intel xeon_e5 4660_v3
intel core_i7 2629m
intel core_i7 2960xm
intel core_i5 6685r
intel core_i5 4310u
intel xeon_gold 5122
intel core_m 5y71
intel xeon_e5_2620_v2 -
intel xeon_e5 4628l_v4
intel xeon_e5 4603
intel xeon_phi 7290
intel xeon e5640
intel xeon_e3_1240l_v3 -
intel xeon_phi 7235
intel core_i5 6440hq
intel core_i5 5200u
intel atom_z z3785
intel core_i5 2550k
intel xeon e6510
intel xeon_gold 6130t
intel core_i7 5750hq
intel xeon_e5_2643_v2 -
intel core_i5 2450p
intel core_i5 4670r
intel core_i3 3110m
intel core_i5 460m
intel core_i7 3820qm
intel xeon_e3_1286_v3 -
intel core_i3 4000m
intel atom_c c3508
intel xeon l5506
intel core_i5 2520m
intel xeon x7550
intel xeon_e3_1240_v3 -
intel xeon_e7 4830
intel core_i3 6006u
intel xeon_e5_2648l_v2 -
intel core_i5 2410m
intel core_i5 4430
intel xeon_e5_2609_v3 -
intel core_i3 6100
intel xeon_e7 8893_v4
intel core_i7 2715qe
intel core_i5 4200u
intel xeon l7545
intel xeon w3670
intel core_i7 4702hq
intel celeron_j j4005
intel core_i3 2377m
intel core_i7 2635qm
intel core_i7 5600u
intel atom_c c3338
intel xeon_e5 2665
intel atom_z z3580
intel atom_z z3460
intel core_i3 2357m
intel xeon_platinum 8160
intel core_i7 3630qm
arm cortex-a 12
intel core_i5 8250u
intel xeon_e5_2608l_v4 -
intel core_i7 4700mq
intel core_i3 380m
intel core_i7 4700eq
intel xeon_e7 4820
intel xeon_platinum 8156
intel atom_z z2480
intel xeon w5580
intel core_i7 4712hq
intel core_i5 2400s
intel xeon_gold 6130
intel xeon_e3_1275 -
intel core_i3 4012y
intel core_i7 4712mq
intel core_m 5y10a
intel xeon_e5 4620_v2
intel core_i5 4278u
intel core_i5 3350p
intel xeon_e7 8870_v3
intel core_i7 4790s
intel core_i5 4300u
intel xeon l5508
intel core_i5 4690k
intel core_i7 2670qm
intel core_i7 4750hq
intel core_i7 7700hq
intel celeron_n n2830
intel core_i7 5775c
intel xeon x5690
intel core_i5 4460
intel core_i7 5700eq
intel xeon_e7 8890_v2
intel core_i3 4100u
intel core_i5 4210u
intel xeon_platinum 8158
schneider-electric struxureware_data_center_expert 7.6.0
intel core_i7 7700
intel xeon_e3_1280 -
intel core_i5 3570s
intel core_i7 2655le
intel atom_e e3805
intel xeon_e5_1428l_v3 -
intel core_i5 4590t
intel core_i7 5650u
intel core_i7 4700ec
intel xeon l5520
intel xeon_e7 8891_v2
intel atom_c c2338
intel xeon_e3_1505l_v5 -
intel core_i3 2330e
intel xeon x5650
intel core_i3 540
intel xeon e5649
intel xeon_e5 2658_v3
intel core_i3 4110m
intel core_i3 3217u
intel xeon_e5_2609 -
intel xeon w3690
intel xeon_e5_2603_v4 -
intel atom_z z3735e
intel xeon_e5_2643_v4 -
intel core_i7 620um
intel core_i7 620ue
intel xeon_e5 2687w_v4
intel core_i7 620m
intel xeon_e7 4809_v2
intel xeon_e5 4657l_v2
intel core_i5 5575r
intel core_i7 4510u
intel core_i5 4570r
intel pentium_n n3510
intel xeon l3426
intel core_i3 6167u
intel atom_z z3590
redhat enterprise_linux_server_aus 7.6
intel xeon_e3_1270_v5 -
intel core_i3 6098p
intel atom_c c3958
intel core_i7 860
intel xeon_e5_2628l_v3 -
intel xeon_e5 2683_v4
intel xeon_e5_1650_v2 -
intel core_i5 3450s
intel xeon x5560
intel xeon x5677
intel xeon_e3 1585l_v5
intel core_i5 6600
intel xeon e5645
intel xeon_e7 8891_v3
intel core_i7 2610ue
intel atom_x3 c3295rk
intel core_i5 2310
intel core_i7 7920hq
intel celeron_n n3000
intel core_i3 4102e
intel xeon_e5 4603_v2
arm cortex-r 8
intel xeon_e5 2680_v2
intel xeon x5570
intel core_i3 3227u
intel core_i5 3475s
intel core_i5 5675c
intel core_i3 4330t
intel pentium_j j4205
intel core_i3 2120
intel core_i3 3120me
intel core_i5 4570
intel xeon_e-1105c -
intel core_i3 2102
intel core_i7 7660u
intel atom_z z2420
intel xeon e7520
intel xeon_gold 6134
intel core_i5 2500
intel celeron_n n2930
netapp solidfire_element_os_management_node -
intel celeron_n n2805
intel xeon_e5 4640_v4
fujitsu m12-2s_firmware *
intel xeon_e3_1220l_v3 -
intel core_i7 3517u
intel xeon_e7 4850_v2
redhat enterprise_linux_server_eus 7.5
intel core_i5 6440eq
intel xeon_e3 1505m_v6
intel xeon_e7 8870
intel core_i7 4790
intel core_i7 4610m
intel xeon_e5 2660_v3
intel xeon_e5 2695_v2
intel xeon_e5 2687w_v3
intel core_i5 2380p
intel xeon_e3_1220 -
intel atom_x3 c3265rk
intel xeon_e5 2680_v3
CVE-2019-12762 LOW

Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.2 MEDIUM CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 0.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
samsung galaxy_s6_edge_firmware -
mi mi_5s_plus_firmware -
samsung galaxy_s4_firmware -
google nexus_9_firmware -
sharp aquos_zeta_sh-04f_firmware -
google nexus_7_firmware -
fujitsu arrows_nx_f05-f_firmware -
sony xperia_z4_firmware -
CVE-2019-13163 MEDIUM

The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
fujitsu systemwalker_desktop_keeper 15.1.1e
fujitsu interstage_list_works 10.1.0
fujitsu triole_cloud_middle_set_b_set 1.0.0
fujitsu systemwalker_software_configuration_manager_express 15.5.0a
fujitsu systemwalker_desktop_patrol 15.1.1e
fujitsu systemwalker_it_change_manager_v14g 14.1.1
fujitsu primepower_firmware -
fujitsu serverview_resource_orchestrator 3.1.2
fujitsu interstage_application_server 9.3.1
fujitsu interstage_application_development_cycle_manager 10.3.2
fujitsu interstage_application_server 8.0.2
fujitsu systemwalker_desktop_keeper 15.1.3e
fujitsu interstage_application_development_cycle_manager 10.1
fujitsu primergy_rx4770_m5_firmware -
fujitsu interstage_application_server 12.1.0
fujitsu interstage_business_application_manager 1.0l21
fujitsu systemwalker_runbook_automation 15.1.3a
fujitsu systemwalker_desktop_keeper 15.1.2
fujitsu interstage_application_development_cycle_manager 10.0a
fujitsu systemwalker_operation_manager 13.8.0
fujitsu interstage_application_server 11.0.0
fujitsu gps_firmware -
fujitsu interstage_studio 11.1.0a
fujitsu interstage_application_server 9.0.1b
fujitsu interstage_application_server 11.2.0
fujitsu interstage_application_server 12.0.0
fujitsu systemwalker_runbook_automation 15.0.0a
fujitsu interstage_application_server 10.0.0
fujitsu celsius_firmware -
fujitsu systemwalker_desktop_keeper 15.1.2e
fujitsu systemwalker_operation_manager 13.4.1a
fujitsu systemwalker_security_control 1.0.0a
fujitsu interstage_application_server 12.2.0
fujitsu interstage_application_development_cycle_manager 10.2.0
fujitsu systemwalker_desktop_patrol 15.2.0e
fujitsu systemwalker_desktop_patrol 15.3.0
fujitsu systemwalker_operation_manager 13.7.0
fujitsu interstage_application_server 8.0.3
fujitsu interstage_list_works 10.3.1
fujitsu systemwalker_runbook_automation 15.1.2a
fujitsu interstage_application_development_cycle_manager 10.0
fujitsu interstage_application_development_cycle_manager 10.3.1a
fujitsu interstage_application_server 8.0.1
fujitsu systemwalker_desktop_patrol 15.1.0a
fujitsu systemwalker_operation_manager 13.4.0
fujitsu sparc_enterprise_m5000_firmware -
fujitsu interstage_application_development_cycle_manager 10.3.1
fujitsu systemwalker_it_change_manager_v14g 14.0.0a
fujitsu sparc_m12-2s_firmware -
fujitsu systemwalker_desktop_keeper 15.2.0e
fujitsu interstage_application_server 9.3.0
fujitsu systemwalker_operation_manager 13.7.0a
fujitsu interstage_studio 10.1.0
fujitsu systemwalker_desktop_patrol 15.0.1b
fujitsu systemwalker_software_configuration_manager 15.5.0a
fujitsu interstage_studio 9.1.0b
fujitsu interstage_studio 10.0.0
fujitsu serverview_resource_orchestrator 3.2.0
fujitsu interstage_studio 12.2.0
fujitsu primergy_tx2550_m5_firmware -
fujitsu systemwalker_operation_manager 16.0.1
fujitsu linkexpress 5.0l21
fujitsu sparc_m12-1_firmware -
fujitsu interstage_list_works 10.3.2
fujitsu systemwalker_operation_manager 13.6.1
fujitsu interstage_list_works 10.3.0c
fujitsu safeauthor 3.3
fujitsu systemwalker_desktop_patrol 15.2.0
fujitsu systemwalker_security_control 1.0.0b
fujitsu serverview_resource_orchestrator 3.1.0
fujitsu interstage_application_server 8.0.0
fujitsu triole_cloud_middle_set_b_set 1.1.1
fujitsu systemwalker_desktop_patrol 15.1.3
fujitsu systemwalker_operation_manager 13.8.0e
fujitsu systemwalker_software_configuration_manager 15.6.0
fujitsu interstage_list_works 10.0.0
fujitsu systemwalker_operation_manager 13.8.0a
fujitsu systemwalker_security_control 1.0.0
fujitsu interstage_application_development_cycle_manager 10.3.0
fujitsu sparc_enterprise_m3000_firmware -
fujitsu interstage_application_server 11.1.0
fujitsu interstage_application_server 9.1.0a
fujitsu systemwalker_desktop_keeper 15.0.1
fujitsu safeauthor 3.4
fujitsu systemwalker_desktop_keeper 15.1.0
fujitsu linkexpress 5.0l20
fujitsu interstage_studio 9.2.0
fujitsu systemwalker_operation_manager 13.9.1
fujitsu triole_cloud_middle_set_b_set 1.1.0
fujitsu systemwalker_desktop_keeper 15.1.3
fujitsu interstage_list_works 10.4.0
fujitsu interstage_application_server 9.2.0a
fujitsu interstage_information_integrator_agent 11.3.0
fujitsu systemwalker_operation_manager 13.4.1
fujitsu systemwalker_desktop_keeper 15.0.1b
fujitsu systemwalker_desktop_patrol 15.0.1a
fujitsu systemwalker_runbook_automation 15.1.2
fujitsu interstage_application_server 9.0.0
fujitsu primergy_rx2540_m5_firmware -
fujitsu sparc_m12-2_firmware -
fujitsu systemwalker_it_change_manager_v14g 14.0.0
fujitsu systemwalker_software_configuration_manager_express 15.5.0
fujitsu interstage_web_server_express 11.1.0
fujitsu systemwalker_desktop_keeper 15.0.0b
fujitsu primequest_firmware -
fujitsu systemwalker_desktop_keeper 15.1.1
fujitsu systemwalker_operation_manager 13.4.0b
fujitsu interstage_business_application_manager 2.0.0
fujitsu safeauthor 3.6l10
fujitsu interstage_list_works 10.3.0b
fujitsu interstage_studio 12.0.0
fujitsu interstage_list_works 10.3.0a
fujitsu systemwalker_runbook_automation_v14g 14.1.0
fujitsu interstage_information_integrator 11.3.0
fujitsu interstage_application_server 9.0.1
fujitsu interstage_application_server 9.1.0
fujitsu sparc_enterprise_m8000_firmware -
fujitsu safeauthor 3.1
fujitsu safeauthor 3.0
fujitsu interstage_application_server 9.1.0b
fujitsu interstage_studio 12.1.0
fujitsu interstage_application_development_cycle_manager 10.1.1
fujitsu systemwalker_it_change_manager_v14g 14.1.0
fujitsu interstage_studio 9.1.0
fujitsu interstage_application_development_cycle_manager 10.3
fujitsu systemwalker_runbook_automation 15.1.1
fujitsu serverview_resource_orchestrator 3.0.0
fujitsu serverview_resource_orchestrator 3.1.1
fujitsu systemwalker_desktop_patrol 15.3.0a
fujitsu systemwalker_runbook_automation 15.1.0
fujitsu interstage_business_application_manager 2.0.1
fujitsu interstage_studio 11.0.0
fujitsu systemwalker_operation_manager 16.0.0
fujitsu interstage_list_works 9.0.1
fujitsu systemwalker_desktop_patrol 15.1.0
fujitsu systemwalker_software_configuration_manager 15.5.0
fujitsu gp7000f_firmware -
fujitsu primergy_rx2530_m5_firmware -
fujitsu interstage_business_application_manager 1.1
fujitsu sparc_enterprise_m4000_firmware -
fujitsu systemwalker_desktop_keeper 15.0.1a
fujitsu systemwalker_operation_manager 13.9.0
fujitsu serverview_resource_orchestrator 3.3.0
fujitsu interstage_application_server 9.2.0
fujitsu systemwalker_runbook_automation 15.1.3
fujitsu interstage_application_server 11.1.1
fujitsu systemwalker_desktop_patrol 15.0.1
fujitsu systemwalker_operation_manager 16.0.0a
fujitsu interstage_business_application_manager 1.0l20
fujitsu interstage_web_server_express 11.0.0
fujitsu serverview_resource_orchestrator 3.4.0
fujitsu systemwalker_software_configuration_manager_express 15.6.0
fujitsu interstage_list_works 10.3.0
fujitsu interstage_job_workload_server 8.1.1
fujitsu systemwalker_desktop_keeper 15.1.0e
fujitsu systemwalker_desktop_keeper 15.3.0
fujitsu systemwalker_runbook_automation_v14g 14.1.0a
fujitsu granpower_5000_firmware -
fujitsu triole_cloud_middle_set_b_set 1.1.2
fujitsu systemwalker_desktop_patrol 15.1.1
fujitsu interstage_web_server_express 11.1.1
fujitsu interstage_application_server 9.0.0b
fujitsu interstage_business_application_manager 1.0l10
fujitsu interstage_studio 11.1.0
fujitsu systemwalker_desktop_patrol 15.1.0e
fujitsu triole_cloud_middle_set_b_set 1.2.0
fujitsu systemwalker_operation_manager 13.6.0
fujitsu interstage_list_works 10.2.0
fujitsu systemwalker_runbook_automation 15.0.0
fujitsu interstage_application_server 10.1.0
fujitsu systemwalker_desktop_patrol 15.1.3e
fujitsu sparc_enterprise_m9000_firmware -
fujitsu interstage_application_development_cycle_manager 10.2
fujitsu linkexpress v5.0l20
fujitsu systemwalker_desktop_keeper 15.2.0
fujitsu interstage_list_works 9.0.1a
fujitsu systemwalker_desktop_patrol 15.0.0a
fujitsu interstage_list_works 10.3.2a
CVE-2019-18199 MEDIUM

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 0.7 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
fujitsu lx390_firmware -
CVE-2019-18200 HIGH

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, they are prone to keystroke injection attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fujitsu lx390_firmware -
CVE-2019-18201 MEDIUM

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, an attacker is able to eavesdrop on sensitive data such as passwords.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
fujitsu lx390_firmware -
CVE-2019-6109 MEDIUM

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 1.6 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-116,

Products Affected

Vendor Product Version
debian debian_linux 9.0
fujitsu m10-1_firmware *
siemens scalance_x204rna_eec_firmware *
netapp element_software -
netapp storage_automation_store -
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_eus 8.6
canonical ubuntu_linux 16.04
fujitsu m10-4s_firmware *
fujitsu m12-1_firmware *
debian debian_linux 8.0
redhat enterprise_linux_eus 8.1
redhat enterprise_linux 8.0
siemens scalance_x204rna_firmware *
redhat enterprise_linux_server_tus 8.6
fujitsu m12-2s_firmware *
netapp ontap_select_deploy -
fedoraproject fedora 30
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_aus 8.6
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
openbsd openssh *
fujitsu m10-4_firmware *
redhat enterprise_linux_eus 8.4
fujitsu m12-2_firmware *
winscp winscp *
CVE-2019-6111 MEDIUM

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
debian debian_linux 9.0
fujitsu m10-1_firmware *
redhat enterprise_linux 7.0
siemens scalance_x204rna_eec_firmware *
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_eus 8.2
freebsd freebsd *
redhat enterprise_linux_eus 8.6
canonical ubuntu_linux 16.04
freebsd freebsd 12.0
fujitsu m10-4s_firmware *
fujitsu m12-1_firmware *
debian debian_linux 8.0
redhat enterprise_linux_eus 8.1
redhat enterprise_linux 8.0
siemens scalance_x204rna_firmware *
redhat enterprise_linux_server_tus 8.6
fujitsu m12-2s_firmware *
fedoraproject fedora 30
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_aus 8.6
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
openbsd openssh *
fujitsu m10-4_firmware *
redhat enterprise_linux_eus 8.4
fujitsu m12-2_firmware *
winscp winscp *
apache mina_sshd 2.2.0
CVE-2019-9835 MEDIUM

The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fujitsu lx901_firmware -
fujitsu gk900_firmware -
CVE-2020-13817 MEDIUM

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,CWE-330,

Products Affected

Vendor Product Version
netapp h410c_firmware -
netapp hci_compute_node_firmware -
netapp h700s_firmware -
netapp h300e_firmware -
fujitsu m10-1_firmware *
netapp clustered_data_ontap -
netapp element_software -
opensuse leap 15.1
netapp h500s_firmware -
fujitsu m10-4s_firmware *
fujitsu m12-1_firmware *
netapp cloud_backup -
ntp ntp *
netapp h410s_firmware -
netapp steelstore_cloud_integrated_storage -
opensuse leap 15.2
netapp ontap_tools -
netapp h500e_firmware -
ntp ntp 4.2.8
netapp data_ontap -
fujitsu m12-2s_firmware *
netapp h300s_firmware -
netapp hci_management_node -
netapp h700e_firmware -
fujitsu m10-4_firmware *
netapp solidfire -
fujitsu m12-2_firmware *
CVE-2020-17457 LOW

Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticated attacker can store an XSS payload in the PSCU_FILE_INIT field of a Save Configuration XML document. The payload is triggered in the HTTP error response pages.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
fujitsu serverview_remote_management *
CVE-2020-1968 MEDIUM

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
oracle ethernet_switch_es2-64_firmware 2.0.0.14
oracle ethernet_switch_es2-72_firmware 2.0.0.14
debian debian_linux 9.0
oracle peoplesoft_enterprise_peopletools 8.58
fujitsu m10-1_firmware *
fujitsu m12-2s_firmware *
oracle ethernet_switch_es1-24_firmware 1.3.1
oracle peoplesoft_enterprise_peopletools 8.57
oracle ethernet_switch_tor-72_firmware 1.2.2
canonical ubuntu_linux 16.04
fujitsu m10-4s_firmware *
canonical ubuntu_linux 18.04
fujitsu m12-1_firmware *
openssl openssl *
oracle jd_edwards_world_security a9.4
fujitsu m10-4_firmware *
fujitsu m12-2_firmware *
oracle peoplesoft_enterprise_peopletools 8.56
CVE-2020-29127 HIGH

An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplang=en is visited from a different web browser.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
fujitsu eternus_storage_dx200_s4_firmware *
CVE-2020-8177 MEDIUM

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-99,CWE-74,

Products Affected

Vendor Product Version
fujitsu m10-4s_firmware *
haxx curl *
fujitsu m10-1_firmware *
fujitsu m12-1_firmware *
siemens sinec_infrastructure_network_services *
debian debian_linux 10.0
fujitsu m12-2s_firmware *
splunk universal_forwarder *
splunk universal_forwarder 9.1.0
fujitsu m10-4_firmware *
fujitsu m12-2_firmware *
CVE-2020-8284 MEDIUM

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
apple mac_os_x 10.14.6
fujitsu m10-1_firmware *
netapp clustered_data_ontap -
apple macos 11.2
netapp hci_storage_node -
apple macos 11.1
fedoraproject fedora 32
netapp hci_bootstrap_os -
fujitsu m10-4s_firmware *
fujitsu m12-1_firmware *
apple mac_os_x *
siemens sinec_infrastructure_network_services *
haxx curl *
oracle peoplesoft_enterprise_peopletools 8.58
debian debian_linux 10.0
fujitsu m12-2s_firmware *
oracle communications_cloud_native_core_policy 1.14.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
netapp hci_management_node -
splunk universal_forwarder *
splunk universal_forwarder 9.1.0
fujitsu m10-4_firmware *
apple mac_os_x 10.15.7
netapp solidfire -
fujitsu m12-2_firmware *
apple macos 11.0.1
fedoraproject fedora 33
oracle essbase 21.2
CVE-2020-8285 MEDIUM

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,CWE-674,CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 9.0
apple mac_os_x 10.14.6
fujitsu m10-1_firmware *
netapp clustered_data_ontap -
fedoraproject fedora 32
netapp hci_bootstrap_os -
fujitsu m10-4s_firmware *
fujitsu m12-1_firmware *
apple mac_os_x *
siemens sinec_infrastructure_network_services *
netapp hci_storage_node_firmware -
apple macos *
oracle peoplesoft_enterprise_peopletools 8.58
debian debian_linux 10.0
fujitsu m12-2s_firmware *
oracle communications_cloud_native_core_policy 1.14.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
netapp hci_management_node -
splunk universal_forwarder *
splunk universal_forwarder 9.1.0
fujitsu m10-4_firmware *
apple mac_os_x 10.15.7
haxx libcurl *
netapp solidfire -
fujitsu m12-2_firmware *
fedoraproject fedora 33
oracle essbase 21.2
CVE-2021-20722 MEDIUM

Untrusted search path vulnerability in the installers of ScanSnap Manager prior to versions V7.0L20 and the Software Download Installer prior to WinSSInst2JP.exe and WinSSInst2iX1500JP.exe allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
fujitsu scansnap_manager *
CVE-2021-23840 MEDIUM

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
tenable nessus_network_monitor 5.11.0
oracle graalvm 20.3.1.2
oracle enterprise_manager_for_storage_management 13.4.0.0
fujitsu m10-1_firmware *
tenable nessus_network_monitor 5.13.0
tenable nessus_network_monitor 5.12.1
oracle graalvm 19.3.5
tenable log_correlation_engine *
oracle jd_edwards_enterpriseone_tools *
oracle communications_cloud_native_core_policy 1.15.0
fujitsu m10-4s_firmware *
mcafee epolicy_orchestrator 5.10.0
fujitsu m12-1_firmware *
oracle business_intelligence 5.5.0.0.0
oracle business_intelligence 12.2.1.3.0
oracle enterprise_manager_ops_center 12.4.0.0
oracle mysql_server *
oracle business_intelligence 5.9.0.0.0
nodejs node.js 14.15.0
oracle graalvm 21.0.0.2
debian debian_linux 10.0
fujitsu m12-2s_firmware *
mcafee epolicy_orchestrator *
oracle nosql_database *
tenable nessus_network_monitor 5.12.0
nodejs node.js *
openssl openssl *
oracle jd_edwards_world_security a9.4
fujitsu m10-4_firmware *
fujitsu m12-2_firmware *
oracle business_intelligence 12.2.1.4.0
tenable nessus_network_monitor 5.11.1
CVE-2021-3326 MEDIUM

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,CWE-617,

Products Affected

Vendor Product Version
netapp ontap_select_deploy_administration_utility -
fujitsu m10-4s_firmware *
fujitsu m10-1_firmware *
fujitsu m12-1_firmware *
gnu glibc *
oracle communications_cloud_native_core_security_edge_protection_proxy 1.5.0
debian debian_linux 10.0
fujitsu m12-2s_firmware *
fujitsu m10-4_firmware *
fujitsu m12-2_firmware *
netapp e-series_santricity_os_controller *
CVE-2022-27089 HIGH

In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-428,

Products Affected

Vendor Product Version
fujitsu plugfree_network *
CVE-2022-28806 HIGH

An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer's nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler's code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
fujitsu lifebook_e449_firmware *
fujitsu lifebook_e5510_firmware *
fujitsu lifebook_u9310_firmware *
fujitsu lifebook_u7311_firmware *
fujitsu lifebook_u7511_firmware *
fujitsu lifebook_u7310_firmware *
fujitsu lifebook_a3510_firmware *
fujitsu lifebook_u7410_firmware *
fujitsu lifebook_u9311_firmware *
fujitsu lifebook_u7510_firmware *
fujitsu lifebook_e459_firmware *
fujitsu lifebook_u7411_firmware *
CVE-2022-29516 HIGH

The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, 3500), IPCOM EX2 SC(1100, 3200, 3500), IPCOM EX2 NW(1100, 3200, 3500), IPCOM EX2 DC, IPCOM EX2 DC, IPCOM EX IN(2300, 2500, 2700), IPCOM EX LB(1100, 1300, 2300, 2500, 2700), IPCOM EX SC(1100, 1300, 2300, 2500, 2700), and IPCOM EX NW(1100, 1300, 2300, 2500, 2700)) allows a remote attacker to execute an arbitrary OS command via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
fujitsu ipcom_ex2_lb_1100_firmware *
fujitsu ipcom_ex2_sc_1100_firmware *
fujitsu ipcom_ex_nw_2300_firmware *
fujitsu ipcom_ve2_ls_220_firmware *
fujitsu ipcom_ve2_ls_plus_220_firmware *
fujitsu ipcom_ve2_sc_200_firmware *
fujitsu ipcom_ve2_sc_plus_220_firmware *
fujitsu ipcom_ex2_sc_3200_firmware *
fujitsu ipcom_ex_nw_2500_firmware *
fujitsu ipcom_ve2_sc_100_firmware *
fujitsu ipcom_ex_nw_1100_firmware *
fujitsu ipcom_ve2_ls_plus2_220_firmware *
fujitsu ipcom_ex2_lb_3200_firmware *
fujitsu ipcom_ex2_in_3500_firmware *
fujitsu ipcom_ex_in_2700_firmware *
fujitsu ipcom_ve2_ls_200_firmware *
fujitsu ipcom_ex_lb_1300_firmware *
fujitsu ipcom_ve2_ls_100_firmware *
fujitsu ipcom_ex2_lb_3500_firmware *
fujitsu ipcom_ex2_in_1100_firmware *
fujitsu ipcom_ex_nw_2700_firmware *
fujitsu ipcom_ve2_sc_220_firmware *
fujitsu ipcom_ex_lb_2700_firmware *
fujitsu ipcom_ex2_dc_3200_firmware *
fujitsu ipcom_ex_nw_1300_firmware *
fujitsu ipcom_ex_sc_2500_firmware *
fujitsu ipcom_ex2_nw_3200_firmware *
fujitsu ipcom_ex_lb_1100_firmware *
fujitsu ipcom_ex_sc_2300_firmware *
fujitsu ipcom_ex2_sc_3500_firmware *
fujitsu ipcom_ex_lb_2500_firmware *
fujitsu ipcom_ex2_dc_3500_firmware *
fujitsu ipcom_ve2_ls_plus_100_firmware *
fujitsu ipcom_ex2_nw_1100_firmware *
fujitsu ipcom_ve2_sc_plus_100_firmware *
fujitsu ipcom_ex_in_2500_firmware *
fujitsu ipcom_ex_sc_1100_firmware *
fujitsu ipcom_ex2_in_3200_firmware *
fujitsu ipcom_ex_in_2300_firmware *
fujitsu ipcom_ex_sc_1300_firmware *
fujitsu ipcom_ve2_ls_plus_200_firmware *
fujitsu ipcom_ve2_ls_plus2_200_firmware *
fujitsu ipcom_ex_lb_2300_firmware *
fujitsu ipcom_ve2_sc_plus_200_firmware *
fujitsu ipcom_ex_sc_2700_firmware *
fujitsu ipcom_ex2_nw_3500_firmware *
CVE-2022-31794 HIGH

An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
fujitsu eternus_cs8000_firmware *
fujitsu eternus_cs8000_firmware 8.1
CVE-2022-31795 HIGH

An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to influence the username (user), password (pw), and file-name (file) parameters and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
fujitsu eternus_cs8000_firmware *
fujitsu eternus_cs8000_firmware 8.1
CVE-2023-22377

Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If this vulnerability is exploited, an attacker may obtain an arbitrary file which meets a certain condition by reading a specially crafted XML file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

Products Affected

Vendor Product Version
fujitsu tsclinical_metadata_desktop_tools *
fujitsu tsclinical_define.xml_generator *
CVE-2023-38433

Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.

Products Affected

Vendor Product Version
fujitsu ip-he950e_firmware *
fujitsu ip-he900d_firmware *
fujitsu ip-920e_firmware *
fujitsu ip-900iid_firmware *
fujitsu ip-90_firmware *
fujitsu ip-he900e_firmware *
fujitsu ip-900e_firmware *
fujitsu ip-9610_firmware *
fujitsu ip-920d_firmware *
fujitsu ip-he950d_firmware *
fujitsu ip-900d_firmware *
CVE-2023-38555

Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. Affected products and versions are as follows: Si-R 30B all versions, Si-R 130B all versions, Si-R 90brin all versions, Si-R570B all versions, Si-R370B all versions, Si-R220D all versions, Si-R G100 V02.54 and earlier, Si-R G200 V02.54 and earlier, Si-R G100B V04.12 and earlier, Si-R G110B V04.12 and earlier, Si-R G200B V04.12 and earlier, Si-R G210 V20.52 and earlier, Si-R G211 V20.52 and earlier, Si-R G120 V20.52 and earlier, Si-R G121 V20.52 and earlier, and SR-M 50AP1 all versions.

Products Affected

Vendor Product Version
fujitsu si-r_g100b_firmware *
fujitsu si-r_g121_firmware *
fujitsu si-r_g210_firmware *
fujitsu si-r_g100_firmware *
fujitsu si-r370b_firmware *
fujitsu si-r570b_firmware *
fujitsu si-r_g200b_firmware *
fujitsu si-r_30b_firmware *
fujitsu sr-m_50ap1_firmware *
fujitsu si-r_g110b_firmware *
fujitsu si-r_130b_firmware *
fujitsu si-r_g200_firmware *
fujitsu si-r_g211_firmware *
fujitsu si-r_g120_firmware *
fujitsu si-r_90brin_firmware *
fujitsu si-r220d_firmware *
CVE-2023-39379

Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060.

Products Affected

Vendor Product Version
fujitsu software_infrastructure_manager 2.8.0.060
CVE-2023-39903

An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. The ismsnap component (in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log) allows insecure collection and storage of authorization credentials in cleartext. That occurs when users perform any ISM Firmware Repository Address setup test (Test the Connection), or regularly authorize against an already configured remote firmware repository site, as set up in ISM Firmware Repository Address. A privileged attacker is therefore able to potentially gather the associated ismsnap maintenance data, in the same manner as a trusted party allowed to export ismsnap data from ISM. The preconditions for an ISM installation to be generally vulnerable are that the Download Firmware (Firmware Repository Server) function is enabled and configured, and that the character \ (backslash) is used in a user credential (i.e., user/ID or password) of the remote proxy host / firmware repository server. NOTE: this may overlap CVE-2023-39379.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.9 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N 1.5 4.0

Products Affected

Vendor Product Version
fujitsu software_infrastructure_manager *
CVE-2023-40238

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
fujitsu lifebook_e5412_firmware *
fujitsu lifebook_e4511_firmware *
fujitsu esprimo_p9012_firmware *
fujitsu celsius_r970bpower_firmware *
fujitsu celsius_w580power_firmware *
fujitsu esprimo_k5010/24_firmware *
fujitsu celsius_r970_firmware *
fujitsu primequest_3800e_firmware *
fujitsu esprimo_p7013_firmware *
fujitsu primergy_tx2550_m5_firmware *
fujitsu primergy_rx2450_m1_firmware *
fujitsu celsius_w580_firmware *
fujitsu esprimo_g9010_firmware *
fujitsu lifebook_u9311_firmware *
fujitsu esprimo_d958_firmware *
fujitsu lifebook_e5512_firmware *
fujitsu primergy_rx4770_m6_firmware *
fujitsu lifebook_e5412/mtc_firmware *
fujitsu lifebook_u5313x_firmware *
fujitsu primergy_tx1330_m4_firmware *
fujitsu lifebook_e746_vpro_firmware -
fujitsu lifebook_u7312_firmware *
fujitsu lifebook_u9313x_firmware *
fujitsu lifebook_u759_firmware *
fujitsu esprimo_p7010_firmware *
fujitsu esprimo_p6012_firmware *
insyde insydeh2o *
fujitsu lifebook_u7311_firmware *
fujitsu primergy_bx2580_m2_firmware *
fujitsu lifebook_e5411_firmware *
fujitsu primergy_rx4770_m7_firmware *
fujitsu celsius_w5012-ll_firmware *
fujitsu esprimo_p9013_firmware *
fujitsu lifebook_u7413_firmware *
fujitsu primergy_tx1330_m5_firmware *
fujitsu lifebook_e5410_firmware *
fujitsu lifebook_u7410_firmware *
fujitsu primergy_cx2570_m4_firmware *
fujitsu lifebook_u9312_firmware *
fujitsu lifebook_e746_firmware -
fujitsu esprimo_g9012_firmware *
fujitsu primergy_tx1320_m3_firmware *
fujitsu primergy_rx4770_m5_firmware *
fujitsu lifebook_e736_firmware -
fujitsu esprimo_d9010_firmware *
fujitsu esprimo_d9011_firmware *
fujitsu celsius_w5012_firmware *
fujitsu primergy_rx1330_m4_firmware *
fujitsu lifebook_u7511_firmware *
fujitsu lifebook_u9312x_firmware *
fujitsu celsius_h980_firmware -
fujitsu primergy_cx2550_m5_firmware *
fujitsu primergy_rx1330_m5_firmware *
fujitsu primergy_cx2560_m5_firmware *
fujitsu lifebook_u729x_firmware *
fujitsu primergy_tx2550_m4_firmware *
fujitsu esprimo_d9013_firmware *
fujitsu esprimo_p558/power_firmware *
fujitsu lifebook_u939x_firmware *
fujitsu lifebook_e5413_firmware *
fujitsu primergy_rx2540_m5_firmware *
fujitsu esprimo_d7010/8_firmware *
fujitsu stylistic_q7310_firmware *
fujitsu primergy_gx2560_m7_firmware *
fujitsu lifebook_u749_firmware *
fujitsu lifebook_e549_firmware *
fujitsu esprimo_d556/2_firmware *
fujitsu celsius_m7010xpower_firmware *
fujitsu esprimo_d757_firmware *
fujitsu lifebook_u939_firmware *
fujitsu celsius_w5011_firmware *
fujitsu celsius_h780_firmware *
fujitsu primergy_rx2450_m2_firmware *
fujitsu celsius_m7010power_firmware *
fujitsu esprimo_p9011_firmware *
fujitsu primergy_tx1320_m5_firmware *
fujitsu primergy_rx2520_m4_firmware *
fujitsu primergy_tx1320_m4_firmware *
fujitsu celsius_j550/2_firmware *
fujitsu lifebook_u7310_firmware *
fujitsu lifebook_a3510_firmware *
fujitsu celsius_m7010_firmware *
fujitsu primergy_tx1330_m3_firmware *
fujitsu esprimo_k558/24_firmware *
fujitsu primergy_rx1330_m3_firmware *
fujitsu celsius_j5010_firmware *
fujitsu lifebook_e5511_firmware *
fujitsu esprimo_q957_firmware *
fujitsu primergy_rx4770_m4_firmware *
fujitsu esprimo_g5010_firmware *
fujitsu stylistic_q5010_firmware *
fujitsu celsius_h5511_firmware *
fujitsu esprimo_p758_firmware *
fujitsu esprimo_d957/e9x+_firmware *
fujitsu primergy_cx2570_m5_firmware *
fujitsu esprimo_q558_firmware *
fujitsu lifebook_e5510_firmware *
fujitsu primergy_rx4770_m3_firmware *
fujitsu esprimo_d6012_firmware *
fujitsu primergy_rx2530_m7_firmware *
fujitsu lifebook_u7613_firmware *
fujitsu esprimo_p7011_firmware *
fujitsu esprimo_q556/2/d_firmware *
fujitsu stylistic_q7312_firmware *
fujitsu esprimo_d7013_firmware *
fujitsu esprimo_g6012_firmware *
fujitsu celsius_r970b_firmware *
fujitsu lifebook_a3511_firmware -
fujitsu esprimo_k557/24_firmware *
fujitsu primergy_gx2460_m1_firmware *
fujitsu esprimo_p5010_firmware *
fujitsu lifebook_u7313_firmware *
fujitsu primergy_cx2560_m6_firmware *
fujitsu esprimo_p958/power_firmware *
fujitsu primergy_rx2530_m4_firmware *
fujitsu primergy_rx2530_m6_firmware *
fujitsu primergy_rx2540_m6_firmware *
fujitsu esprimo_p557_firmware *
fujitsu celsius_m7010x_firmware *
fujitsu lifebook_u7411_firmware *
fujitsu primergy_tx2550_m7_firmware *
fujitsu esprimo_p5011_firmware *
fujitsu esprimo_p9010_firmware *
fujitsu esprimo_q556/2_firmware *
fujitsu esprimo_d9012_firmware *
fujitsu esprimo_q7010_firmware *
fujitsu stylistic_q509_firmware *
fujitsu celsius_j580_firmware *
fujitsu lifebook_e5513_firmware *
fujitsu lifebook_u9310x_firmware *
fujitsu esprimo_q957/mre_firmware *
fujitsu primergy_rx1440_m2_firmware *
fujitsu lifebook_e736_vpro_firmware -
fujitsu esprimo_d957_firmware *
fujitsu celsius_w5010/l_firmware *
fujitsu esprimo_g558_firmware *
fujitsu lifebook_u9413_firmware *
fujitsu lifebook_u729_firmware *
fujitsu lifebook_u7510_firmware *
fujitsu primequest_3800e2_firmware *
fujitsu esprimo_p958_firmware *
fujitsu celsius_c780_firmware *
fujitsu celsius_w570power+_firmware *
fujitsu celsius_h7613_firmware *
fujitsu primergy_rx8770_m7_firmware *
fujitsu esprimo_p957_firmware *
fujitsu esprimo_g9013_firmware *
fujitsu stylistic_q739_firmware *
fujitsu primergy_rx2540_m4_firmware *
fujitsu lifebook_e559_firmware *
fujitsu celsius_w570power_firmware *
fujitsu primergy_cx2560_m4_firmware *
fujitsu primergy_cx2550_m6_firmware *
fujitsu primergy_tx1310_m5_firmware *
fujitsu lifebook_u7512_firmware *
fujitsu esprimo_d7010_firmware *
fujitsu esprimo_d738_firmware *
fujitsu celsius_w570_firmware *
fujitsu primergy_tx1310_m3_firmware *
fujitsu primergy_cx2550_m7_firmware *
fujitsu primergy_rx2520_m5_firmware *
fujitsu celsius_w580power+_firmware *
fujitsu stylistic_q7311_firmware *
fujitsu esprimo_d7012_firmware *
fujitsu esprimo_q958_firmware *
fujitsu esprimo_p7012_firmware *
fujitsu esprimo_q958/mre_firmware *
fujitsu lifebook_u9310_firmware *
fujitsu primergy_cx2550_m4_firmware *
fujitsu esprimo_d7011_firmware *
fujitsu primergy_bx2560_m2_firmware *
fujitsu primergy_gx2570_m6_firmware *
fujitsu primequest_3800b_firmware *
fujitsu primergy_cx2560_m7_firmware *
fujitsu primequest_3800b2_firmware *
fujitsu esprimo_p757_firmware *
fujitsu primergy_rx2540_m7_firmware *
fujitsu celsius_w5010_firmware *
fujitsu celsius_h7510_firmware *
fujitsu esprimo_p9910_firmware *
fujitsu lifebook_u7412_firmware *
fujitsu esprimo_d6011_firmware *
fujitsu esprimo_g5011_firmware *
fujitsu primequest_4400e_firmware *
fujitsu lifebook_e4411_firmware *
fujitsu primergy_rx2530_m5_firmware *
fujitsu lifebook_t939_firmware *
CVE-2023-4092

SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve-coordination@incibe.es 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
fujitsu arconte_aurea 1.5.0.0
CVE-2023-4093

Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
cve-coordination@incibe.es 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 2.1 3.4

Products Affected

Vendor Product Version
fujitsu arconte_aurea 1.5.0.0
CVE-2023-4094

ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the attempt limit set in the login form.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2
cve-coordination@incibe.es 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 3.9 2.5

Products Affected

Vendor Product Version
fujitsu arconte_aurea 1.5.0.0
CVE-2023-4095

User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve-coordination@incibe.es 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
fujitsu arconte_aurea 1.5.0.0
CVE-2023-4096

Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve-coordination@incibe.es 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 3.9 4.7
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N 3.9 4.2

Products Affected

Vendor Product Version
fujitsu arconte_aurea 1.5.0.0
CVE-2024-40617

Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). If a remote authenticated attacker with User Class privilege sends a specially crafted request to the affected product, access restricted files containing sensitive information may be accessed. As a result, Administrator Class privileges of the product may be hijacked.

Products Affected

Vendor Product Version
fujitsu network_edgiot_gw1500_firmware *