Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fujitsu Subscribe
Total 64 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-6109 9 Canonical, Debian, Fedoraproject and 6 more 28 Ubuntu Linux, Debian Linux, Fedora and 25 more 2023-02-23 4.0 MEDIUM 6.8 MEDIUM
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
CVE-2018-20685 9 Canonical, Debian, Fujitsu and 6 more 30 Ubuntu Linux, Debian Linux, M10-1 and 27 more 2023-02-23 2.6 LOW 5.3 MEDIUM
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
CVE-2023-22377 1 Fujitsu 2 Tsclinical Define.xml Generator, Tsclinical Metadata Desktop Tools 2023-02-23 N/A 7.4 HIGH
Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If this vulnerability is exploited, an attacker may obtain an arbitrary file which meets a certain condition by reading a specially crafted XML file.
CVE-2020-1968 5 Canonical, Debian, Fujitsu and 2 more 25 Ubuntu Linux, Debian Linux, M10-1 and 22 more 2022-11-21 4.3 MEDIUM 3.7 LOW
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).
CVE-2021-3326 5 Debian, Fujitsu, Gnu and 2 more 17 Debian Linux, M10-1, M10-1 Firmware and 14 more 2022-11-04 5.0 MEDIUM 7.5 HIGH
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVE-2019-12762 6 Fujitsu, Google, Mi and 3 more 16 Arrows Nx F05-f, Arrows Nx F05-f Firmware, Nexus 7 and 13 more 2022-09-22 1.9 LOW 4.2 MEDIUM
Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.
CVE-2021-23840 7 Debian, Fujitsu, Mcafee and 4 more 27 Debian Linux, M10-1, M10-1 Firmware and 24 more 2022-08-29 5.0 MEDIUM 7.5 HIGH
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
CVE-2022-31795 1 Fujitsu 2 Eternus Cs8000, Eternus Cs8000 Firmware 2022-06-27 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to influence the username (user), password (pw), and file-name (file) parameters and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.
CVE-2022-31794 1 Fujitsu 2 Eternus Cs8000, Eternus Cs8000 Firmware 2022-06-27 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.
CVE-2020-8177 4 Debian, Fujitsu, Haxx and 1 more 15 Debian Linux, M10-1, M10-1 Firmware and 12 more 2022-06-17 4.6 MEDIUM 7.8 HIGH
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
CVE-2018-1000007 5 Canonical, Debian, Fujitsu and 2 more 20 Ubuntu Linux, Debian Linux, M10-1 and 17 more 2022-06-13 5.0 MEDIUM 9.8 CRITICAL
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.
CVE-2022-29516 1 Fujitsu 92 Ipcom Ex2 Dc 3200, Ipcom Ex2 Dc 3200 Firmware, Ipcom Ex2 Dc 3500 and 89 more 2022-06-01 10.0 HIGH 9.8 CRITICAL
The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, 3500), IPCOM EX2 SC(1100, 3200, 3500), IPCOM EX2 NW(1100, 3200, 3500), IPCOM EX2 DC, IPCOM EX2 DC, IPCOM EX IN(2300, 2500, 2700), IPCOM EX LB(1100, 1300, 2300, 2500, 2700), IPCOM EX SC(1100, 1300, 2300, 2500, 2700), and IPCOM EX NW(1100, 1300, 2300, 2500, 2700)) allows a remote attacker to execute an arbitrary OS command via unspecified vectors.
CVE-2022-28806 1 Fujitsu 24 Lifebook A3510, Lifebook A3510 Firmware, Lifebook E449 and 21 more 2022-05-18 7.2 HIGH 7.8 HIGH
An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer's nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler's code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM.
CVE-2020-8285 8 Apple, Debian, Fedoraproject and 5 more 29 Mac Os X, Macos, Debian Linux and 26 more 2022-05-13 5.0 MEDIUM 7.5 HIGH
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
CVE-2020-8284 8 Apple, Debian, Fedoraproject and 5 more 28 Mac Os X, Macos, Debian Linux and 25 more 2022-05-13 4.3 MEDIUM 3.7 LOW
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
CVE-2021-20722 1 Fujitsu 1 Scansnap Manager 2022-05-03 4.4 MEDIUM 7.8 HIGH
Untrusted search path vulnerability in the installers of ScanSnap Manager prior to versions V7.0L20 and the Software Download Installer prior to WinSSInst2JP.exe and WinSSInst2iX1500JP.exe allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory.
CVE-2018-3693 7 Arm, Fujitsu, Intel and 4 more 228 Cortex-a, Cortex-r, M12-1 and 225 more 2022-04-18 4.7 MEDIUM 5.6 MEDIUM
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.
CVE-2022-27089 1 Fujitsu 1 Plugfree Network 2022-04-14 7.2 HIGH 7.8 HIGH
In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level.
CVE-2020-13817 4 Fujitsu, Netapp, Ntp and 1 more 40 M10-1, M10-1 Firmware, M10-4 and 37 more 2022-03-29 5.8 MEDIUM 7.4 HIGH
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
CVE-2019-18199 1 Fujitsu 2 Lx390, Lx390 Firmware 2021-07-21 6.9 MEDIUM 6.6 MEDIUM
An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks.