NecCVEs & Vulnerabilities

117 CVEs affecting Nec products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

expresscluster x 79expresscluster x singleserversafe 76aterm w300p firmware 18aterm w300p 18aterm wg1200hp firmware 17aterm wg1200hp 17aterm wf300hp 16aterm wg1400hp 16
CVE-2010-1941HIGH

Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and earlier, as used in SigmaSystemCenter 2.1 Update2 and earlier, BladeSystemCenter, ExpressSystemCenter, and VirtualPCCenter 2.2 and earlier, allows remote attackers to cause a denial of service (OS shutdown or restart) via unknown vectors related to Client Service for DPM and crafted packets to port 56010.

19 May 2010
7.8
CVSS
CVE-2008-0378MEDIUM

Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when "Resolve all names remotely" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname.

22 Jan 2008
6.8
CVSS
CVE-2007-5557HIGH

Unspecified vulnerability in the NEC mobile handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

18 Oct 2007
7.8
CVSS
CVE-2006-6946HIGH

The web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors.

23 Jan 2007
7.5
CVSS
CVE-2006-6947HIGH

The FTP server in the NEC MultiWriter 1700C allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017.

23 Jan 2007
7.8
CVSS
CVE-2005-4465HIGH

The Internet Key Exchange version 1 (IKEv1) implementation in NEC UNIVERGE IX1000, IX2000, and IX3000 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.

22 Dec 2005
7.5
CVSS
CVE-2002-2368CRITICAL

Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in proxy.c for the SOCKS5 module or (2) the HandleS4Connection function in proxy.c for the SOCKS4 module.

31 Dec 2002
10.0
CVSS
CVE-2002-0666MEDIUM

IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.

4 Nov 2002
5.0
CVSS
CVE-2000-1183HIGH

Buffer overflow in socks5 server on Linux allows attackers to execute arbitrary commands via a long connection request.

9 Jan 2001
7.2
CVSS
CVE-1999-1435HIGH

Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows local users to gain privileges via long environmental variables.

10 Jul 1998
7.2
CVSS
CVE-1999-0010MEDIUM

Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.

8 Apr 1998
5.0
CVSS
CVE-1999-0011MEDIUM

Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.

8 Apr 1998
5.4
CVSS
CVE-1999-0009CRITICALpoc

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

8 Apr 1998
10.0
CVSS
CVE-1999-0024MEDIUM

DNS cache poisoning via BIND, by predictable query IDs.

13 Aug 1997
5.0
CVSS
CVE-1999-0040HIGHpoc

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

1 May 1997
7.2
CVSS
CVE-1999-0868HIGH

ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.

20 Feb 1997
7.2
CVSS
CVE-1999-0048CRITICAL

Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.

27 Jan 1997
10.0
CVSS
CVE-1999-0043CRITICAL

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

4 Dec 1996
9.8
CVSS
CVE-1999-0138HIGH

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

26 Jun 1996
7.2
CVSS
CVE-1999-0078LOW

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

18 Apr 1996
1.9
CVSS
CVE-1999-0208CRITICALpoc

rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.

12 Dec 1995
10.0
CVSS
← PrevPage 3 / 3Next →