Schneider-electric Struxureware_data_center_expert
48 CVEs affecting Schneider-electric Struxureware_data_center_expert. Latest disclosed: 2023-07-12. Critical: 2, High: 15.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-22795 | Critical | 9.1 | 2022-04-13 | A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution… |
CVE-2021-22794 | Critical | 9.1 | 2022-04-13 | A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected P… |
CVE-2023-37197 | High | 8.8 | 2023-07-12 | A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user al… |
CVE-2023-37196 | High | 8.8 | 2023-07-12 | A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user alre… |
CVE-2023-25548 | High | 8.8 | 2023-04-18 | A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured whe… |
CVE-2023-25547 | High | 8.8 | 2023-04-18 | A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low pri… |
CVE-2018-7807 | High | 8.8 | 2018-11-30 | Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file… |
CVE-2018-2814 | High | 8.3 | 2018-04-19 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u… |
CVE-2018-2633 | High | 8.3 | 2018-01-18 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u1… |
CVE-2023-25552 | High | 8.1 | 2023-04-18 | A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauth… |
CVE-2023-25554 | High | 7.8 | 2023-04-18 | A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege es… |
CVE-2018-1124 | High | 7.8 | 2018-05-23 | procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escal… |
CVE-2018-2811 | High | 7.7 | 2018-04-19 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to… |
CVE-2018-2794 | High | 7.7 | 2018-04-19 | Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u1… |
CVE-2018-2637 | High | 7.4 | 2018-01-18 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u17… |
CVE-2023-25550 | High | 7.2 | 2023-04-18 | A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” paramete… |
CVE-2023-25549 | High | 7.2 | 2023-04-18 | A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of… |
CVE-2023-37199 | Medium | 6.8 | 2023-07-12 | A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tamp… |
CVE-2023-37198 | Medium | 6.8 | 2023-07-12 | A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE… |
CVE-2018-2634 | Medium | 6.8 | 2018-01-18 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152… |