VYPR

Vendor CVEs

Fujitsu

All CVEs

77 total · sorted by risk
  • CVE-2013-2251CriKEVJul 20, 2013
    risk 0.80cvss 9.8epss 1.00

    Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

  • CVE-2025-62577HigOct 20, 2025
    risk 0.57cvss 8.8epss 0.00

    ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges.

  • CVE-2024-33620HigJun 18, 2024
    risk 0.56cvss 8.6epss 0.01

    Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote attacker.

  • CVE-2025-65001HigNov 12, 2025
    risk 0.53cvss 8.2epss 0.00

    Fujitsu fbiosdrv.sys before 2.5.0.0 allows an attacker to potentially affect system confidentiality, integrity, and availability.

  • CVE-2016-8610HigNov 13, 2017
    risk 0.52cvss 7.5epss 0.40

    A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive…

  • CVE-2026-20893HigJan 7, 2026
    risk 0.51cvss 7.8epss 0.00

    Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to the Windows system where the affected product is installed may execute arbitrary code with…

  • CVE-2020-8177HigDec 14, 2020
    risk 0.51cvss 7.8epss 0.01

    curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

  • CVE-2017-3210HigJul 24, 2018
    risk 0.51cvss 7.8epss 0.01

    Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These…

  • CVE-2017-10855HigSep 15, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2025-65002HigNov 12, 2025
    risk 0.49cvss 7.5epss 0.00

    Fujitsu / Fsas Technologies iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is exactly 16 characters.

  • CVE-2013-2566MedMar 15, 2013
    risk 0.48cvss 5.9epss 0.84

    The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

  • CVE-2024-12782HigDec 19, 2024
    risk 0.47cvss 7.3epss 0.01

    A vulnerability has been found in Fujifilm Business Innovation Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads…

  • CVE-2024-33622MedJun 18, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote…

  • CVE-2021-23840HigFeb 16, 2021
    risk 0.42cvss 7.5epss 0.51

    Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will…

  • CVE-2020-8285HigDec 14, 2020
    risk 0.42cvss 7.5epss 0.10

    curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

  • CVE-2024-34024MedJun 18, 2024
    risk 0.41cvss 6.3epss 0.00

    Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, an unauthenticated remote attacker may determine if a username is valid or not.

  • CVE-2025-68919MedDec 24, 2025
    risk 0.36cvss 5.6epss 0.00

    Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality,…

  • CVE-2024-36454MedJun 12, 2024
    risk 0.34cvss 5.3epss 0.00

    Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series V01L07NF0201 and earlier. If this vulnerability is exploited, the system may be rebooted or suspended by receiving a specially crafted packet.

  • CVE-2015-2808LowApr 1, 2015
    risk 0.30cvss 3.7epss 0.74

    The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing…

  • CVE-2020-8284LowDec 14, 2020
    risk 0.24cvss 3.7epss 0.04

    A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port…

  • CVE-2020-1968LowSep 9, 2020
    risk 0.24cvss 3.7epss 0.05

    The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop…

  • CVE-2023-38433Jul 26, 2023
    risk 0.04cvss epss 0.03

    Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E…

  • CVE-2008-3776Aug 25, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

  • CVE-2007-3011Jul 5, 2007
    risk 0.03cvss epss 0.04

    The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter.

  • CVE-1999-0672Aug 1, 1999
    risk 0.03cvss epss 0.02

    Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics.

  • CVE-2024-40617Jul 17, 2024
    risk 0.01cvss epss 0.01

    Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). If a remote authenticated attacker with User Class privilege sends a specially crafted request to the affected product, access restricted files containing sensitive information may be…

  • CVE-2023-4096Sep 19, 2023
    risk 0.00cvss epss 0.00

    Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user.

  • CVE-2023-4095Sep 19, 2023
    risk 0.00cvss epss 0.00

    User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform.

  • CVE-2023-4094Sep 19, 2023
    risk 0.00cvss epss 0.00

    ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the…

  • CVE-2023-4093Sep 19, 2023
    risk 0.00cvss epss 0.00

    Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious…

  • CVE-2023-4092Sep 19, 2023
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases,…

  • CVE-2023-39903Aug 7, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. The ismsnap component (in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log) allows insecure collection and storage of authorization…

  • CVE-2023-39379Aug 4, 2023
    risk 0.00cvss epss 0.00

    Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows:…

  • CVE-2023-38555Jul 26, 2023
    risk 0.00cvss epss 0.00

    Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. Affected products and versions are as follows: Si-R 30B…

  • CVE-2022-31795Jun 20, 2022
    risk 0.00cvss epss 0.03

    An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to influence the username (user), password (pw), and file-name (file) parameters and…

  • CVE-2022-31794Jun 20, 2022
    risk 0.00cvss epss 0.03

    An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject special characters such…

  • CVE-2022-29516May 18, 2022
    risk 0.00cvss epss 0.02

    The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, 3500), IPCOM EX2 SC(1100, 3200, 3500), IPCOM EX2 NW(1100, 3200, 3500), IPCOM EX2 DC, IPCOM EX2 DC, IPCOM EX IN(2300, 2500, 2700), IPCOM EX LB(1100, 1300, 2300, 2500, 2700), IPCOM…

  • CVE-2022-28806May 4, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410),…

  • CVE-2022-27089Apr 11, 2022
    risk 0.00cvss epss 0.00

    In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level.

  • CVE-2021-20722May 24, 2021
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in the installers of ScanSnap Manager prior to versions V7.0L20 and the Software Download Installer prior to WinSSInst2JP.exe and WinSSInst2iX1500JP.exe allows an attacker to gain privileges and execute arbitrary code with the privilege of the…

  • CVE-2020-17457Mar 17, 2021
    risk 0.00cvss epss 0.01

    Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticated attacker can store an XSS payload in the PSCU_FILE_INIT field of a Save Configuration XML document. The payload is triggered in the HTTP error response pages.

  • CVE-2020-29127Nov 30, 2020
    risk 0.00cvss epss 0.04

    An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplang…

  • CVE-2019-13163Feb 7, 2020
    risk 0.00cvss epss 0.01

    The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage…

  • CVE-2019-18201Oct 24, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, an attacker is able to eavesdrop on sensitive data such as passwords.

  • CVE-2019-18200Oct 24, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, they are prone to keystroke injection attacks.

  • CVE-2019-18199Oct 24, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks.

  • CVE-2019-9835Mar 15, 2019
    risk 0.00cvss epss 0.01

    The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption.

  • CVE-2014-7254Dec 5, 2014
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in ARROWS Me F-11D allows physically proximate attackers to read or modify flash memory via unknown vectors.

  • CVE-2014-7253Dec 5, 2014
    risk 0.00cvss epss 0.00

    FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors.

  • CVE-2014-7252Dec 5, 2014
    risk 0.00cvss epss 0.00

    Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets…

Page 1 of 2