CVE Daily
← All tags

Tag: DaoCloud Enterprise

All CVEs associated with "DaoCloud Enterprise". Page 1/1 • 44 CVEs.

About “DaoCloud Enterprise”

A curated feed of “DaoCloud Enterprise”-related CVEs appears below. We currently track 44 CVEs for this tag (all time). In the last 365 days, 4 were published. Average CVSS is 6.9 (all time; 6.1 over 365d), and 52% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE-415 - Double Free, CWE-476 - NULL Pointer Dereference.

In our taxonomy this topic maps to a LOW impact class. Container and Kubernetes fixes usually require image rebuilds and control plane or node upgrades. Prioritize exposed surfaces, restart workloads on patched bases, and tighten RBAC and NetworkPolicies. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: dce

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestExtended SupportEOLLTS
5.05.0-20260131
4.02022.12.15.4.0.11 Expired
3.02021.12.30.3.0.8 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “DaoCloud Enterprise”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-01-07
Medium

CVE-2026-20027

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensit…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2026-20026

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak s…

CVSS: 5.8 CWE: CWE-415 - Double Free View on NVD
2025-09-05
Medium

CVE-2025-39707

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities HUBBUB structure is not initialized on DCE hardware, so che…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2025-07-25
High

CVE-2025-38361

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check dce_hwseq before dereferencing it [WHAT] hws was checked for null earlier in dce110_blank_stream, indicat…

CVSS: 7.8 CWE: N/A View on NVD
2025-01-11
Medium

CVE-2024-53680

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Under certain kernel configurations when building with Cl…

CVSS: 5.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
2023-11-06
Medium

CVE-2023-42669

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be bloc…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2023-07-12
Medium

CVE-2023-37199

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually…

CVSS: 6.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2023-37198

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages.

CVSS: 6.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2023-37197

A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauth…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2023-37196

A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauth…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2023-04-18
Medium

CVE-2023-25553

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver.…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2023-25552

A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device…

CVSS: 8.1 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-25551

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP.…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2023-25549

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint.…

CVSS: 7.2 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2023-25548

A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user…

CVSS: 8.8 CWE: CWE-863 - Incorrect Authorization View on NVD
2023-01-30
High

CVE-2022-32520

A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is uniqu…

CVSS: 8.0 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
High

CVE-2022-32519

A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Pro…

CVSS: 8.0 CWE: CWE-257 - Storing Passwords in a Recoverable Format View on NVD
High

CVE-2022-32518

A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is uniqu…

CVSS: 8.0 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
2022-03-02
High

CVE-2021-3738

In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sa…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-23192

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2021-04-28
Medium

CVE-2021-31777

The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account.

CVSS: 4.9 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2020-02-11
High

CVE-2019-13946

Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could le…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2020-02-03
Medium

CVE-2014-8328

The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the updat…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2019-12-11
High

CVE-2019-19707

On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.

CVSS: 7.5 CWE: N/A View on NVD
2018-11-28
Medium

CVE-2018-16852

Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or t…

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2016-04-25
Medium

CVE-2015-5370

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a…

CVSS: 5.9 CWE: N/A View on NVD
2015-07-14
High

CVE-2015-2370

The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, W…

CVSS: 7.2 CWE: CWE-264 View on NVD
2013-12-10
High

CVE-2013-4408

Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote…

CVSS: 8.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2012-04-05
Critical

CVE-2012-0131

Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS: 10.0 CWE: N/A View on NVD
2008-12-11
High

CVE-2008-4418

Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.

CVSS: 7.8 CWE: N/A View on NVD
2007-12-20
Critical

CVE-2007-6507

SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote…

CVSS: 10.0 CWE: CWE-264 View on NVD
2007-12-15
Critical

CVE-2007-6195

Buffer overflow in the sw_rpc_agent_init function in swagentd in Software Distributor (SD), and possibly other DCE applications, in HP HP-UX B.11.11 and B.11.23 allows remote attackers to execute arb…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-02-20
Critical

CVE-2006-5276

Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted…

CVSS: 10.0 CWE: N/A View on NVD
2005-11-17
High

CVE-2005-3644

PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consum…

CVSS: 7.8 CWE: CWE-399 View on NVD
2004-08-06
Critical

CVE-2004-0716

Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amoun…

CVSS: 10.0 CWE: N/A View on NVD
2003-10-20
Medium

CVE-2003-0746

Various Distributed Computing Environment (DCE) implementations, including HP OpenView, allow remote attackers to cause a denial of service (process hang or termination) via certain malformed inputs,…

CVSS: 5.0 CWE: N/A View on NVD
2003-07-24
Medium

CVE-2003-0428

Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string.

CVSS: 5.0 CWE: N/A View on NVD
2002-10-04
Low

CVE-2002-0992

Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced or (2) rpcd on HP-UX 11.11 allows attackers to cause a denial of service (crash) via an attack that modifies internal data.

CVSS: 2.1 CWE: N/A View on NVD
Medium

CVE-2002-1041

Unknown vulnerability in DCE (1) SMIT panels and (2) configuration commands, possibly related to relative pathnames.

CVSS: 5.0 CWE: N/A View on NVD
2002-02-13
Low

CVE-2001-1079

create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of se…

CVSS: 3.6 CWE: N/A View on NVD
2000-06-05
Medium

CVE-2000-0544

Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length.

CVSS: 5.0 CWE: N/A View on NVD
1999-02-24
High

CVE-1999-1247

Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x allows attackers to gain root privileges.

CVSS: 7.2 CWE: N/A View on NVD
1997-10-24
Medium

CVE-1999-1131

Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization.

CVSS: 5.0 CWE: N/A View on NVD
1996-09-17
Medium

CVE-1999-1295

Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 does not properly initialize the grouplist for users who belong to a large number of groups, which could allow those users to ga…

CVSS: 4.6 CWE: N/A View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox