Filtered by vendor Dell
Subscribe
Total
1046 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1213 | 1 Dell | 1 Emc Isilon Onefs | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application. | |||||
| CVE-2018-1212 | 1 Dell | 2 Idrac6 Modular, Idrac6 Monolithic | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system. | |||||
| CVE-2018-1211 | 1 Dell | 2 Emc Idrac7, Emc Idrac8 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings. | |||||
| CVE-2018-1207 | 1 Dell | 2 Emc Idrac7, Emc Idrac8 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. | |||||
| CVE-2018-1205 | 1 Dell | 1 Emc Scaleio | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash. | |||||
| CVE-2018-1204 | 1 Dell | 1 Emc Isilon Onefs | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges. | |||||
| CVE-2018-1203 | 1 Dell | 1 Emc Isilon Onefs | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges. | |||||
| CVE-2018-1202 | 1 Dell | 1 Emc Isilon | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2018-1201 | 1 Dell | 1 Emc Isilon | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2018-1189 | 1 Dell | 1 Emc Isilon | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2018-1188 | 1 Dell | 1 Emc Isilon | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2018-1187 | 1 Dell | 1 Emc Isilon | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2018-1186 | 1 Dell | 1 Emc Isilon | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2018-1185 | 1 Dell | 2 Emc Recoverpoint, Emc Recoverpoint For Virtual Machines | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges. | |||||
| CVE-2018-1184 | 1 Dell | 2 Emc Recoverpoint, Emc Recoverpoint For Virtual Machines | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges. | |||||
| CVE-2018-1183 | 1 Dell | 16 Emc Smis, Emc Solutions Enabler Virtual Appliance, Emc Unisphere and 13 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, ECOM is affected by a XXE injection vulnerability due to the configuration of the XML parser shipped with the product. XXE Injection attack may occur when XML input containing a reference to an external entity (defined by the attacker) is processed by an affected XML parser. XXE Injection may allow attackers to gain unauthorized access to files containing sensitive information or may be used to cause denial-of-service. | |||||
| CVE-2018-15784 | 1 Dell | 1 Networking Os10 | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | |||||
| CVE-2018-15781 | 1 Dell | 1 Wyse Thinlinux | 2024-11-21 | 7.9 HIGH | 7.9 HIGH |
| The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text. | |||||
| CVE-2018-15778 | 1 Dell | 1 Networking Os10 | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI). | |||||
| CVE-2018-15776 | 1 Dell | 2 Idrac7 Firmware, Idrac8 Firmware | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
| Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell. | |||||