Vulnerabilities > Dell > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-27 | CVE-2018-1238 | OS Command Injection vulnerability in Dell EMC Scaleio Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). | 7.5 |
| 2018-03-27 | CVE-2018-1205 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dell EMC Scaleio Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. | 7.5 |
| 2018-03-26 | CVE-2018-1213 | Cross-Site Request Forgery (CSRF) vulnerability in Dell EMC Isilon Onefs Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. | 8.8 |
| 2018-03-23 | CVE-2018-1211 | Path Traversal vulnerability in Dell EMC Idrac7 and EMC Idrac8 Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. | 7.5 |
| 2018-03-19 | CVE-2018-1218 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dell EMC Networker In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. | 7.5 |
| 2018-03-08 | CVE-2018-1215 | Unrestricted Upload of File with Dangerous Type vulnerability in Dell products An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). | 8.8 |
| 2018-02-12 | CVE-2018-1214 | Use of Hard-coded Credentials vulnerability in Dell EMC Supportassist Enterprise 1.1 Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process. | 7.0 |
| 2017-11-28 | CVE-2017-8001 | Information Exposure Through Log Files vulnerability in Dell EMC Scaleio An issue was discovered in EMC ScaleIO 2.0.1.x. | 8.4 |
| 2017-09-22 | CVE-2017-8012 | Unspecified vulnerability in Dell products In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. | 7.4 |
| 2017-09-22 | CVE-2017-8007 | Path Traversal vulnerability in Dell products In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. | 8.8 |