Vulnerabilities > Dell > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-31 CVE-2018-11055 Improper Resource Shutdown or Release vulnerability in multiple products
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability.
local
low complexity
dell oracle CWE-404
5.5
5.5
2018-07-02 CVE-2018-1249 Unspecified vulnerability in Dell Idrac9 Firmware
Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs.
network
high complexity
dell
5.9
5.9
2018-06-26 CVE-2018-11053 Incorrect Permission Assignment for Critical Resource vulnerability in Dell EMC Idrac Service Module
Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable.
network
low complexity
dell CWE-732
6.5
6.5
2018-03-26 CVE-2018-1204 Path Traversal vulnerability in Dell EMC Isilon Onefs
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool.
local
low complexity
dell CWE-22
6.7
6.7
2018-03-26 CVE-2018-1203 Incorrect Permission Assignment for Critical Resource vulnerability in Dell EMC Isilon Onefs
In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges.
local
low complexity
dell CWE-732
6.7
6.7
2018-03-26 CVE-2018-1202 Cross-site Scripting vulnerability in Dell EMC Isilon
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface.
network
low complexity
dell CWE-79
4.8
4.8
2018-03-26 CVE-2018-1201 Cross-site Scripting vulnerability in Dell EMC Isilon
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface.
network
low complexity
dell CWE-79
4.8
4.8
2018-03-26 CVE-2018-1189 Cross-site Scripting vulnerability in Dell EMC Isilon
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface.
network
low complexity
dell CWE-79
4.8
4.8
2018-03-26 CVE-2018-1188 Cross-site Scripting vulnerability in Dell EMC Isilon
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface.
network
low complexity
dell CWE-79
4.8
4.8
2018-03-26 CVE-2018-1187 Cross-site Scripting vulnerability in Dell EMC Isilon
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface.
network
low complexity
dell CWE-79
4.8
4.8