Vulnerabilities > Dell > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-06-26 CVE-2018-11053 Incorrect Permission Assignment for Critical Resource vulnerability in Dell EMC Idrac Service Module
Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable.
network
low complexity
dell CWE-732
6.5
6.5
2018-03-26 CVE-2018-1204 Path Traversal vulnerability in Dell EMC Isilon Onefs
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool.
local
low complexity
dell CWE-22
6.7
6.7
2018-03-26 CVE-2018-1203 Incorrect Permission Assignment for Critical Resource vulnerability in Dell EMC Isilon Onefs
In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges.
local
low complexity
dell CWE-732
6.7
6.7
2018-03-26 CVE-2018-1202 Cross-site Scripting vulnerability in Dell EMC Isilon
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface.
network
low complexity
dell CWE-79
4.8
4.8
2018-03-26 CVE-2018-1201 Cross-site Scripting vulnerability in Dell EMC Isilon
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface.
network
low complexity
dell CWE-79
4.8
4.8
2018-03-26 CVE-2018-1189 Cross-site Scripting vulnerability in Dell EMC Isilon
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface.
network
low complexity
dell CWE-79
4.8
4.8
2018-03-26 CVE-2018-1188 Cross-site Scripting vulnerability in Dell EMC Isilon
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface.
network
low complexity
dell CWE-79
4.8
4.8
2018-03-26 CVE-2018-1187 Cross-site Scripting vulnerability in Dell EMC Isilon
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface.
network
low complexity
dell CWE-79
4.8
4.8
2018-03-26 CVE-2018-1186 Cross-site Scripting vulnerability in Dell EMC Isilon
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface.
network
low complexity
dell CWE-79
4.8
4.8
2018-03-16 CVE-2017-14384 Path Traversal vulnerability in Dell Storage Manager
In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability.
network
low complexity
dell CWE-22
6.5
6.5