CVE-2021-36327
https://notcve.org/view.php?id=CVE-2021-36327
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice. Dell EMC Streaming Data Platform versiones anteriores a 1.3, contienen una Vulnerabilidad de tipo Server Side Request Forgery. Un atacante remoto no autenticado puede explotar potencialmente esta vulnerabilidad para llevar a cabo un escaneo de puertos de redes internas y realizar peticiones HTTP a un dominio arbitrario de la elección del atacante • https://www.dell.com/support/kbdoc/en-in/000193697/dsa-2021-205-dell-emc-streaming-data-platform-security-update-for-third-party-vulnerabilities • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-36326
https://notcve.org/view.php?id=CVE-2021-36326
Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format. Dell EMC Streaming Data Platform, versiones anteriores a 1.3, contienen una vulnerabilidad de SSL Strip en la interfaz de usuario (UI). Un atacante remoto no autenticado podría potencialmente explotar esta vulnerabilidad, conllevando a un descenso de las comunicaciones entre el cliente y el servidor a un formato no cifrado • https://www.dell.com/support/kbdoc/en-in/000193697/dsa-2021-205-dell-emc-streaming-data-platform-security-update-for-third-party-vulnerabilities • CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVE-2021-36335
https://notcve.org/view.php?id=CVE-2021-36335
Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, leading to execution of arbitrary files on the server Dell EMC CloudLink versiones 7.1 y todas las versiones anteriores contienen una vulnerabilidad de Comprobación de Entrada Inapropiada. Un atacante remoto con pocos privilegios, puede potencialmente explotar esta vulnerabilidad, conllevando a una ejecución de archivos arbitrarios en el servidor • https://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-force-com-one-one-app • CWE-20: Improper Input Validation •
CVE-2021-36334
https://notcve.org/view.php?id=CVE-2021-36334
Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine Dell EMC CloudLink versiones 7.1 y todas las versiones anteriores contienen una Vulnerabilidad de Inyección de fórmula CSV. Un atacante remoto con altos privilegios, puede potencialmente explotar esta vulnerabilidad, conllevando a una ejecución de código arbitrario en la máquina del usuario final • https://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-force-com-one-one-app • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVE-2021-36333
https://notcve.org/view.php?id=CVE-2021-36333
Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low privileged attacker, may potentially exploit this vulnerability, leading to an application crash. Dell EMC CloudLink versiones 7.1 y todas las versiones anteriores, contienen una Vulnerabilidad de Desbordamiento del Búfer. Un atacante local con pocos privilegios podría explotar esta vulnerabilidad, conllevando a un bloqueo de la aplicación • https://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-force-com-one-one-app https://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-force-com-one-one-apphttps://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-force-com-one-one-app • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •