CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2018-15768 – Insecure MySQL Configuration Vulnerability
https://notcve.org/view.php?id=CVE-2018-15768
Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database. Dell OpenManage Network Manager, en versiones anteriores a la 6.5.0, habilitaba el acceso de lectura/escritura al sistema de archivos para los usuarios de MySQL debido a una opción de configuración insegura por defecto para la base de datos embebida de MySQL. • https://www.exploit-db.com/exploits/45852 http://www.securityfocus.com/bid/105914 https://www.dell.com/support/article/us/en/04/sln314610/dell-openmanage-network-manager-security-vulnerabilities • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11062 – Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability
https://notcve.org/view.php?id=CVE-2018-11062
Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files. Integrated Data Protection Appliance en versiones 2.0, 2.1 y 2.2 contiene cuentas no documentadas llamadas "support" y "admin" que están protegidas por contraseñas por defecto. Estas cuentas tienen privilegios limitados y pueden acceder solo a ciertos archivos del sistema. • http://www.securityfocus.com/bid/105764 https://seclists.org/fulldisclosure/2018/Oct/53 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15765
https://notcve.org/view.php?id=CVE-2018-15765
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks. Dell EMC Secure Remote Services en versiones anteriores a la 3.32.00.08 contiene una vulnerabilidad de exposición de información. El archivo de registro almacena datos sensibles incluyendo los comandos ejecutados para generar tokens de autenticación que podrían ser útiles para un atacante para que manipule tokens de autenticación maliciosos para consultar la aplicación y realizar más ataques. • http://www.securityfocus.com/bid/105694 http://www.securitytracker.com/id/1041877 https://seclists.org/fulldisclosure/2018/Oct/35 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15766 – Dell Encryption and Dell Endpoint Security Suite Enterprise Security Policy Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2018-15766
On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device. This value is defined during the installation of the "Encryption Management Agent" or "EMAgent" application. There are no other known values modified. A la hora de instalarse, Dell Encryption en versiones anteriores a la 10.0.1 y Dell Endpoint Security Suite Enterprise en versiones anteriores a la 2.0.1 sobrescribirá y establecerá manualmente el objeto de política de grupo "Minimum Password Length" a un valor de 1 en ese dispositivo. • https://www.dell.com/support/article/us/en/04/sln313561/dell-encryption-and-dell-endpoint-security-suite-enterprise-security-policy-overwrite-vulnerability?lang=en • CWE-521: Weak Password Requirements •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11072
https://notcve.org/view.php?id=CVE-2018-11072
Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges. Dell Digital Delivery en versiones anteriores a la 3.5.1 contiene una vulnerabilidad de inyección de DLL. Un usuario local autenticado malicioso con conocimientos avanzados del flujo de trabajo de la aplicación podría cargar y ejecutar un DLL malicioso con privilegios de administrador. • https://www.dell.com/support/article/us/en/04/sln313559/dell-digital-delivery-dll-injection-vulnerability?lang=en • CWE-427: Uncontrolled Search Path Element •