CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5328
https://notcve.org/view.php?id=CVE-2020-5328
06 Mar 2020 — Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur. Dell EMC Isilon OneFS versiones anteriores a 8.2.0, contienen una vulnerabilidad de acceso no autorizado debido a una falta de comprobaciones de autorización exhaustivas cuando SyncIQ es licenciada, pero las sincronizaciones cifradas no son... • https://www.dell.com/support/security/en-us/details/541423/DSA-2020-039-Dell-EMC-Isilon-OneFS-Security-Update-for-a-SyncIQ-Vulnerability • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-5318
https://notcve.org/view.php?id=CVE-2020-5318
06 Feb 2020 — Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication. Dell EMC Isilon OneFS versiones 8.1.2, 8.1.0.4, 8.1.0.3 y 8.0.0.7, presenta una vulnerabilidad en a... • https://www.dell.com/support/security/en-us/details/540708/DSA-2020-018-Dell-EMC-Isilon-OneFS-Security-Update-for-Improper-Authorization-Vulnerability • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 4.8EPSS: 5%CPEs: 5EXPL: 3CVE-2018-1189 – Dell EMC Isilon OneFS - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1189
14 Feb 2018 — Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. Dell EMC Isilon en versiones entre la 8.1.0.0 y la 8.1.0.1, la 8.0.1.0 y la 8.0.1.2 y entre la 8.0.0.0 y la ... • https://packetstorm.news/files/id/146404 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 2%CPEs: 5EXPL: 3CVE-2018-1186 – Dell EMC Isilon OneFS - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1186
14 Feb 2018 — Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. Dell EMC Isilon en versiones entre la 8.1.0.0 y la 8.1.0.1, la 8.0.1.0 y la 8.0.1.2 y entre la 8.0.0.0 y la... • https://packetstorm.news/files/id/146404 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 2%CPEs: 3EXPL: 3CVE-2018-1187 – Dell EMC Isilon OneFS - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1187
14 Feb 2018 — Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. Dell EMC Isilon en versiones entre la 8.1.0.0 y la 8.1.0.1, la 8.0.1.0 y la 8.0.1.2 y entre la 8.0.0.0 y la 8.0.0.6 contiene una vulnera... • https://packetstorm.news/files/id/146404 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 2%CPEs: 4EXPL: 3CVE-2018-1188 – Dell EMC Isilon OneFS - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1188
14 Feb 2018 — Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. Dell EMC Isilon en versiones entre la 8.1.0.0 y la 8.1.0.1, la 8.0.1.0 y la 8.0.1.2 y entre la 8.0.0.0 y la 8.0.... • https://packetstorm.news/files/id/146404 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 2%CPEs: 4EXPL: 3CVE-2018-1201 – Dell EMC Isilon OneFS - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1201
14 Feb 2018 — Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. Dell EMC Isilon, en versiones entre la 8.1.0.0 y la 8.1.0.1, la 8.0.1.0 y la 8.0.1.2 y entre la 8.0.0.0... • https://packetstorm.news/files/id/146404 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 2%CPEs: 4EXPL: 3CVE-2018-1202 – Dell EMC Isilon OneFS - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1202
14 Feb 2018 — Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. Dell EMC Isilon, en versiones entre la 8.1.0.0 y la 8.1.0.1, la 8.0.1.0 y la 8.0.1.2 y entre la 8.0.0.0 y la 8.0.0.6, así como en l... • https://packetstorm.news/files/id/146404 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 1%CPEs: 3EXPL: 3CVE-2018-1203 – Dell EMC Isilon OneFS - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1203
14 Feb 2018 — In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges. En Dell EMC Isilon OneFS, el usuario compadmin puede ejecutar el binario tcpdump con privilegios root. En versiones entre la 8.1.0.0 y la 8.1.0.1, la 8.0.1.0 y la 8.0.1.2 y entre la 8.0.0.0 y la 8.0.0.6, el binari... • https://packetstorm.news/files/id/146404 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 3CVE-2018-1204 – Dell EMC Isilon OneFS - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1204
14 Feb 2018 — Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges. Dell EMC Isilon OneFS, en versiones entre la 8.1.0.0 y la 8.1.0.1, la 8.0.1.0 y la 8.0.1.2 y entre la 8.0.0.0 y la 8.0.0.6; versiones 7.2.1.x y versión 7.1.1.11, contiene un salto de dir... • https://packetstorm.news/files/id/146404 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •