CVE-2021-36296
https://notcve.org/view.php?id=CVE-2021-36296
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system. Dell VNX2 OE for File versiones 8.1.21.266 y anteriores, contienen una vulnerabilidad de ejecución de código remoto autenticado. Un usuario remoto malicioso con privilegios puede aprovechar esta vulnerabilidad para ejecutar comandos en el sistema • https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-36295
https://notcve.org/view.php?id=CVE-2021-36295
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system. Dell VNX2 OE for File versiones 8.1.21.266 y anteriores contienen una vulnerabilidad de ejecución de código remoto autenticado. Un usuario remoto malicioso con privilegios puede aprovechar esta vulnerabilidad para ejecutar comandos en el sistema • https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-36294
https://notcve.org/view.php?id=CVE-2021-36294
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as any user. Dell VNX2 OE for File versiones 8.1.21.266 y anteriores, contienen una vulnerabilidad de omisión de autenticación. Un atacante remoto no autenticado puede explotar esta vulnerabilidad al falsificar una cookie para iniciar sesión como cualquier usuario • https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities • CWE-330: Use of Insufficiently Random Values CWE-331: Insufficient Entropy •
CVE-2021-36289
https://notcve.org/view.php?id=CVE-2021-36289
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it. Dell VNX2 OE for File versiones 8.1.21.266 y anteriores, contienen una vulnerabilidad de divulgación de información confidencial. Un usuario local malicioso puede aprovechar esta vulnerabilidad para leer información confidencial y usarla • https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2021-43589
https://notcve.org/view.php?id=CVE-2021-43589
Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege. Dell EMC Unity, Dell EMC UnityVSA y Dell EMC Unity XT versiones anteriores a 5.1.2.0.5.007, contienen una vulnerabilidad de inyección de comandos del sistema operativo (SO). Un usuario autenticado localmente con altos privilegios puede potencialmente explotar esta vulnerabilidad, conllevando a una ejecución de comandos arbitrarios del SO en el SO subyacente de Unity, con los privilegios de la aplicación vulnerable. • https://www.dell.com/support/kbdoc/en-us/000194836/dsa-2021-271-dell-emc-unity-dell-emc-unity-vsa-and-dell-emc-unity-xt-security-update-for-multiple-vulnerabilities • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •