CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11064 – Dell EMC Unity Family 4.3.0.x / 4.3.1.x Incorrect File Permissions
https://notcve.org/view.php?id=CVE-2018-11064
28 Sep 2018 — Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result in arbitrary code execution with elevated privileges. No user file systems are directly affected by this vulnerability. Dell EMC Unity OE en versiones 4.3.0.x y 4.3.1.x y UnityVSA OE en versiones 4.3.0.x y 4.3.1.x c... • http://www.securityfocus.com/bid/105447 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1246 – Dell EMC Unity Authorization Bypass / XSS / URL Redirection
https://notcve.org/view.php?id=CVE-2018-1246
19 Sep 2018 — Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser. Dell EMC Unity y UnityVSA contiene una vulnerabilidad de Cross-Site Scripting (XSS) reflejado. Un atacante remoto no autenticado podría explotar esta vulnerabilidad engañando a ... • https://seclists.org/fulldisclosure/2018/Sep/30 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 0CVE-2018-1239 – Dell EMC Unity Family OS Command Injection
https://notcve.org/view.php?id=CVE-2018-1239
04 May 2018 — Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed. Dell EMC Unity Operating Environment (OE) en versiones anteriores a la 4.3.0.1522077968 se ve afectado por múltiples vulnerabilidades de inyección de comandos de sistema operativo. Un usuario de ad... • http://seclists.org/fulldisclosure/2018/May/15 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 27EXPL: 0CVE-2018-1183
https://notcve.org/view.php?id=CVE-2018-1183
30 Apr 2018 — In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.23... • http://seclists.org/fulldisclosure/2018/Apr/61 • CWE-611: Improper Restriction of XML External Entity Reference •