CVSS: 9.0EPSS: 1%CPEs: 9EXPL: 0CVE-2021-36296
https://notcve.org/view.php?id=CVE-2021-36296
25 Jan 2022 — Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system. Dell VNX2 OE for File versiones 8.1.21.266 y anteriores, contienen una vulnerabilidad de ejecución de código remoto autenticado. Un usuario remoto malicioso con privilegios puede aprovechar esta vulnerabilidad para ejecutar comandos en el sistema • https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 9EXPL: 0CVE-2021-36295
https://notcve.org/view.php?id=CVE-2021-36295
25 Jan 2022 — Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system. Dell VNX2 OE for File versiones 8.1.21.266 y anteriores contienen una vulnerabilidad de ejecución de código remoto autenticado. Un usuario remoto malicioso con privilegios puede aprovechar esta vulnerabilidad para ejecutar comandos en el sistema • https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-36294
https://notcve.org/view.php?id=CVE-2021-36294
25 Jan 2022 — Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as any user. Dell VNX2 OE for File versiones 8.1.21.266 y anteriores, contienen una vulnerabilidad de omisión de autenticación. Un atacante remoto no autenticado puede explotar esta vulnerabilidad al falsificar una cookie para iniciar sesión como cualquier usuario • https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities • CWE-330: Use of Insufficiently Random Values CWE-331: Insufficient Entropy •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-36289
https://notcve.org/view.php?id=CVE-2021-36289
25 Jan 2022 — Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it. Dell VNX2 OE for File versiones 8.1.21.266 y anteriores, contienen una vulnerabilidad de divulgación de información confidencial. Un usuario local malicioso puede aprovechar esta vulnerabilidad para leer información confidencial y usarla • https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-43589
https://notcve.org/view.php?id=CVE-2021-43589
24 Jan 2022 — Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege. Dell EMC Unity, Dell EMC UnityVSA y Dell EMC Unity XT versiones anteriores a 5.1.2.... • https://www.dell.com/support/kbdoc/en-us/000194836/dsa-2021-271-dell-emc-unity-dell-emc-unity-vsa-and-dell-emc-unity-xt-security-update-for-multiple-vulnerabilities • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21591
https://notcve.org/view.php?id=CVE-2021-21591
12 Jul 2021 — Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. Dell EMC Unity, Unity XT y UnityVSA versiones anteriores a 5.1.0.5.394, contienen una vulnerabilidad de almacenamiento de contraseñas en texto plano. Un usuario local malicioso con altos privilegios puede usar la contraseña expuesta para conseguir acceso ... • https://www.dell.com/support/kbdoc/000189204 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21590
https://notcve.org/view.php?id=CVE-2021-21590
12 Jul 2021 — Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. Dell EMC Unity, Unity XT y UnityVSA versiones anteriores a 5.1.0.5.394, contienen una vulnerabilidad en el almacenamiento de contraseñas de texto plano. Un usuario local malicioso con altos privilegios puede usar la contraseña expuesta para conseguir acce... • https://www.dell.com/support/kbdoc/000189204 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21589
https://notcve.org/view.php?id=CVE-2021-21589
12 Jul 2021 — Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user could potentially exploit this vulnerability to escalate privileges. Dell EMC Unity, Unity XT y UnityVSA versiones anteriores a 5.1.0.5.394, no escapan en un fallo de inicialización. Un usuario local autenticado del Servicio podría explotar potencialmente esta vulnerabilidad para escalar privilegios • https://www.dell.com/support/kbdoc/000189204 •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21547
https://notcve.org/view.php?id=CVE-2021-21547
30 Apr 2021 — Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. Dell EMC Unity, UnityVSA y Unity XT versiones anteriores a 5.0.7.0.5.008 contienen una vulnerabilidad de almacenamiento d... • https://www.dell.com/support/kbdoc/000185484 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-29490
https://notcve.org/view.php?id=CVE-2020-29490
05 Jan 2021 — Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests. Las versiones de Dell EMC Unity, Unity XT y UnityVSA versiones anteriores a 5.0.4.0.5.012, contienen una vulnerabilidad de Denegación de Servicio en Servidores NAS con exportaciones NFS. ... • https://www.dell.com/support/kbdoc/000181248 • CWE-400: Uncontrolled Resource Consumption •