CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-14387 – EMC Isilon OneFS NFS Export Security Setting Fallback
https://notcve.org/view.php?id=CVE-2017-14387
20 Dec 2017 — The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may pot... • http://seclists.org/fulldisclosure/2017/Dec/78 •
CVSS: 7.2EPSS: 0%CPEs: 26EXPL: 0CVE-2017-14380 – EMC Isilon OneFS Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-14380
13 Dec 2017 — In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode. En EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1... • http://seclists.org/fulldisclosure/2017/Dec/41 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2017-14378 – RSA Authentication Agent SDK for C Error Handling
https://notcve.org/view.php?id=CVE-2017-14378
27 Nov 2017 — EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability." RSA Authentication Agent API 8.5 para C y RSA Authentication Agent SDK 8.6 para C de EMC permiten que atacantes omitan la autenticación. Esto se conoce como "Error Handling Vulnerability." A security vulnerability in RSA Authentication Agent API/SDK for C versions 8.5 and 8.6 could potentially lead to authentication bypass in certain limited i... • http://seclists.org/fulldisclosure/2017/Nov/48 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14379 – RSA Authentication Manager 8.2 SP1 P5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-14379
21 Nov 2017 — EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. Las versiones anteriores a la 8.2 SP1 P6 de EMC RSA Authentication Manager contienen una vulnerabilidad de Cross-Site Scripting (XSS) que podría ser explotada por usuarios maliciosos con el fin de comprometer el sistema afectado. RSA Authentication Manager versions 8.2 SP1 P5 and below suffer from a stored cross site scripting vul... • http://seclists.org/fulldisclosure/2017/Nov/34 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2017-8019 – EMC ScaleIO 2.0.1.x DoS / Buffer Overflow / Information Disclosure
https://notcve.org/view.php?id=CVE-2017-8019
21 Nov 2017 — An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation. Se ha descubierto un problema en EMC ScaleIO 2.0.1.x. Una vulnerabilidad en los analizadores sintácticos de mensajes (MDM, SDS y LIA) podría permitir que un atacante remoto no autenticado envíe paquetes especialmente manipulados para detener los s... • http://seclists.org/fulldisclosure/2017/Nov/35 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 9%CPEs: 4EXPL: 0CVE-2017-8020 – EMC ScaleIO 2.0.1.x DoS / Buffer Overflow / Information Disclosure
https://notcve.org/view.php?id=CVE-2017-8020
21 Nov 2017 — An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server. Se ha descubierto un problema en EMC ScaleIO 2.0.1.x. Una vulnerabilidad en el servicio SDBG podría permitir que un atacante remoto no autenticado ejecute comandos arbitrarios con privilegios root en un servidor afectado. EMC ScaleIO versions 2.0.1.3, 2.0.1.2, 2.0.1.1, and 2.0.1 su... • http://seclists.org/fulldisclosure/2017/Nov/35 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 4EXPL: 0CVE-2017-14375 – EMC Unisphere For VMAX vApp Manager ORBServlet Remote Credential Creation Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-14375
31 Oct 2017 — EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system. EMC Unisphere para VMAX Virtual Appliance (vApp... • http://seclists.org/fulldisclosure/2017/Oct/70 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14376 – EMC AppSync Server Hardcoded Password
https://notcve.org/view.php?id=CVE-2017-14376
31 Oct 2017 — EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. EMC AppSync Server, en versiones anteriores a la 3.5.0.1, contiene cuentas de bases de datos con contraseñas embebidas, lo que podría ser explotado por usuarios maliciosos con el fin de comprometer el sistema afectado. EMC AppSync contains database accounts with hardcoded passwords that could potentially be exploited by malicious us... • http://seclists.org/fulldisclosure/2017/Oct/68 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14373 – RSA Authentication Manager 8.2 SP1 P4 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-14373
27 Oct 2017 — EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. EMC RSA Authentication Manager 8.2 SP1 P4 y anteriores contiene una vulnerabilidad de Cross-Site Scripting (XSS) reflejado que podría ser explotada por usuarios maliciosos con el fin de comprometer el sistema afectado. RSA Authentication Manager version 8.2 SP1 Patch 5 contains a fix for a reflected cross site ... • http://seclists.org/fulldisclosure/2017/Oct/62 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 1%CPEs: 25EXPL: 0CVE-2017-8022 – EMC NetWorker Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-8022
16 Oct 2017 — An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system's platform. Se ha descubierto un problema en EMC NetWorker (versiones anteriores a la 8.2.4.9, todas l... • http://seclists.org/fulldisclosure/2017/Oct/35 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •