CVSS: 7.2EPSS: 0%CPEs: 26EXPL: 0CVE-2017-14380
https://notcve.org/view.php?id=CVE-2017-14380
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode. En EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x y 7.1.1.x, un usuario con una cuenta de compliance admin (compadmin) puede explotar una vulnerabilidad en los scripts de mantenimiento isi_get_itrace o isi_get_profile para ejecutar cualquier script shell como root del sistema en un clúster en modo compliance. Esto podría conducir a una elevación de privilegios para el usuario compadmin y vulnerar el modo compliance. • http://seclists.org/fulldisclosure/2017/Dec/41 http://www.securityfocus.com/bid/102210 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14378
https://notcve.org/view.php?id=CVE-2017-14378
EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability." RSA Authentication Agent API 8.5 para C y RSA Authentication Agent SDK 8.6 para C de EMC permiten que atacantes omitan la autenticación. Esto se conoce como "Error Handling Vulnerability." • http://seclists.org/fulldisclosure/2017/Nov/48 http://www.securityfocus.com/bid/101979 http://www.securitytracker.com/id/1039877 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-8019
https://notcve.org/view.php?id=CVE-2017-8019
An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation. Se ha descubierto un problema en EMC ScaleIO 2.0.1.x. Una vulnerabilidad en los analizadores sintácticos de mensajes (MDM, SDS y LIA) podría permitir que un atacante remoto no autenticado envíe paquetes especialmente manipulados para detener los servicios de ScaleIO y provocar una situación de denegación de servicio (DoS). • http://seclists.org/fulldisclosure/2017/Nov/35 http://www.securityfocus.com/bid/101991 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2017-8020
https://notcve.org/view.php?id=CVE-2017-8020
An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server. Se ha descubierto un problema en EMC ScaleIO 2.0.1.x. Una vulnerabilidad en el servicio SDBG podría permitir que un atacante remoto no autenticado ejecute comandos arbitrarios con privilegios root en un servidor afectado. • http://seclists.org/fulldisclosure/2017/Nov/35 http://www.securityfocus.com/bid/101995 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14379
https://notcve.org/view.php?id=CVE-2017-14379
EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. Las versiones anteriores a la 8.2 SP1 P6 de EMC RSA Authentication Manager contienen una vulnerabilidad de Cross-Site Scripting (XSS) que podría ser explotada por usuarios maliciosos con el fin de comprometer el sistema afectado. • http://seclists.org/fulldisclosure/2017/Nov/34 http://www.securityfocus.com/bid/101925 http://www.securitytracker.com/id/1039853 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •