CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2021-36318 – Gentoo Linux Security Advisory 202210-09
https://notcve.org/view.php?id=CVE-2021-36318
21 Dec 2021 — Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage. Dell EMC Avamar versiones 18.2,19.1,19.2,19.3,19.4, contienen una vulnerabilidad de almacenamiento de contraseñas en texto plano. Un usuario con muchos privilegios podría explotar esta vulnerabilidad, conllevando a una interrupción completa Multiple vulnerabilities have been discovered in Rust, the worst of w... • https://security.gentoo.org/glsa/202210-09 • CWE-522: Insufficiently Protected Credentials CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36317 – Gentoo Linux Security Advisory 202210-09
https://notcve.org/view.php?id=CVE-2021-36317
21 Dec 2021 — Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Dell EMC Avamar Server versión 19.4, contiene una vulnerabilidad de almacenamiento de contraseñas de texto plano en AvInstaller. Un atacante local podrí... • https://security.gentoo.org/glsa/202210-09 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2021-36316
https://notcve.org/view.php?id=CVE-2021-36316
21 Dec 2021 — Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure of the AUI info and performing some unauthorized operation on the AUI. Dell EMC Avamar Server versiones 18.2, 19.1, 19.2, 19.3 y 19.4, contienen una vulnerabilidad de administración de privilegios inapropiada en AUI. Un usuario malicioso con altos privilegios podría explota... • https://www.dell.com/support/kbdoc/000193369 • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5329
https://notcve.org/view.php?id=CVE-2020-5329
29 Jul 2021 — Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. Dell EMC Avamar Server, contiene una vulnerabilidad de redirección abierta. Un atacante no autenticado remoto puede explotar esta vulnerabilidad para redirigir a usuarios de la aplicación a URLs web arbitrarias al engañar a usuarios víctimas para que hagan clic e... • https://www.dell.com/support/security/en-us/details/541529/DSA-2020-046-Dell-EMC-Avamar-Server-Open-Redirect-Vulnerability • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 10.0EPSS: 12%CPEs: 13EXPL: 0CVE-2020-5341
https://notcve.org/view.php?id=CVE-2020-5341
28 Jul 2021 — Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system. Vulnerabilidad de deserialización de datos no confiables Las versiones 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 y... • https://www.dell.com/support/security/en-us/details/541677/DSA-2020-057-Dell-EMC-Avamar-Server-Deserialization-of-Untrusted-Data-Vulnerability • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.2EPSS: 0%CPEs: 10EXPL: 0CVE-2019-3752
https://notcve.org/view.php?id=CVE-2019-3752
16 Jul 2021 — Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request. Dell EMC Avamar Server versiones 7.4.1, 7.5.0, 7.5.1, 18.2 y 19.1 de y ... • https://www.dell.com/support/security/en-us/details/537853/DSA-2019-119-Dell-EMC-Avamar-XML-External-Entity-Injection-Vulnerability • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21511
https://notcve.org/view.php?id=CVE-2021-21511
15 Feb 2021 — Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data. Dell EMC Avamar Server, versiones 19.3 y 19.4, contienen una vulnerabilidad de Autorización Inapropiada en la Interfaz de Usuario web. Un atacante remoto con pocos privilegios podría aprovechar esta vulnerabilidad para obtener acceso no aut... • https://www.dell.com/support/kbdoc/en-us/000182926/dsa-2021-033-dell-emc-avamar-server-improper-authorization-vulnerability • CWE-285: Improper Authorization •
CVSS: 10.0EPSS: 15%CPEs: 5EXPL: 0CVE-2020-29495
https://notcve.org/view.php?id=CVE-2020-29495
14 Jan 2021 — DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the ea... • https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.7EPSS: 1%CPEs: 5EXPL: 0CVE-2020-29494
https://notcve.org/view.php?id=CVE-2020-29494
14 Jan 2021 — Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files. Dell EMC Avamar Server, versiones 19.1, 19.2, 19.3, contiene una vulnerabilidad de salto de ruta en PDM. Un usuario remoto podría aprovechar esta vulnerabilidad para conseguir acceso de escritura no autorizado a los archiv... • https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 5%CPEs: 5EXPL: 0CVE-2020-29493
https://notcve.org/view.php?id=CVE-2020-29493
14 Jan 2021 — DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunit... • https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •