CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2018-11071 – DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability
https://notcve.org/view.php?id=CVE-2018-11071
07 Sep 2018 — Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted. Dell EMC Isilon OneFS en versiones 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1... • https://seclists.org/fulldisclosure/2018/Sep/19 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-14387 – EMC Isilon OneFS NFS Export Security Setting Fallback
https://notcve.org/view.php?id=CVE-2017-14387
20 Dec 2017 — The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may pot... • http://seclists.org/fulldisclosure/2017/Dec/78 •
CVSS: 7.2EPSS: 0%CPEs: 26EXPL: 0CVE-2017-14380 – EMC Isilon OneFS Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-14380
13 Dec 2017 — In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode. En EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1... • http://seclists.org/fulldisclosure/2017/Dec/41 • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2017-8024 – EMC Isilon OneFS Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-8024
16 Oct 2017 — EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system. EMC Isilon OneFS (versiones anteriores a la 8.1.0.1, 8.0.1.2 y 8.0.0.6 y en versiones 7.2.1.x) se ha visto afectado por una vulnerabilidad de Cross-Site Scripting reflejado que podría ser explotada por usuarios maliciosos para comprometer el sist... • http://seclists.org/fulldisclosure/2017/Oct/34 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 30EXPL: 0CVE-2017-4988 – EMC Isilon OneFS Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-4988
21 Jun 2017 — EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system. EMC Isilon OneFS en versiones 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4 y 7.1.x se ha visto afectado por una vulnerabilidad de escalado de privilegios que podría ser explotada por atacantes para comprometer el sistema afectado. EMC Isilon OneFS is affected by a privilege escalation vulnerability that could po... • http://www.securityfocus.com/archive/1/540755/30/0/threaded •
CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 0CVE-2017-4979 – EMC Isilon OneFS NFS Export Upgrade
https://notcve.org/view.php?id=CVE-2017-4979
11 May 2017 — EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports. Isilon OneFS versión 8.0.1.0, OneFS versiones 8.0.0.0 - 8.0.0.2, OneFS versiones 7.2.1.0 - 7.2.1.3 y OneFS versiones 7.2.0.x de EMC, están afectadas por una vulnerabilidad de exportación de NFS. Bajo ciertas condiciones, despué... • http://www.securityfocus.com/archive/1/540551/30/0/threaded •
CVSS: 7.5EPSS: 2%CPEs: 24EXPL: 0CVE-2017-4980 – EMC Isilon OneFS Path Traversal
https://notcve.org/view.php?id=CVE-2017-4980
29 Mar 2017 — EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1. EMC Isilon OneFS es afectada por una vulnerabilidad de recorrido transversal que potencialmente puede ser explotada por los atacantes para comprometer el sistema afectado. Las versiones afectadas son 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3 y 8.0.0 - 8.0.0.1. EMC Isilon OneFS versions 7.1.0 thro... • http://www.securityfocus.com/archive/1/540338/30/0/threaded • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 26EXPL: 0CVE-2016-9870 – EMC Isilon OneFS LDAP Injection
https://notcve.org/view.php?id=CVE-2016-9870
18 Jan 2017 — EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system. EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10 y EMC Isilon OneFS 7.1.0.x está afectado por una vulnerabilidad de inyección LDAP que podría ser potencia... • http://www.securityfocus.com/archive/1/540020/30/0/threaded • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 5.9EPSS: 0%CPEs: 23EXPL: 0CVE-2016-0907 – EMC Isilon OneFS SMB Man-In-The-Middle
https://notcve.org/view.php?id=CVE-2016-0907
27 May 2016 — EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115. EMC Isilon OneFS 7.1.x y 7.2.x en versiones anteriores a 7.2.1.3 y 8.0.x en versiones anteriores a 8.0.0.1 e IsilonSD Edge OneFS 8.0.x en versiones anteriores a 8.0.0.1, no requiere la... • http://seclists.org/bugtraq/2016/May/117 • CWE-254: 7PK - Security Features •