Advisory ROSA-SA-2021-1833

Software: file 5.11
OS: Cobalt 7.9

CVE-ID: CVE-2014-9620
CVE-Crit: HIGH
CVE-DESC: ELF parser in files 5.08 through 5.21 allows remote attackers to cause a denial of service with a large number of notes.
CVE-STATUS: Default
CVE-REV: Default

CVE-ID: CVE-2018-1183
CVE-Crit: CRITICAL
CVE-DESC: In Dell EMC Unisphere for VMAX Virtual Appliance version up to 8.4.0.8, Dell EMC Solutions Enabler virtual appliance version up to 8.4.0.8, Dell EMC VASA Vendor Virtual Appliance version up to 8.4.0.512, Dell EMC SMIS version up to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) version up to 1.4.0.347 inclusive, Dell EMC VNX2 Operating Environment (OE) for file versions up to and including 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for block versions up to and including 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for file versions up to and including 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for block versions up to and including 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment ( OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) up to versions 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only when using the Dell EMC Host Interface for Windows), Dell E MC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only when using the Dell EMC host interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating In environment (OE) versions prior to 4.3.0.1522077968 ECOM is prone to XXE injection vulnerability due to the configuration of the XML parser shipped with the product. An XXE Injection attack can occur when an XML input containing a reference to an external object (defined by an attacker) is processed by a vulnerable XML parser. XXE Injection can allow attackers to gain unauthorized access to files containing sensitive information or can be used for denial of service.
CVE-STATUS: Default
CVE-REV: Default

CVE-ID: CVE-2019-18218
CVE-Crit: CRITICAL.
CVE-DESC: cdf_read_property_info in cdf.c in pre-5.37 does not limit the number of CDF_VECTOR elements, allowing a heap-based buffer overflow (write beyond 4 bytes).
CVE-STATUS: default
CVE-REV: default