9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.061 Low
EPSS
Percentile
93.4%
Software: file 5.11
OS: Cobalt 7.9
CVE-ID: CVE-2014-9620
CVE-Crit: HIGH
CVE-DESC: ELF parser in files 5.08 through 5.21 allows remote attackers to cause a denial of service with a large number of notes.
CVE-STATUS: Default
CVE-REV: Default
CVE-ID: CVE-2018-1183
CVE-Crit: CRITICAL
CVE-DESC: In Dell EMC Unisphere for VMAX Virtual Appliance version up to 8.4.0.8, Dell EMC Solutions Enabler virtual appliance version up to 8.4.0.8, Dell EMC VASA Vendor Virtual Appliance version up to 8.4.0.512, Dell EMC SMIS version up to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) version up to 1.4.0.347 inclusive, Dell EMC VNX2 Operating Environment (OE) for file versions up to and including 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for block versions up to and including 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for file versions up to and including 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for block versions up to and including 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment ( OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) up to versions 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only when using the Dell EMC Host Interface for Windows), Dell E MC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only when using the Dell EMC host interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating In environment (OE) versions prior to 4.3.0.1522077968 ECOM is prone to XXE injection vulnerability due to the configuration of the XML parser shipped with the product. An XXE Injection attack can occur when an XML input containing a reference to an external object (defined by an attacker) is processed by a vulnerable XML parser. XXE Injection can allow attackers to gain unauthorized access to files containing sensitive information or can be used for denial of service.
CVE-STATUS: Default
CVE-REV: Default
CVE-ID: CVE-2019-18218
CVE-Crit: CRITICAL.
CVE-DESC: cdf_read_property_info in cdf.c in pre-5.37 does not limit the number of CDF_VECTOR elements, allowing a heap-based buffer overflow (write beyond 4 bytes).
CVE-STATUS: default
CVE-REV: default
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.061 Low
EPSS
Percentile
93.4%