CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2018/03/26 6:29 p.m.•19 views

CVE-2018-1186

4.8CVSS4.8AI score0.02397EPSS

Prion•added 2018/03/26 6:29 p.m.•12 views

Cross site scripting

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may...

3.5CVSS5.5AI score0.02397EPSS

CVE•added 2018/03/26 6:0 p.m.•75 views

CVE-2018-1202

CVE-2018-1202 is a cross-site scripting vulnerability in the Dell EMC Isilon OneFS NDMP web page. The weakness arises in the OneFS Web administration interface where NDMP page input can inject HTML/JS into the user’s browser session. Affected are Isilon OneFS versions 8.0.0.0–8.0.0.6, 8.0.1.0–8.0...

CVE•added 2018/03/26 6:0 p.m.•68 views

CVE-2018-1201

Dell EMC Isilon OneFS Web Console (Job Operations Page) is affected by cross-site scripting (CVE-2018-1201) across multiple releases (8.0.x, 8.1.x, 7.2.1.x, 7.1.1.11). Root cause: insufficient input sanitization in several endpoints (e.g., job/policies, cluster/identity, network, etc.) that proce...

Cvelist•added 2018/03/26 6:0 p.m.•20 views

CVE-2018-1203

In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges...

8AI score0.01083EPSS

CVE•added 2018/03/26 6:0 p.m.•57 views

CVE-2018-1189

CVE-2018-1189 affects Dell EMC Isilon OneFS Web Console (Antivirus page) and is a cross-site scripting vulnerability. The issue arises in the Antivirus page of the OneFS web administration interface, enabling a malicious administrator to inject arbitrary HTML/JavaScript in a user’s browser sessio...

4.8CVSS5.6AI score0.05616EPSS

Cvelist•added 2018/03/26 6:0 p.m.•22 views

CVE-2018-1189

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially...

6.2AI score0.05616EPSS

CVE•added 2018/03/26 6:0 p.m.•64 views

CVE-2018-1187

Dell EMC Isilon OneFS (web UI) vulnerabilities: multiple XSS issues in the Network Configuration and related Web Console endpoints (CVE-2018-1187 and related CVEs such as 2018-1186, 1188, 1189, 1201–1204, 1213) allow remote injection of HTML/JS by authenticated users. Industry advisories (Core Se...

Cvelist•added 2018/03/26 6:0 p.m.•22 views

CVE-2018-1213

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized reques...

8.6AI score0.00355EPSS

CVE•added 2018/03/26 6:0 p.m.•64 views

CVE-2018-1188

CVE-2018-1188 is a cross-site scripting vulnerability affecting Dell EMC Isilon OneFS Web UI (Authorization Providers page). Affected are OneFS versions 8.1.0.0–8.1.0.1, 8.0.1.0–8.0.1.2, 8.0.0.0–8.0.0.6, and 7.2.1.x. The issue arises from XSS in the Authorization Providers page, allowing injectio...

CVE•added 2018/03/26 6:0 p.m.•65 views

CVE-2018-1186

Dell EMC Isilon OneFS Web Console (Cluster description) contains cross-site scripting vulnerabilities across multiple versions. Affected: OneFS Web administration interface in Isilon clusters running 7.1.1.11, 7.2.1.x, 8.0.0.0–8.0.0.6, 8.0.1.0–8.0.1.2, 8.1.0.0–8.1.0.1. The root cause is insuffici...

CVE•added 2018/03/26 6:0 p.m.•74 views

CVE-2018-1213

CVE-2018-1213 refers to cross-site request forgery vulnerabilities in Dell EMC Isilon OneFS. Affected versions include OneFS 8.1.0.0–8.1.0.1, 8.0.1.0–8.0.1.2, 8.0.0.0–8.0.0.6, 7.2.1.x, 7.1.1.11, and 8.1.0.2. The issue arises from the Web console lacking anti-CSRF protections, allowing an authenti...

8.8CVSS7.2AI score0.00355EPSS

CVE•added 2018/03/26 6:0 p.m.•65 views

CVE-2018-1203

Overview: CVE-2018-1203 affects Dell EMC Isilon OneFS. CORE Security CORE-2017-0009 describes multiple vulnerabilities in the OneFS Web console, including a local privilege escalation path where the compadmin can exploit sudo to run tcpdump with root privileges. This enables arbitrary root comman...

7.2CVSS7.5AI score0.01083EPSS

Cvelist•added 2018/03/26 6:0 p.m.•16 views

CVE-2018-1202

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or...

Cvelist•added 2018/03/26 6:0 p.m.•17 views

CVE-2018-1187

Cvelist•added 2018/03/26 6:0 p.m.•24 views

CVE-2018-1204

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isiphonehome tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary...

8AI score0.00949EPSS

Cvelist•added 2018/03/26 6:0 p.m.•21 views

CVE-2018-1186

Cvelist•added 2018/03/26 6:0 p.m.•10 views

CVE-2018-1188

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially injec...