111 matches found
Code injection
Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash...
CVE-2018-1205
Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash...
CVE-2018-1238
Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent LIA. This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge...
CVE-2018-1237
Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent LIA. This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having...
CVE-2018-1205
Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash...
CVE-2018-1237
Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent LIA. This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having...
Input validation
Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent LIA. This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having...
CVE-2018-1205
Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash...
CVE-2018-1238
Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent LIA. This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge...
CVE-2018-1238
Dell EMC ScaleIO prior to version 2.5 is affected by CVE-2018-1238 due to a command-injection flaw in the Light Installation Agent (LIA), which handles deployment management and uses shell commands. A remote attacker with network access to LIA and knowledge of the LIA administrative password coul...
CVE-2018-1237
Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent LIA. This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having...
CVE-2018-1205
Dell EMC ScaleIO (pre-2.5) is affected by CVE-2018-1205 due to improper handling of packet data in the MDM service. A remote attacker could exploit crafted packets to crash the MDM service. The CVE is documented with a CVSS v3 base score of 7.5 (HIGH) and CVSS v2 base score of 5.0 (MEDIUM). Publi...
CVE-2018-1237
CVE-2018-1237 affects Dell EMC ScaleIO versions prior to 2.5. The vulnerability resides in the Light Installation Agent (LIA) and stems from improper restriction of excessive authentication attempts. A remote attacker with network access to LIA could brute-force usernames and passwords on LIA-man...
The vulnerability of the ScaleIO debugging storage network service of EMC allows a hacker to execute arbitrary commands.
The vulnerability of the EMC ScaleIO Storage Network Debugging service SDBG is caused by buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges remotely...
CVE-2017-8020
An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server...
CVE-2017-8001
An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the...
Design/Logic Flaw
An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers MDM, SDS, and LIA could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation...
CVE-2017-8019
An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers MDM, SDS, and LIA could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation...
Design/Logic Flaw
An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the...
Buffer overflow
An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server...