cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-5355,https://securityvulnerability.io/vulnerability/CVE-2020-5355,SSH Process Flaw in Dell Isilon OneFS Affects Remote Support Access,"The Dell Isilon OneFS versions prior to 8.2.2 contain an improper access control vulnerability in the SSHD process. This flaw allows the remotesupport user and other users with restricted shells to gain unauthorized access through Transmission Control Protocol (TCP) and stream forwarding. As a result, the functionality intended for limited access may be exploited, potentially compromising the security posture of systems utilizing these affected versions.",Dell,Isilon Onefs,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-10-21T18:15:00.000Z,0
CVE-2020-5353,https://securityvulnerability.io/vulnerability/CVE-2020-5353,,The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system.,Dell,Isilon Onefs,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2021-07-29T16:15:00.000Z,0
CVE-2020-5369,https://securityvulnerability.io/vulnerability/CVE-2020-5369,,Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files.,Dell,Isilon Onefs,8.8,HIGH,0.0009599999757483602,false,,false,false,false,,,false,false,,2020-09-02T21:15:00.000Z,0
CVE-2020-5383,https://securityvulnerability.io/vulnerability/CVE-2020-5383,,Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart.,Dell,Isilon Onefs,5.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2020-08-27T19:15:00.000Z,0
CVE-2020-5371,https://securityvulnerability.io/vulnerability/CVE-2020-5371,,"Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files.",Dell,Isilon Onefs,8,HIGH,0.0009599999757483602,false,,false,false,false,,,false,false,,2020-07-06T18:15:00.000Z,0
CVE-2020-5365,https://securityvulnerability.io/vulnerability/CVE-2020-5365,,"Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable.",Dell,Isilon Onefs,5.3,MEDIUM,0.0016799999866634607,false,,false,false,false,,,false,false,,2020-05-20T21:15:00.000Z,0
CVE-2020-5364,https://securityvulnerability.io/vulnerability/CVE-2020-5364,,"Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access.",Dell,Isilon Onefs,5.3,MEDIUM,0.0016799999866634607,false,,false,false,false,,,false,false,,2020-05-20T21:15:00.000Z,0
CVE-2020-5347,https://securityvulnerability.io/vulnerability/CVE-2020-5347,,"Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.",Dell,Isilon Onefs,5.3,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-04-04T00:15:00.000Z,0
CVE-2020-5328,https://securityvulnerability.io/vulnerability/CVE-2020-5328,,"Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur.",Dell,Isilon Onefs,9.8,CRITICAL,0.002219999907538295,false,,false,false,false,,,false,false,,2020-03-06T21:15:00.000Z,0
CVE-2020-5318,https://securityvulnerability.io/vulnerability/CVE-2020-5318,,"Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication.",Dell,Isilon Onefs,7.5,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2020-02-06T18:15:00.000Z,0
CVE-2018-11071,https://securityvulnerability.io/vulnerability/CVE-2018-11071,"DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability   ","Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted.",Dell,"Isilon Onefs,Isilonsd Edge",7.5,HIGH,0.0016400000313296914,false,,false,false,false,,,false,false,,2018-09-18T21:00:00.000Z,0
CVE-2018-1204,https://securityvulnerability.io/vulnerability/CVE-2018-1204,,"Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.",Dell,Isilon Onefs,6.7,MEDIUM,0.0009399999980814755,false,,false,false,false,,,false,false,,2018-03-26T18:29:00.000Z,0
CVE-2018-1203,https://securityvulnerability.io/vulnerability/CVE-2018-1203,,"In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.",Dell,Isilon Onefs,6.7,MEDIUM,0.0009800000116229057,false,,false,false,false,,,false,false,,2018-03-26T18:29:00.000Z,0
CVE-2018-1202,https://securityvulnerability.io/vulnerability/CVE-2018-1202,,"Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.",Dell,Isilon Onefs,4.8,MEDIUM,0.01181000005453825,false,,false,false,false,,,false,false,,2018-03-26T18:29:00.000Z,0
CVE-2018-1189,https://securityvulnerability.io/vulnerability/CVE-2018-1189,,"Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.",Dell,Isilon Onefs,4.8,MEDIUM,0.01181000005453825,false,,false,false,false,,,false,false,,2018-03-26T18:29:00.000Z,0
CVE-2018-1201,https://securityvulnerability.io/vulnerability/CVE-2018-1201,,"Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.",Dell,Isilon Onefs,4.8,MEDIUM,0.01181000005453825,false,,false,false,false,,,false,false,,2018-03-26T18:29:00.000Z,0
CVE-2018-1187,https://securityvulnerability.io/vulnerability/CVE-2018-1187,,"Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.",Dell,Isilon Onefs,4.8,MEDIUM,0.011869999580085278,false,,false,false,false,,,false,false,,2018-03-26T18:29:00.000Z,0
CVE-2018-1188,https://securityvulnerability.io/vulnerability/CVE-2018-1188,,"Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.",Dell,Isilon Onefs,4.8,MEDIUM,0.01181000005453825,false,,false,false,false,,,false,false,,2018-03-26T18:29:00.000Z,0
CVE-2018-1186,https://securityvulnerability.io/vulnerability/CVE-2018-1186,,"Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.",Dell,Isilon Onefs,4.8,MEDIUM,0.01181000005453825,false,,false,false,false,,,false,false,,2018-03-26T18:29:00.000Z,0
CVE-2018-1213,https://securityvulnerability.io/vulnerability/CVE-2018-1213,,"Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.",Dell,Isilon Onefs,8.8,HIGH,0.004879999905824661,false,,false,false,false,,,false,false,,2018-03-26T18:29:00.000Z,0