VYPR

Scaleio

by EMC Corporation

CVEs (8)

  • CVE-2018-1237CriMar 27, 2018
    risk 0.64cvss 9.8epss 0.02

    Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote…

  • CVE-2017-8020CriNov 28, 2017
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server.

  • CVE-2016-9867HigJan 6, 2017
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers.

  • CVE-2018-1238HigMar 27, 2018
    risk 0.49cvss 7.5epss 0.02

    Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access…

  • CVE-2018-1205HigMar 27, 2018
    risk 0.49cvss 7.5epss 0.01

    Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash.

  • CVE-2017-8019HigNov 28, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation.

  • CVE-2016-9869MedJan 6, 2017
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO Data Client (SDC) server unavailable.

  • CVE-2016-9868MedJan 6, 2017
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavailable until the next…