Total
71 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-26852 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise. | |||||
CVE-2022-26851 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss. | |||||
CVE-2022-24428 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure. | |||||
CVE-2022-24413 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 3.3 LOW | 4.4 MEDIUM |
Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss. | |||||
CVE-2022-24412 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service. | |||||
CVE-2022-24411 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees. | |||||
CVE-2022-23163 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 2.1 LOW | 4.7 MEDIUM |
Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability. | |||||
CVE-2022-23161 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker may potentially exploit this vulnerability, leading to denial-of-service. | |||||
CVE-2022-23160 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 4.0 MEDIUM | 5.4 MEDIUM |
Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files. | |||||
CVE-2022-23159 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 4.0 MEDIUM | 4.8 MEDIUM |
Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity. | |||||
CVE-2022-22565 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 5.5 MEDIUM | 4.7 MEDIUM |
Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerability, leading to disclosure or modification of sensitive data. | |||||
CVE-2022-22563 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes. | |||||
CVE-2022-22562 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. An unauthenticated network attacker could potentially exploit this denial-of-service vulnerability. | |||||
CVE-2022-22561 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts. | |||||
CVE-2022-22560 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 4.9 MEDIUM | 7.1 HIGH |
Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline. | |||||
CVE-2022-22559 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for information disclosure. | |||||
CVE-2022-22550 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over. | |||||
CVE-2022-22549 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated remote attacker could potentially exploit this vulnerability, leading to a man-in-the-middle capture of administrative credentials. | |||||
CVE-2021-36305 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB. | |||||
CVE-2021-36282 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 2.1 LOW | 2.5 LOW |
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions. |