Total
79 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-26197 | 1 Dell | 1 Emc Powerscale Onefs | 2022-10-21 | 6.4 MEDIUM | 9.1 CRITICAL |
Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider. | |||||
CVE-2020-26195 | 1 Dell | 1 Emc Powerscale Onefs | 2022-10-21 | 5.0 MEDIUM | 5.3 MEDIUM |
Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system. | |||||
CVE-2021-36278 | 1 Dell | 1 Emc Powerscale Onefs | 2022-10-06 | 2.1 LOW | 5.5 MEDIUM |
Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access sensitive information. If any third-party consumes those logs, the same sensitive information is available to those systems as well. | |||||
CVE-2022-23161 | 1 Dell | 1 Emc Powerscale Onefs | 2022-09-30 | 5.0 MEDIUM | 7.5 HIGH |
Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker may potentially exploit this vulnerability, leading to denial-of-service. | |||||
CVE-2022-34378 | 1 Dell | 1 Emc Powerscale Onefs | 2022-09-08 | N/A | 5.5 MEDIUM |
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. | |||||
CVE-2022-34371 | 1 Dell | 1 Emc Powerscale Onefs | 2022-09-08 | N/A | 9.8 CRITICAL |
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. | |||||
CVE-2022-34369 | 1 Dell | 1 Emc Powerscale Onefs | 2022-09-08 | N/A | 7.5 HIGH |
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data. | |||||
CVE-2022-31237 | 1 Dell | 1 Emc Powerscale Onefs | 2022-08-24 | N/A | 3.3 LOW |
Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially exploit this vulnerability, leading to limited information disclosure. | |||||
CVE-2022-31238 | 1 Dell | 1 Emc Powerscale Onefs | 2022-08-24 | N/A | 5.5 MEDIUM |
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure. | |||||
CVE-2022-32480 | 1 Dell | 1 Emc Powerscale Onefs | 2022-08-24 | N/A | 6.5 MEDIUM |
Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure. | |||||
CVE-2022-33932 | 1 Dell | 1 Emc Powerscale Onefs | 2022-08-24 | N/A | 5.3 MEDIUM |
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services. | |||||
CVE-2021-21502 | 1 Dell | 1 Emc Powerscale Onefs | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity. | |||||
CVE-2021-21568 | 1 Dell | 1 Emc Powerscale Onefs | 2022-05-03 | 4.0 MEDIUM | 4.3 MEDIUM |
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISI_PRIV_LOGIN_PAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change. | |||||
CVE-2021-36282 | 1 Dell | 1 Emc Powerscale Onefs | 2022-05-03 | 2.1 LOW | 3.3 LOW |
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions. | |||||
CVE-2022-24413 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 3.3 LOW | 3.6 LOW |
Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss. | |||||
CVE-2022-24412 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 5.0 MEDIUM | 7.5 HIGH |
Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service. | |||||
CVE-2022-24411 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 4.6 MEDIUM | 7.8 HIGH |
Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees. | |||||
CVE-2022-23163 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 2.1 LOW | 5.5 MEDIUM |
Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability. | |||||
CVE-2022-23160 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files. | |||||
CVE-2022-23159 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity. |