Total
79 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-22565 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 5.5 MEDIUM | 3.8 LOW |
Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerability, leading to disclosure or modification of sensitive data. | |||||
CVE-2022-22562 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 5.0 MEDIUM | 7.5 HIGH |
Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. An unauthenticated network attacker could potentially exploit this denial-of-service vulnerability. | |||||
CVE-2022-22561 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 7.5 HIGH | 9.8 CRITICAL |
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts. | |||||
CVE-2022-22560 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline. | |||||
CVE-2022-22559 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 5.0 MEDIUM | 7.5 HIGH |
Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for information disclosure. | |||||
CVE-2022-22550 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 4.6 MEDIUM | 6.7 MEDIUM |
Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over. | |||||
CVE-2022-22563 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-14 | 2.1 LOW | 4.4 MEDIUM |
Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes. | |||||
CVE-2022-24428 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-14 | 6.5 MEDIUM | 8.8 HIGH |
Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure. | |||||
CVE-2022-26851 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-14 | 6.4 MEDIUM | 9.1 CRITICAL |
Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss. | |||||
CVE-2022-26852 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise. | |||||
CVE-2022-26854 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-14 | 10.0 HIGH | 9.8 CRITICAL |
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access | |||||
CVE-2022-26855 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-14 | 2.1 LOW | 5.5 MEDIUM |
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service. | |||||
CVE-2021-21561 | 1 Dell | 1 Emc Powerscale Onefs | 2021-11-26 | 2.1 LOW | 5.5 MEDIUM |
Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files. | |||||
CVE-2021-36305 | 1 Dell | 1 Emc Powerscale Onefs | 2021-11-17 | 4.0 MEDIUM | 6.5 MEDIUM |
Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB. | |||||
CVE-2021-21528 | 1 Dell | 1 Emc Powerscale Onefs | 2021-11-17 | 5.0 MEDIUM | 7.5 HIGH |
Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions. | |||||
CVE-2020-26181 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2021-10-04 | 7.2 HIGH | 7.8 HIGH |
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges. | |||||
CVE-2020-26191 | 1 Dell | 1 Emc Powerscale Onefs | 2021-09-14 | 4.6 MEDIUM | 7.8 HIGH |
Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users. | |||||
CVE-2021-36281 | 1 Dell | 1 Emc Powerscale Onefs | 2021-08-24 | 6.5 MEDIUM | 8.8 HIGH |
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges. | |||||
CVE-2021-36280 | 1 Dell | 1 Emc Powerscale Onefs | 2021-08-24 | 2.1 LOW | 5.5 MEDIUM |
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. | |||||
CVE-2021-21599 | 1 Dell | 1 Emc Powerscale Onefs | 2021-08-24 | 4.6 MEDIUM | 6.7 MEDIUM |
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. |