84 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service. • https://www.dell.com/support/kbdoc/en-us/000211539/dell-emc-powerscale-onefs-security • CWE-664: Improper Control of a Resource Through its Lifetime •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee. • https://www.dell.com/support/kbdoc/en-us/000211539/dell-emc-powerscale-onefs-security • CWE-276: Incorrect Default Permissions •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees. • https://www.dell.com/support/kbdoc/en-us/000211539/dell-emc-powerscale-onefs-security • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service. • https://www.dell.com/support/kbdoc/en-us/000209895/dell-emc-powerscale-onefs-security-updates-for-multiple-security • CWE-276: Incorrect Default Permissions •

CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0

Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields. • https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •