CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-45099
https://notcve.org/view.php?id=CVE-2022-45099
01 Feb 2023 — Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise • https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities • CWE-261: Weak Encoding for Password CWE-276: Incorrect Default Permissions •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45098
https://notcve.org/view.php?id=CVE-2022-45098
01 Feb 2023 — Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities • CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45096
https://notcve.org/view.php?id=CVE-2022-45096
01 Feb 2023 — Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information. • https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities • CWE-355: User Interface Security Issues CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45097
https://notcve.org/view.php?id=CVE-2022-45097
01 Feb 2023 — Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure. • https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities • CWE-842: Placement of User into Incorrect Group •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45095
https://notcve.org/view.php?id=CVE-2022-45095
01 Feb 2023 — Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion. • https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45101
https://notcve.org/view.php?id=CVE-2022-45101
01 Feb 2023 — Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution. • https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities • CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34439
https://notcve.org/view.php?id=CVE-2022-34439
21 Oct 2022 — Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node. Dell PowerScale OneFS, versiones 8.2.0.x-9.4.0.x contienen una vulnerabilidad de Asignación de Recursos sin Límites o Estrangulamiento. Un atacante remoto no autenticado podría explotar esta vulnerabilidad, conllevando a una denegación de serv... • https://www.dell.com/support/kbdoc/en-us/000204053/dsa-2022-245-dell-emc-powerscale-onefs-security-update-for-multiple-security-updates • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34438
https://notcve.org/view.php?id=CVE-2022-34438
21 Oct 2022 — Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters. Dell PowerScale OneFS, versiones 8.2.x-9.4.0.x, contienen un error de cambio de contexto de privilegios. Un usuario malicioso autenticado localmente con altos privilegios podría explotar esta vulnerabilidad, conllevando a un compromiso total ... • https://www.dell.com/support/kbdoc/en-us/000204053/dsa-2022-245-dell-emc-powerscale-onefs-security-update-for-multiple-security-updates • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34437
https://notcve.org/view.php?id=CVE-2022-34437
21 Oct 2022 — Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters. Dell PowerScale OneFS, versiones 8.2.2-9.3.0, contienen una vulnerabilidad de inyección de comandos del Sistema Operativo. Un usuario local privilegiado y malicioso podría explotar esta vulnerabilidad, conllevando a un compromiso total del sistema. • https://www.dell.com/support/kbdoc/en-us/000204053/dsa-2022-245-dell-emc-powerscale-onefs-security-update-for-multiple-security-updates • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31239
https://notcve.org/view.php?id=CVE-2022-31239
21 Oct 2022 — Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data. Dell PowerScale OneFS, versiones 9.0.0 hasta 9.1.0.19, 9.2.1.12 y 9.3.0.6 incluyéndola, contienen una vulnerabilidad de datos confidenciales en archivos de registro. Un usuario local privilegiado podría explotar esta vulnerabilidad, conllevando a una divul... • https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en • CWE-532: Insertion of Sensitive Information into Log File •