CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34378
https://notcve.org/view.php?id=CVE-2022-34378
02 Sep 2022 — Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. Dell PowerScale OneFS, versiones 9.0.0 hasta 9.1.0.20, 9.2.1.13, 9.3.0.6 y 9.4.0.3 incluyéndola, contienen una vulnerabilidad de salto de ruta relativa. Un atacante local poco privilegiado podría explotar esta vulnerabilidad, conllevando a una denegación ... • https://www.dell.com/support/kbdoc/en-us/000202171/dsa-2022-172-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34371
https://notcve.org/view.php?id=CVE-2022-34371
02 Sep 2022 — Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. Dell PowerScale OneFS, versiones 9.0.0 hasta 9.1.0.19, 9.2.1.12, 9.3.0.6 y 9.4.0.3 incluyéndola, contienen una vulnerabilidad de transporte de credenciales sin protección. Un atacante malicioso no privilegiado en la red podría... • https://www.dell.com/support/kbdoc/en-us/000202171/dsa-2022-172-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34369
https://notcve.org/view.php?id=CVE-2022-34369
02 Sep 2022 — Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data. Dell PowerScale OneFS, versiones 9.0.0 hasta 9.1.0.20, 9.2.1.13, 9.3.0.6 y 9.4.0.3 incluyéndola, contienen una vulnerabilidad de inserción de información confidencial en archivos de registro. Un atacante remoto no pr... • https://www.dell.com/support/kbdoc/en-us/000202171/dsa-2022-172-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-33932
https://notcve.org/view.php?id=CVE-2022-33932
22 Aug 2022 — Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services. Dell PowerScale OneFS, versiones 9.0.0 hasta 9.1.0.19, 9.2.1.12, 9.3.0.6 y 9.4.0.2 incluyéndola, contienen una vulnerabilidad de canal primario no protegido. Un atacante malintencionado no autenticado en la red puede explota... • https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en • CWE-419: Unprotected Primary Channel •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32480
https://notcve.org/view.php?id=CVE-2022-32480
22 Aug 2022 — Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure. Dell PowerScale OneFS, versiones 9.0.0, hasta 9.1.0.19, 9.2.1.12, 9.3.0.6 y 9.4.0.2 incluyéndola, contienen una vulnerabilidad de inicialización por defecto de un recurso. Un atacante remoto autenticado puede potencialmente expl... • https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31238
https://notcve.org/view.php?id=CVE-2022-31238
22 Aug 2022 — Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure. Dell PowerScale OneFS, versiones 9.0.0 hasta 9.1.0.19, 9.2.1.12, 9.3.0.6, y 9.4.0.2 incluyéndola, contienen una vulnerabilidad de proceso invocado con información confidencial. Un usuario de la CLI puede explotar potencialmente esta vulnerabilidad, conll... • https://www.dell.com/support/kbdoc/en-gh/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31237
https://notcve.org/view.php?id=CVE-2022-31237
22 Aug 2022 — Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially exploit this vulnerability, leading to limited information disclosure. Dell PowerScale OneFS, versiones 9.2.0 hasta 9.2.1.12 y 9.3.0.5 incluyéndola, contienen una vulnerabilidad de conservación inapropiada de permisos en SyncIQ. Un atacante local poco privilegiado podría explotar esta vulnerabilidad, conllevand... • https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en • CWE-281: Improper Preservation of Permissions •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24413
https://notcve.org/view.php?id=CVE-2022-24413
12 Apr 2022 — Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss. Dell PowerScale OneFS, versiones 8.2.2-9.3.x, contienen una vulnerabilidad de tiempo de comprobación a tiempo de uso. Un usuario local con acceso al sistema de archivos podría explotar esta vulnerabilidad, conllevando a una pérdida de datos • https://www.dell.com/support/kbdoc/000196657 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24412
https://notcve.org/view.php?id=CVE-2022-24412
12 Apr 2022 — Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service. Dell EMC PowerScale OneFS versiones 8.2.x - 9.3.0.x, contienen una vulnerabilidad de manejo inapropiado de valores. Un atacante de red no privilegiado podría explotar esta vulnerabilidad, conllevando a una denegación de servicio • https://www.dell.com/support/kbdoc/000196657 • CWE-229: Improper Handling of Values •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24411
https://notcve.org/view.php?id=CVE-2022-24411
12 Apr 2022 — Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees. Dell PowerScale OneFS versiones 8.2.2 y superiores, contienen una vulnerabilidad de elevación de privilegios. Un atacante local con ISI_PRIV_LOGIN_SSH y/o ISI_PRIV_LOGIN_CONSOLE podría ... • https://www.dell.com/support/kbdoc/000196657 • CWE-378: Creation of Temporary File With Insecure Permissions CWE-668: Exposure of Resource to Wrong Sphere •