CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34378
https://notcve.org/view.php?id=CVE-2022-34378
02 Sep 2022 — Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. Dell PowerScale OneFS, versiones 9.0.0 hasta 9.1.0.20, 9.2.1.13, 9.3.0.6 y 9.4.0.3 incluyéndola, contienen una vulnerabilidad de salto de ruta relativa. Un atacante local poco privilegiado podría explotar esta vulnerabilidad, conllevando a una denegación ... • https://www.dell.com/support/kbdoc/en-us/000202171/dsa-2022-172-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34371
https://notcve.org/view.php?id=CVE-2022-34371
02 Sep 2022 — Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. Dell PowerScale OneFS, versiones 9.0.0 hasta 9.1.0.19, 9.2.1.12, 9.3.0.6 y 9.4.0.3 incluyéndola, contienen una vulnerabilidad de transporte de credenciales sin protección. Un atacante malicioso no privilegiado en la red podría... • https://www.dell.com/support/kbdoc/en-us/000202171/dsa-2022-172-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34369
https://notcve.org/view.php?id=CVE-2022-34369
02 Sep 2022 — Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data. Dell PowerScale OneFS, versiones 9.0.0 hasta 9.1.0.20, 9.2.1.13, 9.3.0.6 y 9.4.0.3 incluyéndola, contienen una vulnerabilidad de inserción de información confidencial en archivos de registro. Un atacante remoto no pr... • https://www.dell.com/support/kbdoc/en-us/000202171/dsa-2022-172-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-33932
https://notcve.org/view.php?id=CVE-2022-33932
22 Aug 2022 — Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services. Dell PowerScale OneFS, versiones 9.0.0 hasta 9.1.0.19, 9.2.1.12, 9.3.0.6 y 9.4.0.2 incluyéndola, contienen una vulnerabilidad de canal primario no protegido. Un atacante malintencionado no autenticado en la red puede explota... • https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en • CWE-419: Unprotected Primary Channel •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32480
https://notcve.org/view.php?id=CVE-2022-32480
22 Aug 2022 — Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure. Dell PowerScale OneFS, versiones 9.0.0, hasta 9.1.0.19, 9.2.1.12, 9.3.0.6 y 9.4.0.2 incluyéndola, contienen una vulnerabilidad de inicialización por defecto de un recurso. Un atacante remoto autenticado puede potencialmente expl... • https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31238
https://notcve.org/view.php?id=CVE-2022-31238
22 Aug 2022 — Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure. Dell PowerScale OneFS, versiones 9.0.0 hasta 9.1.0.19, 9.2.1.12, 9.3.0.6, y 9.4.0.2 incluyéndola, contienen una vulnerabilidad de proceso invocado con información confidencial. Un usuario de la CLI puede explotar potencialmente esta vulnerabilidad, conll... • https://www.dell.com/support/kbdoc/en-gh/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31237
https://notcve.org/view.php?id=CVE-2022-31237
22 Aug 2022 — Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially exploit this vulnerability, leading to limited information disclosure. Dell PowerScale OneFS, versiones 9.2.0 hasta 9.2.1.12 y 9.3.0.5 incluyéndola, contienen una vulnerabilidad de conservación inapropiada de permisos en SyncIQ. Un atacante local poco privilegiado podría explotar esta vulnerabilidad, conllevand... • https://www.dell.com/support/kbdoc/en-us/000201094/dsa-2022-149-dell-emc-powerscale-onefs-security-update?lang=en • CWE-281: Improper Preservation of Permissions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26855
https://notcve.org/view.php?id=CVE-2022-26855
08 Apr 2022 — Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service. Dell PowerScale OneFS, versiones 8.2.x-9.3.0.x, contiene una vulnerabilidad de permisos por defecto incorrectos. Un usuario local malicioso podría explotar esta vulnerabilidad, conllevando a una denegación de servicio • https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26852
https://notcve.org/view.php?id=CVE-2022-26852
08 Apr 2022 — Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise. Dell PowerScale OneFS, versiones 8.2.x-9.3.x, contienen una semilla predecible en el generador de números pseudoaleatorios. Un atacante remoto no autenticado podría explotar esta vulnerabilidad, conllevando a un compromiso de la cuenta • https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26851
https://notcve.org/view.php?id=CVE-2022-26851
08 Apr 2022 — Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss. Dell PowerScale OneFS, 8.2.2-9.3.x, contiene una vulnerabilidad de nombre de archivo predecible a partir del estado observable. Un atacante de red no privilegiada podría explotar esta vulnerabilidad, conllevando a una pérdida de datos • https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities • CWE-330: Use of Insufficiently Random Values •