CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-36305
https://notcve.org/view.php?id=CVE-2021-36305
12 Nov 2021 — Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB. Dell PowerScale OneFS contiene un acceso no sincronizado a datos compartidos en un contexto multihilo en el manejo de SMB CA. Un usuario autenticado de SMB en un clúster con CA podría explotar esta vulnerabilidad, conllevando a una denegación de servicio so... • https://www.dell.com/support/kbdoc/000192046 • CWE-662: Improper Synchronization •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36282
https://notcve.org/view.php?id=CVE-2021-36282
16 Aug 2021 — Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions. Dell EMC PowerScale OneFS versiones 8.2.x - 9.1.0.x contienen una vulnerabilidad de uso de recursos no inicializados. Esto puede permitir potencialmente a un usuario autenticado privilegiado ISI_PRIV_LOG... • https://www.dell.com/support/kbdoc/000190408 • CWE-908: Use of Uninitialized Resource •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36281
https://notcve.org/view.php?id=CVE-2021-36281
16 Aug 2021 — Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges. Dell EMC PowerScale OneFS versiones 8.2.x - 9.2.x, contienen una vulnerabilidad de asignación de permisos incorrecta. Un usuario autenticado poco privilegiado puede explotar potencialmente esta vulnerabilidad para escalar privilegios. • https://www.dell.com/support/kbdoc/000190408 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36280
https://notcve.org/view.php?id=CVE-2021-36280
16 Aug 2021 — Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. Dell EMC PowerScale OneFS versiones 8.2.x - 9.2.x, contienen una vulnerabilidad de asignación de permisos incorrecta para recursos críticos. Esto podría permitir a un usuario privilegiado ISI_PRIV_LOGIN_SSH o ISI_PRIV_LOGIN_CONSOLE acceder a información pri... • https://www.dell.com/support/kbdoc/000190408 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36279
https://notcve.org/view.php?id=CVE-2021-36279
16 Aug 2021 — Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. Dell EMC PowerScale OneFS versiones 8.2.x - 9.2.x, contienen una asignación de permisos incorrecta para la vulnerabilidad de los recursos críticos. Esto podría permitir a un usuario privilegiado ISI_PRIV_LOGIN_SSH o ISI_PRIV_LOGIN_CONSOLE acceder a informac... • https://www.dell.com/support/kbdoc/000190408 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-36278
https://notcve.org/view.php?id=CVE-2021-36278
16 Aug 2021 — Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access sensitive information. If any third-party consumes those logs, the same sensitive information is available to those systems as well. Las versiones 8.2.x, 9.1.0.x y 9.1.1.1 de Dell EMC PowerScale OneFS contienen una vulnerabilidad de... • https://www.dell.com/support/kbdoc/000190408 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21599
https://notcve.org/view.php?id=CVE-2021-21599
16 Aug 2021 — Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. Dell EMC PowerScale OneFS versiones 8.2.x - 9.2.1.x, contienen una vulnerabilidad de inyección de comandos del Sistema Operativo... • https://www.dell.com/support/kbdoc/000190408 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21595
https://notcve.org/view.php?id=CVE-2021-21595
16 Aug 2021 — Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. Dell EMC PowerScale OneFS versiones 8.2.x - 9.1.1.x, contienen una neutralización inapropiada de los elementos especiales usados en un comando del Sistema Op... • https://www.dell.com/support/kbdoc/000190408 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21594
https://notcve.org/view.php?id=CVE-2021-21594
16 Aug 2021 — Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity. Dell PowerScale OneFS versiones 8.2.2 - 9.1.0.x, contienen una vulnerabilidad en el uso del método de petición get con cadenas de consulta confidenciales. Puede conllevar a una potencial divulgación de datos confidenciales. • https://www.dell.com/support/kbdoc/000190408 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21592
https://notcve.org/view.php?id=CVE-2021-21592
16 Aug 2021 — Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure. Dell EMC PowerScale OneFS versiones 8.2.x - 9.2.x, manejan inapropiadamente una condición excepcional. Un usuario remoto poco privilegiado podría explotar potencialmente esta vulnerabilidad, conllevando a una divulgación de información no autorizada. • https://www.dell.com/support/kbdoc/000190408 • CWE-755: Improper Handling of Exceptional Conditions •