CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34381
https://notcve.org/view.php?id=CVE-2022-34381
Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity. Dell BSAFE SSL-J versión 7.0 y todas las versiones anteriores a 6.5, y las versiones Dell BSAFE Crypto-J anteriores a 6.2.6.1 contienen una vulnerabilidad de componente de terceros sin mantenimiento. Un atacante remoto no autenticado podría explotar esta vulnerabilidad, lo que comprometería el sistema afectado. • https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability • CWE-1329: Reliance on Component That is Not Updateable •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22433
https://notcve.org/view.php?id=CVE-2024-22433
Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices. Dell Data Protection Search 19.2.0 y versiones posteriores contienen una oportunidad de contraseña expuesta en texto plano cuando se usa LdapSettings.get_ldap_info en DP Search. Un atacante remoto no autorizado y no autenticado podría explotar esta vulnerabilidad, lo que provocaría una pérdida de confidencialidad, integridad, protección y toma de control remoto del sistema. • https://www.dell.com/support/kbdoc/en-us/000221720/dsa-2024-063-security-update-for-dell-data-protection-search-multiple-security-vulnerabilities • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22430
https://notcve.org/view.php?id=CVE-2024-22430
Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service. Dell PowerScale OneFS versiones 8.2.x a 9.6.0.x contiene una vulnerabilidad de permisos predeterminados incorrectos. Un usuario malintencionado local con privilegios bajos podría explotar esta vulnerabilidad y provocar una denegación de servicio. • https://www.dell.com/support/kbdoc/en-us/000221707/dsa-2024-028-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22449
https://notcve.org/view.php?id=CVE-2024-22449
Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access. Dell PowerScale OneFS versiones 9.0.0.x a 9.6.0.x contiene una autenticación faltante para una vulnerabilidad de función crítica. Un usuario malicioso local con pocos privilegios podría explotar esta vulnerabilidad para obtener acceso elevado. • https://www.dell.com/support/kbdoc/en-us/000221707/dsa-2024-028-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22432
https://notcve.org/view.php?id=CVE-2024-22432
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account. Networker 19.9 y todas las versiones anteriores contienen una contraseña de texto plano almacenada en un archivo de configuración temporal durante la duración de la copia de seguridad en las copias de seguridad de la base de datos NMDA MySQL. El usuario que tiene acceso con privilegios bajos al sistema Networker Client podría explotar esta vulnerabilidad, lo que llevaría a la divulgación de las credenciales de usuario configuradas de la base de datos MySQL. • https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •