CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-25952
https://notcve.org/view.php?id=CVE-2024-25952
28 Mar 2024 — Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. Dell PowerScale OneFS versiones 8.2.2.x a 9.7.0.x contiene un enlace simbólico UNIX (enlace simbólico) después de la vulnerabilidad. Un atacante local con privilegios elevados podría explotar esta vulnerabilidad, lo que provocaría denegación de servicio y man... • https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25960
https://notcve.org/view.php?id=CVE-2024-25960
28 Mar 2024 — Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. Dell PowerScale OneFS versiones 8.2.2.x a 9.7.0.x contiene una vulnerabilidad de transmisión de texto plano de información confidencial. Un atacante local con pocos privilegios podría explotar esta vulnerabilidad, lo que provocaría una escalada de privilegios. • https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-25961
https://notcve.org/view.php?id=CVE-2024-25961
28 Mar 2024 — Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. Dell PowerScale OneFS versiones 8.2.2.x a 9.7.0.x contiene una vulnerabilidad de administración de privilegios inadecuada. Un atacante local con privilegios elevados podría explotar esta vulnerabilidad, lo que provocaría una escalada de privilegios. • https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-269: Improper Privilege Management •
CVSS: 7.9EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25959
https://notcve.org/view.php?id=CVE-2024-25959
28 Mar 2024 — Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges. Dell PowerScale OneFS versiones 9.4.0.x a 9.7.0.x contiene una inserción de información confidencial en la vulnerabilidad del archivo de registro. Un atacante local con pocos privilegios podría explotar esta vulnerabilidad, lo que p... • https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25964
https://notcve.org/view.php?id=CVE-2024-25964
25 Mar 2024 — Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. Vulnerabilidad de inyección SQL en el sistema CIGESv2, a través de /ajaxServiciosAtencion.php, en el parámetro 'idServicio'. La explotación de esta vulnerabilidad podría permitir a un usuario remoto recuperar todos los datos almacenados en la base de datos enviando una consulta SQL especialmente manipulada. • https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities • CWE-385: Covert Timing Channel •
CVSS: 3.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-24901
https://notcve.org/view.php?id=CVE-2024-24901
04 Mar 2024 — Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period. • https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities • CWE-778: Insufficient Logging •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22463
https://notcve.org/view.php?id=CVE-2024-22463
04 Mar 2024 — Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to compromise of confidentiality and integrity of sensitive information • https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22430
https://notcve.org/view.php?id=CVE-2024-22430
01 Feb 2024 — Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service. Dell PowerScale OneFS versiones 8.2.x a 9.6.0.x contiene una vulnerabilidad de permisos predeterminados incorrectos. Un usuario malintencionado local con privilegios bajos podría explotar esta vulnerabilidad y provocar una denegación de servicio. • https://www.dell.com/support/kbdoc/en-us/000221707/dsa-2024-028-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22449
https://notcve.org/view.php?id=CVE-2024-22449
01 Feb 2024 — Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access. Dell PowerScale OneFS versiones 9.0.0.x a 9.6.0.x contiene una autenticación faltante para una vulnerabilidad de función crítica. Un usuario malicioso local con pocos privilegios podría explotar esta vulnerabilidad para obtener acceso elevado. • https://www.dell.com/support/kbdoc/en-us/000221707/dsa-2024-028-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44295
https://notcve.org/view.php?id=CVE-2023-44295
05 Dec 2023 — Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to loss of information, and information disclosure. Dell PowerScale OneFS versiones 8.2.2.x a 9.6.0.x contiene un control inadecuado de un recurso a través de su vulnerabilidad de por vida. Un atacante con privilegios bajos podría explotar esta vulnerabilidad, lo que provocaría la pérdida y divulga... • https://www.dell.com/support/kbdoc/en-us/000219932/dsa-2023-417-dell-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities • CWE-664: Improper Control of a Resource Through its Lifetime •