CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22559
https://notcve.org/view.php?id=CVE-2022-22559
12 Apr 2022 — Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for information disclosure. Dell PowerScale OneFS, versión 9.3.0, contiene un uso de un algoritmo criptográfico roto o arriesgado. Un atacante de red no privilegiado podría explotar esta vulnerabilidad, conllevando a una posibilidad de revelar información • https://www.dell.com/support/kbdoc/000195815 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22550
https://notcve.org/view.php?id=CVE-2022-22550
12 Apr 2022 — Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over. Dell PowerScale OneFS, versiones 8.2.2 y superiores, contienen una vulnerabilidad de divulgación de contraseñas. Un atacante local no privilegiado podría explotar esta vulnerabilidad, conllevando a una toma de la cuenta • https://www.dell.com/support/kbdoc/000195815 • CWE-522: Insufficiently Protected Credentials CWE-549: Missing Password Field Masking •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22549
https://notcve.org/view.php?id=CVE-2022-22549
12 Apr 2022 — Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated remote attacker could potentially exploit this vulnerability, leading to a man-in-the-middle capture of administrative credentials. Dell PowerScale OneFS, versiones 8.2.x-9.3.x, contiene una comprobación inapropiada de certificados. Un atacante remoto no autenticado podría explotar esta vulnerabilidad, conllevando a una captura de credenciales administrativas por parte de un ataque de tipo man-in-the-middle • https://www.dell.com/support/kbdoc/en-us/000195815/dsa-2022-002-dell-emc-powerscale-onefs-security-update-for-multiple-vulnerabilities • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26855
https://notcve.org/view.php?id=CVE-2022-26855
08 Apr 2022 — Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service. Dell PowerScale OneFS, versiones 8.2.x-9.3.0.x, contiene una vulnerabilidad de permisos por defecto incorrectos. Un usuario local malicioso podría explotar esta vulnerabilidad, conllevando a una denegación de servicio • https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities • CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26854
https://notcve.org/view.php?id=CVE-2022-26854
08 Apr 2022 — Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access Dell PowerScale OneFS, versiones 8.2.x-9.2.x, contiene algoritmos criptográficos arriesgados. Un atacante remoto no privilegiado podría explotar esta vulnerabilidad, conllevando a un acceso total al sistema • https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26852
https://notcve.org/view.php?id=CVE-2022-26852
08 Apr 2022 — Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise. Dell PowerScale OneFS, versiones 8.2.x-9.3.x, contienen una semilla predecible en el generador de números pseudoaleatorios. Un atacante remoto no autenticado podría explotar esta vulnerabilidad, conllevando a un compromiso de la cuenta • https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26851
https://notcve.org/view.php?id=CVE-2022-26851
08 Apr 2022 — Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss. Dell PowerScale OneFS, 8.2.2-9.3.x, contiene una vulnerabilidad de nombre de archivo predecible a partir del estado observable. Un atacante de red no privilegiada podría explotar esta vulnerabilidad, conllevando a una pérdida de datos • https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24428
https://notcve.org/view.php?id=CVE-2022-24428
08 Apr 2022 — Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure. Dell PowerScale OneFS, versiones 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x y 9.3.0.x, contienen una preservación inapropiada de privilegios. Un usuario remoto del sistema de archivos con una cuenta local podría e... • https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities • CWE-281: Improper Preservation of Permissions •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22563
https://notcve.org/view.php?id=CVE-2022-22563
08 Apr 2022 — Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes. Dell EMC Powerscale OneFS versiones 8.2.x - 9.2.x, omiten información relevante para la seguridad en /etc/master.passwd. Un usuario con altos privilegios puede aprovechar esta vulnerabilidad para no registrar la información que identifica el origen de los cambios de información ... • https://www.dell.com/support/kbdoc/000196657 • CWE-223: Omission of Security-relevant Information •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-21561
https://notcve.org/view.php?id=CVE-2021-21561
23 Nov 2021 — Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files. Dell PowerScale OneFS versión 8.1.2, contiene una vulnerabilidad de exposición de información confidencial. Esto permitiría a un usuario malicioso con privilegios ISI_PRIV_LOGIN_SSH y/o ISI_PRIV_LOGIN_CONSOLE conseguir acceso a información confidencial en los ar... • https://www.dell.com/support/kbdoc/000191265 • CWE-532: Insertion of Sensitive Information into Log File •