CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32487
https://notcve.org/view.php?id=CVE-2023-32487
16 Aug 2023 — Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service, code execution and information disclosure. Dell PowerScale OneFS, 8.2.x - 9.5.0.x,contiene una vulnerabilidad de elevación de privilegios. Un atacante local con pocos privilegios podría explotar esta vulnerabilidad, lo que provocaría denegación de servicio, ejecución de código y divulgación de información. • https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32486
https://notcve.org/view.php?id=CVE-2023-32486
16 Aug 2023 — Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. A low privilege local attacker could potentially exploit this vulnerability, leading to escalation of privileges. La versión Dell PowerScale OneFS 9.5.x contiene una vulnerabilidad de escalada de privilegios. Un atacante local con pocos privilegios podría explotar esta vulnerabilidad, lo que provocaría una escalada de privilegios. • https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32495
https://notcve.org/view.php?id=CVE-2023-32495
16 Aug 2023 — Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability. An authorized local attacker could potentially exploit this vulnerability, leading to escalation of privileges. • https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32494
https://notcve.org/view.php?id=CVE-2023-32494
16 Aug 2023 — Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also. Dell PowerScale OneFS 8.0.x-9.5.x, contiene una vulnerabilidad de manejo inadecuado de privilegios insuficientes. Un atacante local con privilegios podría explotar esta vulnerabilidad, lo que provocaría una elevación de privilegios y afectaría también el modo ... • https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25942
https://notcve.org/view.php?id=CVE-2023-25942
04 Apr 2023 — Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service. • https://www.dell.com/support/kbdoc/en-us/000211539/dell-emc-powerscale-onefs-security • CWE-664: Improper Control of a Resource Through its Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25941
https://notcve.org/view.php?id=CVE-2023-25941
04 Apr 2023 — Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee. • https://www.dell.com/support/kbdoc/en-us/000211539/dell-emc-powerscale-onefs-security • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25940
https://notcve.org/view.php?id=CVE-2023-25940
04 Apr 2023 — Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees. • https://www.dell.com/support/kbdoc/en-us/000211539/dell-emc-powerscale-onefs-security • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25536
https://notcve.org/view.php?id=CVE-2023-25536
02 Mar 2023 — Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to a potential system takeover. • https://www.dell.com/support/kbdoc/en-us/000209895/dell-emc-powerscale-onefs-security-updates-for-multiple-security • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25540
https://notcve.org/view.php?id=CVE-2023-25540
28 Feb 2023 — Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service. • https://www.dell.com/support/kbdoc/en-us/000209895/dell-emc-powerscale-onefs-security-updates-for-multiple-security • CWE-276: Incorrect Default Permissions •
CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2022-34445
https://notcve.org/view.php?id=CVE-2022-34445
10 Feb 2023 — Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271 • CWE-261: Weak Encoding for Password CWE-522: Insufficiently Protected Credentials •