CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34434
https://notcve.org/view.php?id=CVE-2022-34434
Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application. Cloud Mobility para Dell Storage versiones 1.3.0 y anteriores, contiene una vulnerabilidad de control de acceso inapropiado en la base de datos Postgres. Un actor de la amenaza con acceso a nivel root a la vApp o a las versiones en contenedor de Cloud Mobility podría explotar esta vulnerabilidad, conllevando a una modificación o eliminación de tablas necesarias para muchas de las funcionalidades principales de Cloud Mobility. • https://www.dell.com/support/kbdoc/en-vc/000203434/dsa-2022-264-cloud-mobility-for-dell-storage-security-update-for-an-insecure-database-vulnerability • CWE-285: Improper Authorization •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34432
https://notcve.org/view.php?id=CVE-2022-34432
Dell Hybrid Client below 1.8 version contains a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders. Dell Hybrid Client versiones anteriores a 1.8, contiene una vulnerabilidad de gedit. Un atacante invitado podría explotar esta vulnerabilidad, permitiendo una eliminación de archivos y carpetas del usuario y de algunos sistemas • https://www.dell.com/support/kbdoc/en-us/000203345/dsa-2022-260-dell-hybrid-client-security-update-for-multiple-vulnerabilities • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34431
https://notcve.org/view.php?id=CVE-2022-34431
Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible. Dell Hybrid Client versiones anteriores a 1.8, contiene una vulnerabilidad de corrupción del perfil de usuario invitado. Un atacante privilegiado WMS podría potencialmente explotar esta vulnerabilidad, conllevando a que el sistema DHC no sea accesible • https://www.dell.com/support/kbdoc/en-us/000203345/dsa-2022-260-dell-hybrid-client-security-update-for-multiple-vulnerabilities • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34430
https://notcve.org/view.php?id=CVE-2022-34430
Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. Dell Hybrid Client versiones anteriores a 1.8, contiene una vulnerabilidad de tipo Zip Bomb en la Interfaz de Usuario. Un atacante privilegiado de invitado podría potencialmente explotar esta vulnerabilidad, conllevando a una modificación de los archivos del sistema • https://www.dell.com/support/kbdoc/en-us/000203345/dsa-2022-260-dell-hybrid-client-security-update-for-multiple-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34427
https://notcve.org/view.php?id=CVE-2022-34427
Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command execution. Dell Container Storage Modules versión 1.2, contiene una inyección de comandos del Sistema Operativo en las bibliotecas goiscsi y gobrick. Un atacante remoto no autenticado podría explotar esta vulnerabilidad, conllevando a una modificación de la ejecución de comandos del Sistema Operativo • https://www.dell.com/support/kbdoc/en-vc/000203352/dsa-2022-259-dell-container-storage-modules-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •