CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25942
https://notcve.org/view.php?id=CVE-2023-25942
04 Apr 2023 — Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service. • https://www.dell.com/support/kbdoc/en-us/000211539/dell-emc-powerscale-onefs-security • CWE-664: Improper Control of a Resource Through its Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25941
https://notcve.org/view.php?id=CVE-2023-25941
04 Apr 2023 — Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee. • https://www.dell.com/support/kbdoc/en-us/000211539/dell-emc-powerscale-onefs-security • CWE-276: Incorrect Default Permissions •
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-33934
https://notcve.org/view.php?id=CVE-2022-33934
10 Feb 2023 — Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields. • https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34454
https://notcve.org/view.php?id=CVE-2022-34454
10 Feb 2023 — Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters. • https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-22575
https://notcve.org/view.php?id=CVE-2023-22575
01 Feb 2023 — Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges. • https://www.dell.com/support/kbdoc/en-us/000207863/dell-powerscale-onefs-security-updates-for-multiple-security • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.9EPSS: 0%CPEs: 3EXPL: 0CVE-2023-22573
https://notcve.org/view.php?id=CVE-2023-22573
01 Feb 2023 — Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure. • https://www.dell.com/support/kbdoc/en-us/000207863/dell-powerscale-onefs-security-updates-for-multiple-security • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-22574
https://notcve.org/view.php?id=CVE-2023-22574
01 Feb 2023 — Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service. • https://www.dell.com/support/kbdoc/en-us/000207863/dell-powerscale-onefs-security-updates-for-multiple-security • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-22572
https://notcve.org/view.php?id=CVE-2023-22572
01 Feb 2023 — Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover. • https://www.dell.com/support/kbdoc/en-us/000207863/dell-powerscale-onefs-security-updates-for-multiple-security • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-46679
https://notcve.org/view.php?id=CVE-2022-46679
01 Feb 2023 — Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. • https://www.dell.com/support/kbdoc/en-us/000206927/dsa-2022-323-dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities • CWE-410: Insufficient Resource Pool •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-45100
https://notcve.org/view.php?id=CVE-2022-45100
01 Feb 2023 — Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system. • https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities • CWE-295: Improper Certificate Validation •