Summary
| Detail | |||
|---|---|---|---|
| Vendor | Dell | First view | 2021-02-09 |
| Product | Emc Powerscale Onefs | Last view | 2023-04-04 |
| Version | 8.1.2 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:dell:emc_powerscale_onefs | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.5 | 2023-04-04 | CVE-2023-25942 | Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service. |
| 7.8 | 2023-04-04 | CVE-2023-25941 | Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee. |
| 7.1 | 2023-02-28 | CVE-2023-25540 | Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service. |
| 6.7 | 2023-02-10 | CVE-2022-34454 | Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters. |
| 4.8 | 2023-02-10 | CVE-2022-33934 | Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields. |
| 8.8 | 2023-02-01 | CVE-2023-22575 | Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges. |
| 8.1 | 2023-02-01 | CVE-2023-22574 | Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service. |
| 5.5 | 2023-02-01 | CVE-2023-22573 | Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure. |
| 7.8 | 2023-02-01 | CVE-2023-22572 | Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover. |
| 7.5 | 2023-02-01 | CVE-2022-46679 | Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. |
| 9.8 | 2023-02-01 | CVE-2022-45101 | Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution. |
| 9.8 | 2023-02-01 | CVE-2022-45100 | Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system. |
| 7.8 | 2023-02-01 | CVE-2022-45099 | Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise |
| 5.5 | 2023-02-01 | CVE-2022-45098 | Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure. |
| 8.8 | 2023-02-01 | CVE-2022-45097 | Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure. |
| 6.5 | 2023-02-01 | CVE-2022-45096 | Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information. |
| 6.7 | 2023-02-01 | CVE-2022-45095 | Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion. |
| 7.5 | 2022-10-21 | CVE-2022-34439 | Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node. |
| 6.7 | 2022-10-21 | CVE-2022-34438 | Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters. |
| 6.7 | 2022-10-21 | CVE-2022-34437 | Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters. |
| 4.4 | 2022-10-21 | CVE-2022-31239 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data. |
| 5.5 | 2022-09-02 | CVE-2022-34378 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. |
| 9.8 | 2022-09-02 | CVE-2022-34371 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. |
| 7.5 | 2022-09-02 | CVE-2022-34369 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data. |
| 5.3 | 2022-08-22 | CVE-2022-33932 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 14% (8) | CWE-532 | Information Leak Through Log Files |
| 8% (5) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 8% (5) | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('O... |
| 7% (4) | CWE-276 | Incorrect Default Permissions |
| 5% (3) | CWE-755 | Improper Handling of Exceptional Conditions |
| 5% (3) | CWE-269 | Improper Privilege Management |
| 3% (2) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 3% (2) | CWE-522 | Insufficiently Protected Credentials |
| 3% (2) | CWE-295 | Certificate Issues |
| 3% (2) | CWE-281 | Improper Preservation of Permissions |
| 3% (2) | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Comma... |
| 1% (1) | CWE-798 | Use of Hard-coded Credentials |
| 1% (1) | CWE-787 | Out-of-bounds Write |
| 1% (1) | CWE-770 | Allocation of Resources Without Limits or Throttling |
| 1% (1) | CWE-664 | Improper Control of a Resource Through its Lifetime |
| 1% (1) | CWE-598 | Information Leak Through Query Strings in GET Request |
| 1% (1) | CWE-426 | Untrusted Search Path |
| 1% (1) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 1% (1) | CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
| 1% (1) | CWE-335 | PRNG Seed Error |
| 1% (1) | CWE-330 | Use of Insufficiently Random Values |
| 1% (1) | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
| 1% (1) | CWE-319 | Cleartext Transmission of Sensitive Information |
| 1% (1) | CWE-312 | Cleartext Storage of Sensitive Information |
| 1% (1) | CWE-307 | Improper Restriction of Excessive Authentication Attempts |
