Powerscale Onefs
by Dell
CVEs (178)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-45099 | 0.00 | — | 0.00 | Feb 1, 2023 | Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise | |||
| CVE-2022-45098 | 0.00 | — | 0.00 | Feb 1, 2023 | Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure. | |||
| CVE-2022-45096 | 0.00 | — | 0.00 | Feb 1, 2023 | Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information. | |||
| CVE-2022-45097 | 0.00 | — | 0.00 | Feb 1, 2023 | Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure. | |||
| CVE-2022-45095 | 0.00 | — | 0.01 | Feb 1, 2023 | Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of… | |||
| CVE-2022-45101 | 0.00 | — | 0.01 | Feb 1, 2023 | Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution. | |||
| CVE-2022-34439 | 0.00 | — | 0.01 | Oct 21, 2022 | Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node. | |||
| CVE-2022-34438 | 0.00 | — | 0.00 | Oct 21, 2022 | Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters. | |||
| CVE-2022-34437 | 0.00 | — | 0.00 | Oct 21, 2022 | Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters. | |||
| CVE-2022-31239 | 0.00 | — | 0.00 | Oct 21, 2022 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data. | |||
| CVE-2022-34378 | 0.00 | — | 0.00 | Sep 2, 2022 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. | |||
| CVE-2022-34371 | 0.00 | — | 0.01 | Sep 2, 2022 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system… | |||
| CVE-2022-34369 | 0.00 | — | 0.01 | Sep 2, 2022 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this… | |||
| CVE-2022-33932 | 0.00 | — | 0.01 | Aug 22, 2022 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem… | |||
| CVE-2022-32480 | 0.00 | — | 0.01 | Aug 22, 2022 | Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information… | |||
| CVE-2022-31238 | 0.00 | — | 0.00 | Aug 22, 2022 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure. | |||
| CVE-2022-31237 | 0.00 | — | 0.00 | Aug 22, 2022 | Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially exploit this vulnerability, leading to limited information disclosure. | |||
| CVE-2022-31230 | 0.00 | — | 0.01 | Jun 28, 2022 | Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access. | |||
| CVE-2022-31229 | 0.00 | — | 0.01 | Jun 28, 2022 | Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources. | |||
| CVE-2022-29098 | 0.00 | — | 0.01 | Jun 1, 2022 | Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise. |
- CVE-2022-45099Feb 1, 2023risk 0.00cvss —epss 0.00
Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise
- CVE-2022-45098Feb 1, 2023risk 0.00cvss —epss 0.00
Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure.
- CVE-2022-45096Feb 1, 2023risk 0.00cvss —epss 0.00
Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information.
- CVE-2022-45097Feb 1, 2023risk 0.00cvss —epss 0.00
Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.
- CVE-2022-45095Feb 1, 2023risk 0.00cvss —epss 0.01
Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of…
- CVE-2022-45101Feb 1, 2023risk 0.00cvss —epss 0.01
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution.
- CVE-2022-34439Oct 21, 2022risk 0.00cvss —epss 0.01
Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node.
- CVE-2022-34438Oct 21, 2022risk 0.00cvss —epss 0.00
Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters.
- CVE-2022-34437Oct 21, 2022risk 0.00cvss —epss 0.00
Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters.
- CVE-2022-31239Oct 21, 2022risk 0.00cvss —epss 0.00
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data.
- CVE-2022-34378Sep 2, 2022risk 0.00cvss —epss 0.00
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service.
- CVE-2022-34371Sep 2, 2022risk 0.00cvss —epss 0.01
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system…
- CVE-2022-34369Sep 2, 2022risk 0.00cvss —epss 0.01
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this…
- CVE-2022-33932Aug 22, 2022risk 0.00cvss —epss 0.01
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem…
- CVE-2022-32480Aug 22, 2022risk 0.00cvss —epss 0.01
Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information…
- CVE-2022-31238Aug 22, 2022risk 0.00cvss —epss 0.00
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure.
- CVE-2022-31237Aug 22, 2022risk 0.00cvss —epss 0.00
Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially exploit this vulnerability, leading to limited information disclosure.
- CVE-2022-31230Jun 28, 2022risk 0.00cvss —epss 0.01
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.
- CVE-2022-31229Jun 28, 2022risk 0.00cvss —epss 0.01
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.
- CVE-2022-29098Jun 1, 2022risk 0.00cvss —epss 0.01
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise.
Page 6 of 9