CVE-2024-25953

Dell PowerScale OneFS vulnerable to a local symbolik link (symlink) following issue in versions 9.4.0.x–9.7.0.x. Root cause: tracking/handling of UNIX symbolic links allows a highly privileged, local attacker to cause DoS and tamper with data (integrity) and DoS (availability). Impact per sources...

PT-2024-2506 · Dell · Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x Description: The issue is related to the tracking of symbolic links in the PowerScale OneFS operating system. Exploitation of this issue may allow an attacker to cause a denial of service...

CVE-2023-25536

CVE-2023-25536 affects Dell PowerScale OneFS 9.4.0.x. The vulnerability is an information disclosure where an authenticated local user could exploit certificate management to obtain sensitive data, potentially leading to a system takeover. The CVSS vector (LOCAL, HIGH privileges, no user interact...

Design/Logic Flaw

Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service...

CVE-2023-25540

Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service...

CVE-2023-25540

Dell PowerScale OneFS 9.4.0.x is affected by an authorization issue caused by incorrect default privileges, allowing a local attacker to overwrite arbitrary files and cause a denial of service. The vulnerability is local, with low attack complexity and requires low privileges, and it can impact a...

PT-2023-20149 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS version 9.4.0.x Description: The issue is related to incorrect default permissions, allowing a local malicious user to potentially overwrite arbitrary files, which could cause a denial of service. Recommendations: For De...

CVE-2022-34444

Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak...

Information disclosure

Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure...

CVE-2023-22572

Dell PowerScale OneFS is affected (versions 9.1.0.x–9.4.0.x). The issue is that the change password API can insert sensitive information into log files, enabling a low-privilege local attacker to potentially take over the system. Affected component: change password API; root cause: sensitive data...

Denial of service

Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service...

CVE-2022-46679

Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service...

CVE-2022-45098

Dell PowerScale OneFS (9.0.0.x–9.4.0.x) has a vulnerability in the S3 component where sensitive information can be stored in cleartext. An authenticated local attacker could potentially exploit this, leading to information disclosure. The issue is documented across multiple sources (e.g., CVE-202...

CVE-2022-45101

Dell PowerScale OneFS 9.0.0.x–9.4.0.x is affected by an NFS flaw described as Improper Handling of Insufficient Privileges, enabling a remote unauthenticated attacker to potentially cause information disclosure and remote code execution. The issue is tied to the NFS handling path and root cause i...

CVE-2022-34439

Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node...

CVE-2022-34439

Dell PowerScale OneFS (versions 8.2.0.x through 9.4.0.x) is affected by a vulnerability where resources are allocated without limits or throttling. This allows a remote unauthenticated attacker to cause denial of service and degraded performance on the affected node. The issue is tied to improper...

CVE-2017-8017

EMC Network Configuration Manager NCM 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system...

CVE-2017-8017

EMC Network Configuration Manager NCM 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system...

Authentication flaw

EMC Network Configuration Manager NCM 9.3.x, EMC Network Configuration Manager NCM 9.4.0.x, EMC Network Configuration Manager NCM 9.4.1.x, EMC Network Configuration Manager NCM 9.4.2.x contains an Improper Authentication vulnerability that could potentially be exploited by malicious users to...

CVE-2017-2767

EMC Network Configuration Manager NCM 9.3.x, EMC Network Configuration Manager NCM 9.4.0.x, EMC Network Configuration Manager NCM 9.4.1.x, EMC Network Configuration Manager NCM 9.4.2.x contains a Java RMI Remote Code Execution vulnerability that could potentially be exploited by malicious users t...