84 matches found
CVE-2021-21599
Dell EMC PowerScale OneFS versions 8.2.x–9.2.1.x are affected by an OS command injection vulnerability that can enable privilege escalation for a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE, potentially evading Smartlock WORM compliance. Affected component is the OneFS OS; root cause d...
CVE-2022-24428
Dell PowerScale OneFS (versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, 9.3.0.x) is affected by an improper preservation of privileges error. The vulnerability could be exploited by a remote filesystem user with a local account to escalate file privileges and disclose information. Root cause: ...
CVE-2022-24412
Dell EMC PowerScale OneFS (versions 8.2.x–9.3.0.x) contains an improper handling of value vulnerability that could allow an unprivileged network attacker to cause a denial of service. The description across NVD/CNVD/CVE references identifies the affected product family and the impact as DoS via n...
CVE-2021-21595
Dell EMC PowerScale OneFS (versions 8.2.x–9.1.1.x) contains an elevation-of-privileges flaw caused by improper neutralization of special elements in an OS command. The vulnerability could allow the compadmin user to gain higher privileges, and is reported to impact Smartlock WORM compliance mode ...
CVE-2022-23161
Dell PowerScale OneFS (versions 8.2.x–9.3.0.x) contains a denial-of-service flaw in SmartConnect caused by improper handling of incoming error messages. An unprivileged network attacker can trigger a DoS, with impact described as availability loss (CVE-2022-23161). The NVD metrics show CVSSv3.1 b...
CVE-2021-36278
CVE-2021-36278 affects Dell EMC PowerScale OneFS (versions 8.2.x, 9.1.0.x, 9.1.1.1). The issue is a sensitive information exposure in log files, exploitable by a local attacker who holds ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT. If third-party systems consume these logs...
CVE-2022-22559
Dell PowerScale OneFS 9.3.0 contains a vulnerability due to the use of a broken or risky cryptographic algorithm that could allow an unprivileged network attacker to cause information disclosure. The connected documents confirm the affected product and version and describe the impact as informati...
CVE-2022-24413
Affected software: Dell PowerScale OneFS, versions 8.2.2-9.3.x. Vulnerability: time-of-check-to-time-of-use (TOCTTOU) that a local user with access to the filesystem could exploit to cause data loss. Root cause / details: TOCTTOU described; no deeper exploitation details provided. Impact: data lo...
CVE-2022-22561
Technical details (affected versions, root cause, impact, or fix) are not provided in the connected documents. The initial CVE description mentions a brute-force risk but no public technical specifics are included here. Monitor for updates.
CVE-2022-26852
Technical details about CVE-2022-26852 are not publicly provided in the supplied connected documents. Dell PowerScale OneFS versions 8.2.x-9.3.x are mentioned in the initial description, but no additional exploit specifics, impact, or remediation are given here. Monitor for updates.
CVE-2021-21568
Dell EMC PowerScale OneFS (versions 8.2.x–9.2.x) has an insufficient logging vulnerability that lets an authenticated user with ISI_PRIV_LOGIN_PAPI make unaudited, un‑trackable configuration changes to settings their role permits. The impact is unlogged changes to settings with low to moderate se...
CVE-2022-24411
Dell PowerScale OneFS CVE-2022-24411 affects PowerScale OneFS 8.2.2 and newer. The root cause is an incorrect programmatic call to a high‑level native procedure, enabling a local attacker to achieve elevation of privilege (with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE), potentially bypass...
CVE-2022-26851
Dell PowerScale OneFS (8.2.2–9.3.x) contains a vulnerability described as a predictable file name from observable state. An unprivileged, remote attacker could exploit it to cause data loss. Affected component/condition corresponds to the observable state of file naming; the exact root cause is d...
CVE-2022-22563
Dell PowerScale OneFS 8.2.x–9.2.x contains a vulnerability where sensitive information is omitted from /etc/master.passwd. A high-privileged user could exploit this to avoid recording the source of account-information changes, potentially impacting auditability and traceability. Affected componen...
CVE-2022-22562
Dell PowerScale OneFS (versions 8.2.0–9.3.0) is affected by a vulnerability described as improper handling of missing values, enabling an unauthenticated network attacker to cause a denial-of-service. This aligns with multiple CVE sources, including NVD and CNVD entries. The connected documents c...
CVE-2021-21592
Dell EMC PowerScale OneFS versions 8.2.x–9.2.x contain an information disclosure vulnerability due to improper handling of an exceptional condition. A remote low-privilege attacker could exploit this to obtain information that should be restricted. The core issue is the improper exception handlin...
CVE-2022-26854
Dell PowerScale OneFS (versions 8.2.x–9.2.x) is affected by a vulnerability described as risky cryptographic algorithms, potentially enabling a remote unprivileged attacker to gain full system access. The CVE entry notes attacker-controlled remote access with high impact. A Dell PowerScale OneFS ...
CVE-2021-36282
Dell EMC PowerScale OneFS (versions 8.2.x–9.1.0.x) is affected by a use of uninitialized resource vulnerability. The issue could allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to read up to 24 bytes of data from the /ifs kernel stack under certain conditi...
CVE-2022-22560
Dell EMC PowerScale OneFS 8.1.x–9.1.x is affected by a vulnerability due to hard coded credentials that allow a locally authenticated attacker to log in as the admin user to the backend Ethernet switch of a PowerScale cluster, potentially taking the switch offline. Root cause: hard coded credenti...
CVE-2022-22565
CVE-2022-22565 affects Dell PowerScale OneFS 9.0.0–9.3.0. The issue is an improper authorization of an index containing sensitive information, allowing an authenticated privileged user to disclose or modify sensitive data. The vulnerable component is associated with the OneFS operating system’s i...
CVE-2021-36279
Dell EMC PowerScale OneFS versions 8.2.x–9.2.x are affected by an Incorrect Permission Assignment for a Critical Resource vulnerability. The root cause is misconfigured permissions that can allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged cluster information. Im...
CVE-2022-22550
Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability that could let an unprivileged local attacker obtain passwords and potentially take over accounts. The Connected documents confirm the affected product and impact but do not provide specific root-cause de...
CVE-2021-36281
Dell EMC PowerScale OneFS versions 8.2.x–9.2.x contain an incorrect permission assignment that can allow a low-privileged authenticated user to escalate privileges. Affected component: privilege/permission handling in OneFS API surface. Root cause: misassigned permissions enabling higher-privileg...
CVE-2022-23159
Technical details about CVE-2022-23159 are not publicly provided in the supplied documents; monitor for updates from Dell and CVE sources.
CVE-2021-36280
Dell EMC PowerScale OneFS (versions 8.2.x–9.2.x) contains an incorrect permission assignment for a critical resource, potentially allowing a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged cluster information. Public sources describe the affected component as the API-d...
CVE-2022-23163
Dell PowerScale OneFS (versions 8.2.x, 9.1.0.x, 9.2.1.x, 9.3.0.x) is affected by a denial-of-service vulnerability reported as CVE-2022-23163. The connected documents consistently describe a local attack that could cause data unavailability, but do not provide the underlying root cause details or...
CVE-2022-23160
Dell PowerScale OneFS (versions 8.2.0–9.3.0) contains an Improper Handling of Insufficient Permissions vulnerability that could allow a remote attacker to gain write permissions on read‑only files. The CVE entry is supported by connected records indicating PowerScale OneFS as affected and the imp...
CVE-2022-31239
Dell PowerScale OneFS exposes sensitive data in log files on versions 9.0.0–9.1.0.19, 9.2.1.12, and 9.3.0.6. A privileged local user may disclose this data via log files. Root cause not explicitly stated in the provided documents. Dell/EMC has issued a security update (DSA-2022-149) addressing th...
CVE-2020-26181
Dell EMC Isilon OneFS (8.1+) and Dell EMC PowerScale OneFS (9.0.0) expose a local privilege-escalation in SmartLock Compliance mode clusters. The compadmin user who can authenticate via ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate to root if they possess ISI PRIV HARDENING privileges....
CVE-2022-34438
Dell PowerScale OneFS (versions 8.2.x–9.4.0.x) is affected by a privilege context switching error. The vulnerability is a local, authenticated- user context issue that could allow a high-privilege user to achieve full system compromise, with impact on compliance mode clusters. The connected docum...
CVE-2021-21594
Dell PowerScale OneFS (versions 8.2.2–9.1.0.x) exposes sensitive data due to use of the GET request method with a sensitive query string. The root cause is information disclosure from that query handling, as described across multiple sources (CNVD/CNNVD and NVD entries). Impact is potential expos...
CVE-2023-22574
Dell PowerScale OneFS versions 9.0.0.x–9.4.0.x are affected by a log information disclosure via the IPMI module in the platform API. A low-privilege user with read-logs permissions on a cluster could exploit this to disclose sensitive information and cause a denial of service. Mitigation and reme...
CVE-2022-22549
CVE-2022-22549 affects Dell PowerScale OneFS versions 8.2.x–9.3.x. The root cause is improper certificate validation, enabling an unauthenticated remote attacker to perform a man-in-the-middle attack to capture administrative credentials. Public disclosures in multiple sources (NVD/CNVD/PRION/PT-...
CVE-2022-26855
Dell PowerScale OneFS (versions 8.2.x–9.3.0.x) contains an incorrect default permissions vulnerability that could allow a local attacker to cause a denial of service. The root cause is misconfigured default permissions, with a local attack vector and no authenticated access required per CVSS data...
CVE-2020-26194
Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 are affected by CVE-2020-26194, an Incorrect Permission Assignment for a Critical Resource vulnerability. A non-admin user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges could potentially exploit the issue to cause compromised crypt...
CVE-2022-31237
CVE-2022-31237 affects Dell PowerScale OneFS: affected versions are 9.2.0 through 9.2.1.12 and 9.3.0.5. The issue is an improper preservation of permissions in SyncIQ that could allow a low-privileged local attacker to disclose information. Exploitation details are not provided in the documents, ...
CVE-2023-22572
Dell PowerScale OneFS is affected (versions 9.1.0.x–9.4.0.x). The issue is that the change password API can insert sensitive information into log files, enabling a low-privilege local attacker to potentially take over the system. Affected component: change password API; root cause: sensitive data...
CVE-2022-45101
Dell PowerScale OneFS 9.0.0.x–9.4.0.x is affected by an NFS flaw described as Improper Handling of Insufficient Privileges, enabling a remote unauthenticated attacker to potentially cause information disclosure and remote code execution. The issue is tied to the NFS handling path and root cause i...
CVE-2020-5353
The CVE concerns Dell Isilon OneFS (versions 8.2.2 and earlier) and Dell EMC PowerScale OneFS (version 9.0.0) where the default NFS configuration exposes the admin home directory. An attacker may abuse a forged UID over NFS to rewrite sensitive files, granting administrative access. The issue is ...
CVE-2022-33932
Dell PowerScale OneFS versions 9.0.0–9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2 are affected by an unprotected primary channel vulnerability that an unauthenticated network attacker could abuse to cause a denial of filesystem services. A fix is available via Dell security updates; upgrade to a vers...
CVE-2022-34437
CVE-2022-34437 affects Dell PowerScale OneFS 8.2.2–9.3.0 and is a local OS command-injection vulnerability that a privileged attacker could exploit to fully compromise the system, including compliance-mode clusters. The vulnerability is described across multiple sources with no exploit status pro...
CVE-2020-26180
CVE-2020-26180 affects Dell EMC Isilon OneFS (8.1+), and Dell EMC PowerScale OneFS (9.0.0). The root cause is an access issue tied to the remotesupport user account, allowing a remote, low-privilege attacker to access data under the /ifs directory via most protocols. The documents do not provide ...
CVE-2021-21502
Affected products: Dell PowerScale OneFS 8.1.0–9.1.0. Vulnerability: use of an SSH key past account expiration tied to the ISI_PRIV_AUTH_SSH RBAC privilege, enabling a user with an expired account to access the same content as before expiration. Impact (per sources): potential access with high im...
CVE-2023-25942
Dell PowerScale OneFS versions 8.2.x–9.4.x contain an uncontrolled resource consumption vulnerability in SMB that can be exploited by a malicious network user with low privileges to cause denial of service. Root cause is a resource management error; impact is availability (CVE-2023-25942). Exploi...
CVE-2021-36305
Dell PowerScale OneFS is affected by CVE-2021-36305 due to unsynchronized access to shared data in a multithreaded SMB CA handling path. The vulnerability could allow an authenticated SMB user on a cluster with CA to cause a denial of service over SMB. The provided documents describe the issue an...
CVE-2016-1346
The CVE-2016-1346 entry concerns Cisco TelePresence Server running on Mobility Services Engine (MSE) 8710, with affected software versions 3.0 through 4.2(4.18). The root cause is improper handling of a crafted sequence of IPv6 packets in the kernel, allowing an unauthenticated remote attacker to...
CVE-2020-26192
Dell EMC PowerScale OneFS versions 8.2.0–9.1.0 contain a local privilege-escalation vulnerability. A non-admin user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH could potentially read arbitrary data, tamper with system software, or cause a denial of service. Affected products/versions and pr...
CVE-2020-26196
CVE-2020-26196 │ Dell EMC PowerScale OneFS (versions 8.1.0–9.1.0) contains a Backups/Restore Privilege implementation issue. A user with the BackupAdmin role may exploit this to write data outside of the intended file-system locations. This is documented across multiple sources (NVD, CNVD, PRION,...
CVE-2015-6312
Cisco TelePresence Server 3.1 (on 7010, MSE 8710, Multiparty Media 310/320 and VM devices) is affected by CVE-2015-6312 due to improper processing of malformed STUN packets. An unauthenticated, remote attacker could cause a denial of service by forcing the device to reload, which also disrupts on...
CVE-2020-26193
Dell EMC PowerScale OneFS 8.1.0–9.1.0 contains an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege can exploit this to execute arbitrary OS commands on the underlying OS of the application, with the vulnerable application's privileges. Affected product is Dell E...