Lucene search
+L
DellEmc Powerscale Onefs

84 matches found

CVE
CVE
added 2021/08/16 10:0 p.m.106 views

CVE-2021-21599

Dell EMC PowerScale OneFS versions 8.2.x–9.2.1.x are affected by an OS command injection vulnerability that can enable privilege escalation for a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE, potentially evading Smartlock WORM compliance. Affected component is the OneFS OS; root cause d...

6.7CVSS6.9AI score0.00384EPSS
CVE
CVE
added 2022/04/08 7:50 p.m.99 views

CVE-2022-24428

Dell PowerScale OneFS (versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, 9.3.0.x) is affected by an improper preservation of privileges error. The vulnerability could be exploited by a remote filesystem user with a local account to escalate file privileges and disclose information. Root cause: ...

8.8CVSS8.4AI score0.00561EPSS
CVE
CVE
added 2022/04/12 5:50 p.m.96 views

CVE-2022-24412

Dell EMC PowerScale OneFS (versions 8.2.x–9.3.0.x) contains an improper handling of value vulnerability that could allow an unprivileged network attacker to cause a denial of service. The description across NVD/CNVD/CVE references identifies the affected product family and the impact as DoS via n...

7.5CVSS7.4AI score0.00975EPSS
CVE
CVE
added 2021/08/16 10:0 p.m.95 views

CVE-2021-21595

Dell EMC PowerScale OneFS (versions 8.2.x–9.1.1.x) contains an elevation-of-privileges flaw caused by improper neutralization of special elements in an OS command. The vulnerability could allow the compadmin user to gain higher privileges, and is reported to impact Smartlock WORM compliance mode ...

6.7CVSS6.4AI score0.00241EPSS
CVE
CVE
added 2022/04/12 5:50 p.m.95 views

CVE-2022-22559

Dell PowerScale OneFS 9.3.0 contains a vulnerability due to the use of a broken or risky cryptographic algorithm that could allow an unprivileged network attacker to cause information disclosure. The connected documents confirm the affected product and version and describe the impact as informati...

7.5CVSS7.2AI score0.00569EPSS
CVE
CVE
added 2022/04/12 5:50 p.m.95 views

CVE-2022-23161

Dell PowerScale OneFS (versions 8.2.x–9.3.0.x) contains a denial-of-service flaw in SmartConnect caused by improper handling of incoming error messages. An unprivileged network attacker can trigger a DoS, with impact described as availability loss (CVE-2022-23161). The NVD metrics show CVSSv3.1 b...

7.5CVSS7.4AI score0.00948EPSS
CVE
CVE
added 2021/08/16 10:0 p.m.94 views

CVE-2021-36278

CVE-2021-36278 affects Dell EMC PowerScale OneFS (versions 8.2.x, 9.1.0.x, 9.1.1.1). The issue is a sensitive information exposure in log files, exploitable by a local attacker who holds ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT. If third-party systems consume these logs...

8.1CVSS5.2AI score0.00565EPSS
CVE
CVE
added 2022/04/12 5:50 p.m.93 views

CVE-2022-24413

Affected software: Dell PowerScale OneFS, versions 8.2.2-9.3.x. Vulnerability: time-of-check-to-time-of-use (TOCTTOU) that a local user with access to the filesystem could exploit to cause data loss. Root cause / details: TOCTTOU described; no deeper exploitation details provided. Impact: data lo...

4.4CVSS4.1AI score0.00137EPSS
CVE
CVE
added 2022/04/12 5:50 p.m.91 views

CVE-2022-22561

Technical details (affected versions, root cause, impact, or fix) are not provided in the connected documents. The initial CVE description mentions a brute-force risk but no public technical specifics are included here. Monitor for updates.

9.8CVSS9.5AI score0.01355EPSS
CVE
CVE
added 2022/04/08 7:50 p.m.91 views

CVE-2022-26852

Technical details about CVE-2022-26852 are not publicly provided in the supplied connected documents. Dell PowerScale OneFS versions 8.2.x-9.3.x are mentioned in the initial description, but no additional exploit specifics, impact, or remediation are given here. Monitor for updates.

9.8CVSS9.3AI score0.01188EPSS
CVE
CVE
added 2021/08/16 10:0 p.m.89 views

CVE-2021-21568

Dell EMC PowerScale OneFS (versions 8.2.x–9.2.x) has an insufficient logging vulnerability that lets an authenticated user with ISI_PRIV_LOGIN_PAPI make unaudited, un‑trackable configuration changes to settings their role permits. The impact is unlogged changes to settings with low to moderate se...

4.3CVSS4.5AI score0.00572EPSS
CVE
CVE
added 2022/04/12 5:50 p.m.89 views

CVE-2022-24411

Dell PowerScale OneFS CVE-2022-24411 affects PowerScale OneFS 8.2.2 and newer. The root cause is an incorrect programmatic call to a high‑level native procedure, enabling a local attacker to achieve elevation of privilege (with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE), potentially bypass...

7.8CVSS7.5AI score0.00231EPSS
CVE
CVE
added 2022/04/08 7:50 p.m.89 views

CVE-2022-26851

Dell PowerScale OneFS (8.2.2–9.3.x) contains a vulnerability described as a predictable file name from observable state. An unprivileged, remote attacker could exploit it to cause data loss. Affected component/condition corresponds to the observable state of file naming; the exact root cause is d...

9.1CVSS9AI score0.00894EPSS
CVE
CVE
added 2022/04/08 7:50 p.m.87 views

CVE-2022-22563

Dell PowerScale OneFS 8.2.x–9.2.x contains a vulnerability where sensitive information is omitted from /etc/master.passwd. A high-privileged user could exploit this to avoid recording the source of account-information changes, potentially impacting auditability and traceability. Affected componen...

4.4CVSS4.6AI score0.0021EPSS
CVE
CVE
added 2022/04/12 5:50 p.m.86 views

CVE-2022-22562

Dell PowerScale OneFS (versions 8.2.0–9.3.0) is affected by a vulnerability described as improper handling of missing values, enabling an unauthenticated network attacker to cause a denial-of-service. This aligns with multiple CVE sources, including NVD and CNVD entries. The connected documents c...

7.5CVSS7.5AI score0.00894EPSS
CVE
CVE
added 2021/08/16 10:0 p.m.85 views

CVE-2021-21592

Dell EMC PowerScale OneFS versions 8.2.x–9.2.x contain an information disclosure vulnerability due to improper handling of an exceptional condition. A remote low-privilege attacker could exploit this to obtain information that should be restricted. The core issue is the improper exception handlin...

6.5CVSS6.1AI score0.00839EPSS
CVE
CVE
added 2022/04/08 7:50 p.m.85 views

CVE-2022-26854

Dell PowerScale OneFS (versions 8.2.x–9.2.x) is affected by a vulnerability described as risky cryptographic algorithms, potentially enabling a remote unprivileged attacker to gain full system access. The CVE entry notes attacker-controlled remote access with high impact. A Dell PowerScale OneFS ...

10CVSS9.2AI score0.00712EPSS
CVE
CVE
added 2021/08/16 10:0 p.m.84 views

CVE-2021-36282

Dell EMC PowerScale OneFS (versions 8.2.x–9.1.0.x) is affected by a use of uninitialized resource vulnerability. The issue could allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to read up to 24 bytes of data from the /ifs kernel stack under certain conditi...

3.3CVSS4.2AI score0.00201EPSS
CVE
CVE
added 2022/04/12 5:50 p.m.84 views

CVE-2022-22560

Dell EMC PowerScale OneFS 8.1.x–9.1.x is affected by a vulnerability due to hard coded credentials that allow a locally authenticated attacker to log in as the admin user to the backend Ethernet switch of a PowerScale cluster, potentially taking the switch offline. Root cause: hard coded credenti...

7.1CVSS5.4AI score0.00176EPSS
CVE
CVE
added 2022/04/12 5:50 p.m.84 views

CVE-2022-22565

CVE-2022-22565 affects Dell PowerScale OneFS 9.0.0–9.3.0. The issue is an improper authorization of an index containing sensitive information, allowing an authenticated privileged user to disclose or modify sensitive data. The vulnerable component is associated with the OneFS operating system’s i...

5.5CVSS4.2AI score0.00474EPSS
CVE
CVE
added 2021/08/16 10:0 p.m.83 views

CVE-2021-36279

Dell EMC PowerScale OneFS versions 8.2.x–9.2.x are affected by an Incorrect Permission Assignment for a Critical Resource vulnerability. The root cause is misconfigured permissions that can allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged cluster information. Im...

7.8CVSS7.3AI score0.00195EPSS
CVE
CVE
added 2022/04/12 5:50 p.m.83 views

CVE-2022-22550

Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability that could let an unprivileged local attacker obtain passwords and potentially take over accounts. The Connected documents confirm the affected product and impact but do not provide specific root-cause de...

6.7CVSS6.4AI score0.00221EPSS
CVE
CVE
added 2021/08/16 10:0 p.m.81 views

CVE-2021-36281

Dell EMC PowerScale OneFS versions 8.2.x–9.2.x contain an incorrect permission assignment that can allow a low-privileged authenticated user to escalate privileges. Affected component: privilege/permission handling in OneFS API surface. Root cause: misassigned permissions enabling higher-privileg...

8.8CVSS8.5AI score0.00687EPSS
CVE
CVE
added 2022/04/12 5:50 p.m.81 views

CVE-2022-23159

Technical details about CVE-2022-23159 are not publicly provided in the supplied documents; monitor for updates from Dell and CVE sources.

6.5CVSS6.3AI score0.0059EPSS
CVE
CVE
added 2021/08/16 10:0 p.m.79 views

CVE-2021-36280

Dell EMC PowerScale OneFS (versions 8.2.x–9.2.x) contains an incorrect permission assignment for a critical resource, potentially allowing a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged cluster information. Public sources describe the affected component as the API-d...

7.8CVSS5.2AI score0.00184EPSS
CVE
CVE
added 2022/04/12 5:50 p.m.78 views

CVE-2022-23163

Dell PowerScale OneFS (versions 8.2.x, 9.1.0.x, 9.2.1.x, 9.3.0.x) is affected by a denial-of-service vulnerability reported as CVE-2022-23163. The connected documents consistently describe a local attack that could cause data unavailability, but do not provide the underlying root cause details or...

5.5CVSS5.3AI score0.00205EPSS
CVE
CVE
added 2022/04/12 5:50 p.m.75 views

CVE-2022-23160

Dell PowerScale OneFS (versions 8.2.0–9.3.0) contains an Improper Handling of Insufficient Permissions vulnerability that could allow a remote attacker to gain write permissions on read‑only files. The CVE entry is supported by connected records indicating PowerScale OneFS as affected and the imp...

5.4CVSS4.7AI score0.00494EPSS
CVE
CVE
added 2022/10/21 6:5 p.m.73 views

CVE-2022-31239

Dell PowerScale OneFS exposes sensitive data in log files on versions 9.0.0–9.1.0.19, 9.2.1.12, and 9.3.0.6. A privileged local user may disclose this data via log files. Root cause not explicitly stated in the provided documents. Dell/EMC has issued a security update (DSA-2022-149) addressing th...

6.7CVSS4.5AI score0.00227EPSS
CVE
CVE
added 2021/01/05 9:40 p.m.72 views

CVE-2020-26181

Dell EMC Isilon OneFS (8.1+) and Dell EMC PowerScale OneFS (9.0.0) expose a local privilege-escalation in SmartLock Compliance mode clusters. The compadmin user who can authenticate via ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate to root if they possess ISI PRIV HARDENING privileges....

7.8CVSS7.8AI score0.00254EPSS
CVE
CVE
added 2022/10/21 6:5 p.m.72 views

CVE-2022-34438

Dell PowerScale OneFS (versions 8.2.x–9.4.0.x) is affected by a privilege context switching error. The vulnerability is a local, authenticated- user context issue that could allow a high-privilege user to achieve full system compromise, with impact on compliance mode clusters. The connected docum...

6.7CVSS6.2AI score0.0017EPSS
CVE
CVE
added 2021/08/16 10:0 p.m.71 views

CVE-2021-21594

Dell PowerScale OneFS (versions 8.2.2–9.1.0.x) exposes sensitive data due to use of the GET request method with a sensitive query string. The root cause is information disclosure from that query handling, as described across multiple sources (CNVD/CNNVD and NVD entries). Impact is potential expos...

8.2CVSS5.1AI score0.00806EPSS
CVE
CVE
added 2023/02/01 1:6 p.m.70 views

CVE-2023-22574

Dell PowerScale OneFS versions 9.0.0.x–9.4.0.x are affected by a log information disclosure via the IPMI module in the platform API. A low-privilege user with read-logs permissions on a cluster could exploit this to disclose sensitive information and cause a denial of service. Mitigation and reme...

8.1CVSS7.7AI score0.0066EPSS
CVE
CVE
added 2022/04/12 5:50 p.m.69 views

CVE-2022-22549

CVE-2022-22549 affects Dell PowerScale OneFS versions 8.2.x–9.3.x. The root cause is improper certificate validation, enabling an unauthenticated remote attacker to perform a man-in-the-middle attack to capture administrative credentials. Public disclosures in multiple sources (NVD/CNVD/PRION/PT-...

8.1CVSS7.8AI score0.00659EPSS
CVE
CVE
added 2022/04/08 7:50 p.m.67 views

CVE-2022-26855

Dell PowerScale OneFS (versions 8.2.x–9.3.0.x) contains an incorrect default permissions vulnerability that could allow a local attacker to cause a denial of service. The root cause is misconfigured default permissions, with a local attack vector and no authenticated access required per CVSS data...

5.5CVSS5.3AI score0.00182EPSS
CVE
CVE
added 2021/02/09 9:25 p.m.66 views

CVE-2020-26194

Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 are affected by CVE-2020-26194, an Incorrect Permission Assignment for a Critical Resource vulnerability. A non-admin user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges could potentially exploit the issue to cause compromised crypt...

7.8CVSS7.6AI score0.0025EPSS
CVE
CVE
added 2022/08/22 4:50 p.m.66 views

CVE-2022-31237

CVE-2022-31237 affects Dell PowerScale OneFS: affected versions are 9.2.0 through 9.2.1.12 and 9.3.0.5. The issue is an improper preservation of permissions in SyncIQ that could allow a low-privileged local attacker to disclose information. Exploitation details are not provided in the documents, ...

3.3CVSS3.7AI score0.00232EPSS
CVE
CVE
added 2023/02/01 12:54 p.m.66 views

CVE-2023-22572

Dell PowerScale OneFS is affected (versions 9.1.0.x–9.4.0.x). The issue is that the change password API can insert sensitive information into log files, enabling a low-privilege local attacker to potentially take over the system. Affected component: change password API; root cause: sensitive data...

7.8CVSS7.4AI score0.0018EPSS
CVE
CVE
added 2023/02/01 4:41 a.m.65 views

CVE-2022-45101

Dell PowerScale OneFS 9.0.0.x–9.4.0.x is affected by an NFS flaw described as Improper Handling of Insufficient Privileges, enabling a remote unauthenticated attacker to potentially cause information disclosure and remote code execution. The issue is tied to the NFS handling path and root cause i...

9.8CVSS9AI score0.00819EPSS
CVE
CVE
added 2021/07/29 3:55 p.m.64 views

CVE-2020-5353

The CVE concerns Dell Isilon OneFS (versions 8.2.2 and earlier) and Dell EMC PowerScale OneFS (version 9.0.0) where the default NFS configuration exposes the admin home directory. An attacker may abuse a forged UID over NFS to rewrite sensitive files, granting administrative access. The issue is ...

9CVSS8.7AI score0.00972EPSS
CVE
CVE
added 2022/08/22 4:51 p.m.64 views

CVE-2022-33932

Dell PowerScale OneFS versions 9.0.0–9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2 are affected by an unprotected primary channel vulnerability that an unauthenticated network attacker could abuse to cause a denial of filesystem services. A fix is available via Dell security updates; upgrade to a vers...

5.3CVSS5.3AI score0.00688EPSS
CVE
CVE
added 2022/10/21 6:5 p.m.64 views

CVE-2022-34437

CVE-2022-34437 affects Dell PowerScale OneFS 8.2.2–9.3.0 and is a local OS command-injection vulnerability that a privileged attacker could exploit to fully compromise the system, including compliance-mode clusters. The vulnerability is described across multiple sources with no exploit status pro...

6.7CVSS6.5AI score0.00455EPSS
CVE
CVE
added 2021/07/28 12:5 a.m.63 views

CVE-2020-26180

CVE-2020-26180 affects Dell EMC Isilon OneFS (8.1+), and Dell EMC PowerScale OneFS (9.0.0). The root cause is an access issue tied to the remotesupport user account, allowing a remote, low-privilege attacker to access data under the /ifs directory via most protocols. The documents do not provide ...

8.8CVSS8.6AI score0.00593EPSS
CVE
CVE
added 2021/02/09 9:25 p.m.62 views

CVE-2021-21502

Affected products: Dell PowerScale OneFS 8.1.0–9.1.0. Vulnerability: use of an SSH key past account expiration tied to the ISI_PRIV_AUTH_SSH RBAC privilege, enabling a user with an expired account to access the same content as before expiration. Impact (per sources): potential access with high im...

9.8CVSS9AI score0.01412EPSS
CVE
CVE
added 2023/04/04 10:28 a.m.61 views

CVE-2023-25942

Dell PowerScale OneFS versions 8.2.x–9.4.x contain an uncontrolled resource consumption vulnerability in SMB that can be exploited by a malicious network user with low privileges to cause denial of service. Root cause is a resource management error; impact is availability (CVE-2023-25942). Exploi...

6.5CVSS6.3AI score0.00605EPSS
CVE
CVE
added 2021/11/12 10:15 p.m.60 views

CVE-2021-36305

Dell PowerScale OneFS is affected by CVE-2021-36305 due to unsynchronized access to shared data in a multithreaded SMB CA handling path. The vulnerability could allow an authenticated SMB user on a cluster with CA to cause a denial of service over SMB. The provided documents describe the issue an...

6.5CVSS6.3AI score0.00805EPSS
CVE
CVE
added 2016/04/06 11:0 p.m.59 views

CVE-2016-1346

The CVE-2016-1346 entry concerns Cisco TelePresence Server running on Mobility Services Engine (MSE) 8710, with affected software versions 3.0 through 4.2(4.18). The root cause is improper handling of a crafted sequence of IPv6 packets in the kernel, allowing an unauthenticated remote attacker to...

7.1CVSS5.5AI score0.01592EPSS
CVE
CVE
added 2021/02/09 9:25 p.m.59 views

CVE-2020-26192

Dell EMC PowerScale OneFS versions 8.2.0–9.1.0 contain a local privilege-escalation vulnerability. A non-admin user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH could potentially read arbitrary data, tamper with system software, or cause a denial of service. Affected products/versions and pr...

7.8CVSS7.7AI score0.00293EPSS
CVE
CVE
added 2021/02/09 9:25 p.m.59 views

CVE-2020-26196

CVE-2020-26196 │ Dell EMC PowerScale OneFS (versions 8.1.0–9.1.0) contains a Backups/Restore Privilege implementation issue. A user with the BackupAdmin role may exploit this to write data outside of the intended file-system locations. This is documented across multiple sources (NVD, CNVD, PRION,...

5.5CVSS5.5AI score0.00269EPSS
CVE
CVE
added 2016/04/06 11:0 p.m.58 views

CVE-2015-6312

Cisco TelePresence Server 3.1 (on 7010, MSE 8710, Multiparty Media 310/320 and VM devices) is affected by CVE-2015-6312 due to improper processing of malformed STUN packets. An unauthenticated, remote attacker could cause a denial of service by forcing the device to reload, which also disrupts on...

7.8CVSS7.4AI score0.01931EPSS
CVE
CVE
added 2021/02/09 9:25 p.m.58 views

CVE-2020-26193

Dell EMC PowerScale OneFS 8.1.0–9.1.0 contains an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege can exploit this to execute arbitrary OS commands on the underlying OS of the application, with the vulnerable application's privileges. Affected product is Dell E...

7.8CVSS7.8AI score0.0048EPSS
Total number of security vulnerabilities84