93 matches found
CVE-2025-27690
Dell PowerScale OneFS contains a default-password vulnerability affecting versions 9.5.0.0–9.10.1.0. An unauthenticated remote attacker could potentially take over a high-privilege account due to use of default credentials. The issue is documented with a CVSSv3.1 base score of 9.8 (CRITICAL) and ...
CVE-2024-25953
Dell PowerScale OneFS vulnerable to a local symbolik link (symlink) following issue in versions 9.4.0.x–9.7.0.x. Root cause: tracking/handling of UNIX symbolic links allows a highly privileged, local attacker to cause DoS and tamper with data (integrity) and DoS (availability). Impact per sources...
CVE-2024-53298
CVE-2024-53298 affects Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1. The issue is a missing authorization vulnerability in the NFS export that could allow an unauthenticated attacker with remote access to read, modify, and delete arbitrary files, leading to unauthorized filesystem acc...
CVE-2024-25964
CVE-2024-25964 affects Dell PowerScale OneFS 9.5.0.x through 9.7.0.x. The issue is described as a covert timing channel vulnerability that could enable a remote, unauthenticated attacker to trigger a denial of service. The available connected sources consistently identify the affected software (P...
CVE-2024-24901
CVE-2024-24901 affects Dell PowerScale OneFS 8.2.x–9.6.0.x with an insufficient logging vulnerability that allows a local high-privilege attacker to cause audit messages to be lost/unrecorded for a period. Root cause: inadequate audit logging coverage. Impact: potential gaps in auditing (low seve...
CVE-2024-25961
CVE-2024-25961 concerns Dell PowerScale OneFS, a Dell NAS operating system. Affected versions are 8.2.2.x through 9.7.0.x, where an improper privilege management vulnerability could allow a local, high-privilege attacker to escalate privileges (local escalation). The impact is described as privil...
CVE-2024-22463
Dell PowerScale OneFS versions 8.2.x through 9.6.0.x are affected by a vulnerability described as the use of a broken or risky cryptographic algorithm, which can lead to disclosure and integrity concerns for sensitive data. The issue is triggered by the software’s cryptographic implementation rat...
CVE-2024-25967
CVE-2024-25967 affects Dell PowerScale OneFS versions 8.2.x–9.7.0.1 with an execution flow that grants unnecessary privileges, enabling local attackers with high privileges to escalate rights. The root cause is described as access control issues leading to privilege escalation. Exploitation detai...
CVE-2024-25952
Dell PowerScale OneFS is affected by a local, high-privilege symbolic link (symlink) following vulnerability in versions 8.2.2.x through 9.7.0.x. The issue allows a local attacker with high privileges to potentially cause denial of service and tamper with information. Exploitation details are not...
CVE-2022-31230
The CVE-2022-31230 entry concerns Dell PowerScale OneFS (versions 8.2.x–9.2.x) with a broken or risky cryptographic algorithm. The vulnerability could allow a remote unprivileged attacker to gain full system access. The issue is documented in NVD and supported by Dell EMC advisory DSA-2022-118. T...
CVE-2024-32852
CVE-2024-32852 (Dell PowerScale OneFS) affects PowerScale OneFS versions 8.2.2.x through 9.7.0.0, where a broken or risky cryptographic algorithm is used. An unprivileged network attacker could potentially exploit this to cause data leaks. Connected documents (DSA-2024-255, Nessus plugin 277546) ...
CVE-2022-29098
Dell PowerScale OneFS versions 8.2.0.x–9.3.0.x contain a weak password requirement that allows an administrator to create an account with no password, potentially enabling remote user account compromise. This is supported by multiple sources (NVD, CVE record, and vendor references). The risk is d...
CVE-2023-32489
Dell PowerScale OneFS (versions 8.2x–9.5x) is affected by a privilege-escalation vulnerability that a local, highly privileged attacker could exploit to bypass mode protections and gain elevated privileges. The PT-2023-23822 entry mirrors the CVE-2023-32489 details and confirms the affected range...
CVE-2025-22471
CVE-2025-22471 affects Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, where an integer overflow or wraparound in an input validation path can be triggered by an unauthenticated, remotely accessible attacker to cause a denial of service. The issue is described in multiple sources as an ...
CVE-2025-26330
Dell PowerScale OneFS, versions 9.4.0.0–9.10.0.1, contains an authorization logic error where an unauthenticated, locally-present attacker could access cluster resources with the historical privileges of a disabled account. Root cause described as incorrect authorization/disabled-state verificati...
CVE-2025-30102
Dell PowerScale OneFS contains an out-of-bounds write vulnerability affecting versions 9.4.0.0 through 9.10.1.0. The flaw allows a local, low-privileged attacker to trigger a denial of service. Connected sources corroborate the issue across multiple CVE feeds (NVD/Red Hat/CNVD, Nessus) with the s...
CVE-2022-31229
CVE-2022-31229 affects Dell PowerScale OneFS, versions 8.2.x through 9.3.0.x, due to an error message that exposes sensitive information. This leads to potential information disclosure. No exploitation details are provided in the documents. Remediation is available via Dell EMC security update (D...
CVE-2025-23378
CVE-2025-23378 concerns Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, and describes an information disclosure due to a directory listing exposure. The root cause is exposure of directory listing information that a low-privileged, locally deployed attacker could leverage to access sens...
CVE-2025-26479
Dell PowerScale OneFS contains an out-of-bounds write vulnerability affecting versions 9.4.0.0 through 9.10.0.0, exploitable via NFS workflows and potentially causing data integrity issues. The issue stems from an application boundary error when processing untrusted input. Public references consi...
CVE-2025-26480
CVE-2025-26480 affects Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0. The issue is an uncontrolled resource consumption that could allow an unauthenticated attacker with remote access to cause a denial of service. A fix is available in later builds; current guidance is to update to a v...
CVE-2024-25959
Summary: CVE-2024-25959 affects Dell PowerScale OneFS 9.4.0.x–9.7.0.x, where sensitive information can be inserted into log files, enabling a low-privileged local attacker to disclose data and potentially escalate privileges. The root cause is a log information disclosure vulnerability in OneFS. ...
CVE-2024-25968
Dell PowerScale OneFS (versions 8.2.x–9.7.0.2) is affected by a vulnerability due to defective cryptographic algorithms that could allow a remote unauthenticated attacker to cause information disclosure. The exploitation details are not provided in the document, and the entry notes that a fix exi...
CVE-2024-32854
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 are affected by CVE-2024-32854 due to improper privilege management, enabling a local high-privilege attacker to escalate to root. Connected sources (DSA-2024-255 and related entries) confirm the affected range and local-exploitability, but d...
CVE-2024-37133
CVE-2024-37133 affects Dell PowerScale OneFS versions 8.2.2.x–9.8.0.0 due to an improper privilege management flaw. A local, high-privilege attacker could gain root-level access . The connected Nessus entries (DSA-2024-255) corroborate the vulnerability but do not specify a fixed version or patch...
CVE-2024-47239
CVE-2024-47239 affects Dell PowerScale OneFS 8.2.2.x–9.9.0.0. The issue is an uncontrolled resource consumption that enables a remote, low-privilege attacker to cause a denial of service. The root cause is described as a Resource Management Error; no exploit details are provided in the documents....
CVE-2024-25965
Dell PowerScale OneFS (versions 8.2.x–9.7.0.2) contains an external control of file name or path vulnerability. A local high-privilege attacker could exploit this to cause denial of service. Impact is aligned with local access and high-privilege requirements; no in-wild exploit details are provid...
CVE-2024-37134
Dell PowerScale OneFS 8.2.2.x–9.8.0.0 is affected by an improper privilege management vulnerability (CVE-2024-37134). The issue can allow a local, high-privileged attacker to escalate to root. The Nessus/DSA-2024-255 entry corroborates the affected version range and the local-privilege escalation...
CVE-2024-49603
CVE-2024-49603 affects Dell PowerScale OneFS versions 8.2.2.x–9.9.0.x and is caused by an incorrectly specified argument vulnerability that could allow a remote, low-privileged user to disclose information. Connected sources confirm the affected product and impact; one source notes exploitation i...
CVE-2024-25966
CVE-2024-25966 concerns Dell PowerScale OneFS versions 8.2.x–9.7.0.2 with an improper handling of an unexpected data type. This leads to a potential denial of service from a remote, unauthenticated attacker, as stated in the CVE description. Connected sources confirm Dell PowerScale OneFS is the ...
CVE-2024-37132
Dell PowerScale OneFS
CVE-2025-30101
Dell PowerScale OneFS versions 9.8.0.0 through 9.10.1.0 are affected by a time-of-check/time-of-use (TOCTOU) race condition. An unauthenticated attacker with local access could exploit this to cause denial of service and information tampering. Confirmed details from multiple sources (NVD/NASL; Re...
CVE-2024-25970
CVE-2024-25970 affects Dell PowerScale OneFS 8.2.x–9.7.0.1. The root cause is improper/input validation in PowerScale OneFS, allowing a low-privilege remote attacker to impact integrity. Documents specify exploitation status as not publicly detailed, and do not provide confirmed in-the-wild explo...
CVE-2024-39579
CVE-2024-39579 affects Dell PowerScale OneFS 8.2.2.x–9.8.0.0, with an incorrect privilege assignment vulnerability that could allow a local, high-privilege attacker to obtain root-level access. The connected documents provide specific affected versions and the local exploit scenario; exploitation...
CVE-2021-21553
CVE-2021-21553 affects Dell PowerScale OneFS versions 8.1.0–9.1.0 and is described as an Incorrect User Management vulnerability that can let a CompAdmin elevate privileges and break out of Compliance mode under certain conditions. The connected sources corroborate an Elevation of Privilege risk ...
CVE-2021-21567
Summary: Dell PowerScale OneFS 9.1.0.x has an improper privilege management vulnerability that could let an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE escalate privileges. The issue is documented with CVSSv3 base score 7.8 (HIGH) and local access, with high impact to...
CVE-2024-32853
Dell PowerScale OneFS is affected (versions 8.2.2.x through 9.7.0.2) by an execution with unnecessary privileges vulnerability that can enable local privilege escalation by a low-privileged attacker. The connected Nessus entry DSA-2024-255 notes a missing vendor patch; remediation involves applyi...
CVE-2024-42426
Dell PowerScale OneFS (versions 9.5.0.x–9.8.0.x) contains an uncontrolled resource consumption vulnerability exploitable by a low-privilege remote attacker, potentially causing denial of service. Affected component is PowerScale OneFS OS; root cause is resource management/consumption issues descr...
CVE-2024-25954
Dell PowerScale OneFS (versions 9.5.0.x–9.7.0.x) contains an insufficient session expiration vulnerability that can be exploited remotely by an unauthenticated attacker to cause a denial of service. Evidence from multiple sources confirms the affected product and impact; the CVSS base metrics ind...
CVE-2024-39578
Summary: CVE-2024-39578 affects Dell PowerScale OneFS. The vulnerability is a UNIX symbolic link following issue that could allow a local high-privilege attacker to cause denial of service and information tampering on affected systems. Affected software: Dell PowerScale OneFS versions 8.2.2.x thr...
CVE-2024-25960
CVE-2024-25960 affects Dell PowerScale OneFS versions 8.2.2.x–9.7.0.x, where a cleartext transmission of sensitive information is possible. The root cause is plaintext data exposure enabling a local, low-privilege attacker to escalate privileges. Affected component: PowerScale OneFS operating sys...
CVE-2024-25969
Dell PowerScale OneFS contains an allocation of resources without limits or throttling vulnerability affecting versions 8.2.x–9.7.0.1. The issue allows a local, unauthenticated attacker to cause a denial of service via uncontrolled resource allocation. The most concrete details come from multiple...
CVE-2023-43076
CVE-2023-43076 affects Dell PowerScale OneFS 8.2.x and 9.0.0.x–9.5.0.x. The issue is described as a denial-of-service condition that can be triggered by a low-privilege remote attacker, leading to an out-of-memory (OOM) state. The available documents identify the vulnerable component and the impa...
CVE-2024-37126
Dell PowerScale OneFS versions 8.2.2.x–9.8.0.0 are affected by an improper privilege management vulnerability that can allow a local, high-privileged attacker to gain root-level access. The issue is tied to insufficient access control within the OneFS OS. A vendor security update referenced as DS...
CVE-2024-49602
CVE-2024-49602 affects Dell PowerScale OneFS versions 8.2.2.x–9.8.0.x, with an improper resource unlocking vulnerability that can allow a remote low-privilege attacker to cause a denial of service. The NVD entry assigns a CVSS v3.1 base score of 6.5 (Network, Low.user interaction required: none; ...
CVE-2022-34445
Dell PowerScale OneFS (versions 8.2.x–9.3.x) contains a weak encoding for a password, enabling a locally privileged attacker to potentially disclose information. Affected component is the password encoding mechanism; root cause is the weak encoding approach. The vulnerability is local-privilege-e...
CVE-2023-32491
Dell PowerScale OneFS 9.5.0.x is affected by a vulnerability where sensitive information can be inserted into SNMPv3 log files, enabling information disclosure via a low-privilege user. The root cause is exposure through log file writes in SNMPv3. Exploitation details are not provided in the docu...
CVE-2024-25963
Dell PowerScale OneFS (versions 8.2.2.x–9.5.0.x) has an encryption issue due to use of a broken cryptographic algorithm, enabling a remote unauthenticated attacker to potentially disclose information. Affected component is the OneFS cryptographic implementation; root cause described as broken alg...
CVE-2021-36350
CVE-2021-36350 concerns Dell PowerScale OneFS versions 8.2.2–9.3.0.x, which allegedly contain an authentication bypass due to a weakness in one of the authentication factors. The public documents describe a remote, unauthenticated attacker potentially bypassing authentication. The available sourc...
CVE-2023-25536
CVE-2023-25536 affects Dell PowerScale OneFS 9.4.0.x. The vulnerability is an information disclosure where an authenticated local user could exploit certificate management to obtain sensitive data, potentially leading to a system takeover. The CVSS vector (LOCAL, HIGH privileges, no user interact...
CVE-2021-21565
CVE-2021-21565 affects Dell PowerScale OneFS 9.1.0.3 and earlier. The DoS arises from an error condition in SmartConnect that can loop, consuming CPU and potentially blocking other SmartConnect DNS responses. The practical impact is availability degradation for affected deployments. Connected sou...