Dell Powerscale Onefs vulnerabilities

CVE-2024-32853 [HIGH] CWE-250 CVE-2024-32853: Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privile Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

CVE-2024-32852 [HIGH] CWE-327 CVE-2024-32852: Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographi Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographic algorithm vulnerability. An unprivileged network malicious attacker could potentially exploit this vulnerability, leading to data leaks.

CVE-2024-37133 [MEDIUM] CWE-269 CVE-2024-37133: Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vuln Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access.

CVE-2024-37126 [MEDIUM] CWE-269 CVE-2024-37126: Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vuln Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access.

CVE-2024-32854 [MEDIUM] CWE-269 CVE-2024-32854: Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vuln Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to privilege escalation.

CVE-2024-37134 [MEDIUM] CWE-266 CVE-2024-37134: Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vuln Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.

CVE-2024-37132 [MEDIUM] CWE-266 CVE-2024-37132: Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vul Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Elevation of privileges.

CVE-2024-29170 [HIGH] CWE-798 CVE-2024-29170: Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnera Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure of network traffic and denial of service.

CVE-2024-25968 [HIGH] CWE-327 CVE-2024-25968: Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptograph Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.

CVE-2024-25966 [HIGH] CWE-241 CVE-2024-25966: Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected dat Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected data type vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

CVE-2024-25965 [MEDIUM] CWE-73 CVE-2024-25965: Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or pa Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service.

CVE-2024-25969 [MEDIUM] CWE-770 CVE-2024-25969: Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without lim Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without limits or throttling vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

CVE-2024-25970 [MEDIUM] CWE-20 CVE-2024-25970: Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation vulnerabi Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to loss of integrity.

CVE-2024-25967 [MEDIUM] CWE-250 CVE-2024-25967: Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileg Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

CVE-2024-25960 [HIGH] CWE-319 CVE-2024-25960: Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitiv Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

CVE-2024-25963 [HIGH] CWE-327 CVE-2024-25963: Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic alg Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.

CVE-2024-25954 [HIGH] CWE-613 CVE-2024-25954: Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

CVE-2024-25952 [MEDIUM] CWE-61 CVE-2024-25952: Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) foll Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.

CVE-2024-25959 [MEDIUM] CWE-532 CVE-2024-25959: Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive informatio Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges.

CVE-2024-25961 [MEDIUM] CWE-269 CVE-2024-25961: Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vul Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.