Dell Powerscale Onefs vulnerabilities

CVE-2024-25953 [MEDIUM] CWE-61 CVE-2024-25953: Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) foll Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.

CVE-2024-25964 [HIGH] CWE-385 CVE-2024-25964: Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remot Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

CVE-2024-22463 [CRITICAL] CWE-327 CVE-2024-22463: Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algori Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to compromise of confidentiality and integrity of sensitive information

CVE-2024-24901 [LOW] CWE-778 CVE-2024-24901: Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local m Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period.

CVE-2024-22449 [HIGH] CWE-306 CVE-2024-22449: Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critic Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access.

CVE-2024-22430 [MEDIUM] CWE-276 CVE-2024-22430: Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vuln Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service.

CVE-2023-44288 [HIGH] CWE-664 CVE-2023-44288: Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, leading to denial of service.

CVE-2023-44295 [HIGH] CWE-664 CVE-2023-44295: Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource t Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to loss of information, and information disclosure.

CVE-2023-43087 [MEDIUM] CWE-280 CVE-2023-43087: Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissi Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure.

CVE-2023-43076 [MEDIUM] CWE-401 CVE-2023-43076: Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. A low privi Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. A low privilege remote attacker could potentially exploit this vulnerability to cause an out of memory (OOM) condition.

CVE-2023-32457 [HIGH] CWE-267 CVE-2023-32457: Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerab Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentially exploit this vulnerability, leading to escalation of privileges.

CVE-2023-32493 [CRITICAL] CWE-693 CVE-2023-32493: Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileg Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution.

CVE-2023-32492 [HIGH] CWE-276 CVE-2023-32492: Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privil Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files.

CVE-2023-32486 [HIGH] CWE-250 CVE-2023-32486: Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. A low privilege l Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. A low privilege local attacker could potentially exploit this vulnerability, leading to escalation of privileges.

CVE-2023-32495 [HIGH] CWE-200 CVE-2023-32495: Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability. An authorized local attacker could potentially exploit this vulnerability, leading to escalation of privileges.

CVE-2023-32487 [HIGH] CWE-269 CVE-2023-32487: Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. A low pri Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service, code execution and information disclosure.

CVE-2023-32494 [MEDIUM] CWE-274 CVE-2023-32494: Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulner Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.

CVE-2023-32490 [MEDIUM] CWE-269 CVE-2023-32490: Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability. A high pr Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability. A high privilege local attacker could potentially exploit this vulnerability, leading to system takeover.

CVE-2023-32489 [MEDIUM] CWE-280 CVE-2023-32489: Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker wi Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain elevated privileges.

CVE-2023-32491 [MEDIUM] CWE-532 CVE-2023-32491: Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnera Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure.