Dell Powerscale Onefs vulnerabilities
171 known vulnerabilities affecting dell/powerscale_onefs.
Total CVEs
171
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL15HIGH62MEDIUM87LOW7
Vulnerabilities
Page 8 of 9
CVE-2021-36305MEDIUMCVSS 6.5v8.2.0, 8.2.1, 9.0.0.x, 9.2.0.x, 9.1.1.x, 8.2.2, 9.1.0.x , 9.2.1.x2021-11-12
CVE-2021-36305 [MEDIUM] CWE-662 CVE-2021-36305: Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in
Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB.
cvelistv5nvd
CVE-2021-36281HIGHCVSS 8.8v8.2.x - 9.2.x2021-08-16
CVE-2021-36281 [HIGH] CWE-732 CVE-2021-36281: Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerab
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges.
cvelistv5nvd
CVE-2021-36279HIGHCVSS 7.8v8.2.x - 9.2.x2021-08-16
CVE-2021-36279 [HIGH] CWE-732 CVE-2021-36279: Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for crit
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.
cvelistv5nvd
CVE-2021-21594MEDIUMCVSS 5.3v8.2.2 - 9.1.0.x2021-08-16
CVE-2021-21594 [MEDIUM] CWE-598 CVE-2021-21594: Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive qu
Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity.
cvelistv5nvd
CVE-2021-21595MEDIUMCVSS 6.7v8.2.x - 9.1.1.x2021-08-16
CVE-2021-21595 [MEDIUM] CWE-77 CVE-2021-21595: Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special ele
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunit
cvelistv5nvd
CVE-2021-21599MEDIUMCVSS 6.7v8.2.x - 9.2.1.x2021-08-16
CVE-2021-21599 [MEDIUM] CWE-78 CVE-2021-21599: Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. Th
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgra
cvelistv5nvd
CVE-2021-21592MEDIUMCVSS 6.5v8.2.x - 9.2.x2021-08-16
CVE-2021-21592 [MEDIUM] CWE-755 CVE-2021-21592: Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remot
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure.
cvelistv5nvd
CVE-2021-36278MEDIUMCVSS 5.5v8.2.x, 9.1.0.x2021-08-16
CVE-2021-36278 [MEDIUM] CWE-532 CVE-2021-36278: Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information expos
Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access sensitive information. If any third-party consumes those logs, the same
cvelistv5nvd
CVE-2021-21568MEDIUMCVSS 4.3v8.2.x - 9.2.x2021-08-16
CVE-2021-21568 [MEDIUM] CVE-2021-21568: Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An a
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISI_PRIV_LOGIN_PAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change.
cvelistv5nvd
CVE-2021-36280MEDIUMCVSS 5.5v8.2.x - 9.2.x2021-08-16
CVE-2021-36280 [MEDIUM] CWE-732 CVE-2021-36280: Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for crit
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.
cvelistv5nvd
CVE-2021-36282LOWCVSS 3.3v8.2.x - 9.1.0.x2021-08-16
CVE-2021-36282 [LOW] CWE-908 CVE-2021-36282: Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerabi
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions.
cvelistv5nvd
CVE-2021-21567HIGHCVSS 7.8v9.0.0.0v9.1.0.0+1 more2021-08-10
CVE-2021-21567 [HIGH] CWE-732 CVE-2021-21567: Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow
Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege.
cvelistv5nvd
CVE-2021-21553HIGHCVSS 8.8≥ 8.1.0, ≤ 9.1.0v8.1.0-9.1.02021-08-03
CVE-2021-21553 [HIGH] CWE-286 CVE-2021-21553: Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under
Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest.
cvelistv5nvd
CVE-2021-21563MEDIUMCVSS 6.5v8.1.2-9.1.0.x2021-08-03
CVE-2021-21563 [MEDIUM] CWE-754 CVE-2021-21563: Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper Check for Unusual or Exceptiona
Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper Check for Unusual or Exceptional Conditions in its auditing component.This can lead to an authenticated user with low-privileges to trigger a denial of service event.
cvelistv5nvd
CVE-2021-21565MEDIUMCVSS 5.3≤ 9.1.0.3≥ unspecified, ≤ 9.1.0.32021-08-03
CVE-2021-21565 [MEDIUM] CWE-400 CVE-2021-21565: Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartC
Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.
cvelistv5nvd
CVE-2021-21562MEDIUMCVSS 4.4v8.1.2, 8.1.3, 9.1.0.x, 9.0.0.x2021-08-03
CVE-2021-21562 [MEDIUM] CWE-426 CVE-2021-21562: Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows
Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application’s direct control.
cvelistv5nvd
CVE-2020-26180HIGHCVSS 8.8≥ unspecified, < OneFS 8.1.2, 8.2.2, 9.0+2021-07-28
CVE-2020-26180 [HIGH] CWE-276 CVE-2020-26180: Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported versi
Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols.
cvelistv5nvd
CVE-2021-21550MEDIUMCVSS 6.7≥ unspecified, < 8.2.x, 9.1.x2021-05-06
CVE-2021-21550 [MEDIUM] CWE-78 CVE-2021-21550: Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in
Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.
cvelistv5nvd
CVE-2021-21527MEDIUMCVSS 6.7≥ unspecified, < 9.0.0 / 9.1.0 / 9.2.02021-05-06
CVE-2021-21527 [MEDIUM] CWE-78 CVE-2021-21527: Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an
Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.
cvelistv5nvd
CVE-2020-26197CRITICALCVSS 9.1v8.1.0-9.1.02021-04-20
CVE-2020-26197 [CRITICAL] CWE-326 CVE-2020-26197: Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vuln
Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider.
cvelistv5nvd