Headline
CVE-2022-34439: DSA-2022-245: Dell EMC PowerScale OneFS Security Update for Multiple Security Updates
Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node.
Vaikutus
Critical
Tiedot
Proprietary Code CVE(s)
Description
CVSS Base Score
CVSS Vector String
CVE-2022-34437
Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters.
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34438
Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters.
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34439
Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node.
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Third-Party Component
CVE(s)
CVSS Vector String
Intel Platform
CVE-2021-0148
Intel-SA-00535
CVE-2021-0092
Intel-SA-00527
CVE-2021-0093
CVE-2021-0099
CVE-2021-0103
CVE-2021-0107
CVE-2021-0111
CVE-2021-0114
CVE-2021-0115
CVE-2021-0116
CVE-2021-0117
CVE-2021-0118
CVE-2021-0124
CVE-2021-0125
CVE-2021-0127
CVE-2021-0060
CVE-2021-00147
CVE-2020-24511
Intel-SA-00463
CVE-2020-24512
CVE-2020-12357
Intel-SA-00464
CVE-2020-12358
CVE-2020-12360
CVE-2020-24486
CVE-2021-0144
Intel-SA-00525
CVE-2020-0591, CVE-2020-0592, CVE-2020-0593
Intel-SA-00358
CVE-2020-0587, CVE-2020-0588, CVE-2020-0590, CVE-2020-8764, CVE-2020-8738, CVE-2020-8739, CVE-2020-8740
Intel-SA-00390
CVE-2020-8705, CVE-2020-8755
Intel-SA-00391
CVE-2020-8696
Intel-SA-00381
Cyrus SASL
CVE-2022-24407
See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
CVE-2019-19906
CVE-2013-4122
Proprietary Code CVE(s)
Description
CVSS Base Score
CVSS Vector String
CVE-2022-34437
Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters.
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34438
Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters.
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34439
Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node.
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Third-Party Component
CVE(s)
CVSS Vector String
Intel Platform
CVE-2021-0148
Intel-SA-00535
CVE-2021-0092
Intel-SA-00527
CVE-2021-0093
CVE-2021-0099
CVE-2021-0103
CVE-2021-0107
CVE-2021-0111
CVE-2021-0114
CVE-2021-0115
CVE-2021-0116
CVE-2021-0117
CVE-2021-0118
CVE-2021-0124
CVE-2021-0125
CVE-2021-0127
CVE-2021-0060
CVE-2021-00147
CVE-2020-24511
Intel-SA-00463
CVE-2020-24512
CVE-2020-12357
Intel-SA-00464
CVE-2020-12358
CVE-2020-12360
CVE-2020-24486
CVE-2021-0144
Intel-SA-00525
CVE-2020-0591, CVE-2020-0592, CVE-2020-0593
Intel-SA-00358
CVE-2020-0587, CVE-2020-0588, CVE-2020-0590, CVE-2020-8764, CVE-2020-8738, CVE-2020-8739, CVE-2020-8740
Intel-SA-00390
CVE-2020-8705, CVE-2020-8755
Intel-SA-00391
CVE-2020-8696
Intel-SA-00381
Cyrus SASL
CVE-2022-24407
See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
CVE-2019-19906
CVE-2013-4122
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
CVE(s) Addressed
Product
Affected Version(s)
Updated Version(s)
Link to Update
CVE-2021-0148
F600 with Intel P4510 2TB and 4TB ISE drives
PowerScale OneFS Versions:
9.4.0.x
9.3.0.x
9.2.1.x
9.2.0.x
9.1.0.x
9.0.0.x
Drive Support Package versions prior to 1.42.3
Download and install >= Drive Support Package 1.42.3.
PowerScale OneFS Downloads Area
CVE-2021-0092
A200, A2000, A300, A3000, F200, F600, F800, F810, F900, H400, H500, H5600, H600, H700, H7000, B100, P100
PowerScale OneFS Versions:
9.4.0.x
9.3.0.x
9.2.1.x
9.2.0.x
9.1.0.x
9.0.0.x
Node Firmware Package versions prior to 11.5.1
Download and install the latest Node Firmware Package version >= 11.5.1.
CVE-2021-0093
CVE-2021-0099
CVE-2021-0103
CVE-2021-0107
CVE-2021-0111
CVE-2021-0114
CVE-2021-0115
CVE-2021-0116
CVE-2021-0117
CVE-2021-0118
CVE-2021-0124
CVE-2021-0125
CVE-2021-0127
CVE-2021-0060
CVE-2021-00147
A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000
CVE-2020-24511
A300, A3000, H700, H7000
CVE-2020-12358
CVE-2020-12360
A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000
CVE-2020-24486
A300, A3000, H700, H7000
CVE-2021-0144
A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000
CVE-2020-0591
A2000, A200, H400, H500, H600, F800, F900, F200, F600, B100, and P100
CVE-2020-0592
CVE-2020-0593
A2000, A200, H400, F900, F200, F600, B100, and P100
CVE-2020-8738
CVE-2020-8739
CVE-2020-8740
CVE-2020-8764
CVE-2020-0587
F900, F200, F600, B100, and P100
CVE-2020-0588
CVE-2020-0590
CVE-2020-8705
CVE-2020-8755
CVE-2020-8696
CVE-2022-24407
PowerScale OneFS
9.1.0.0 through 9.1.0.21
9.2.1.0 through 9.2.1.15
9.3.0.0 through 9.3.0.7
9.4.0.0 through 9.4.0.5
Download and install the latest RUP.
>= 9.1.0.22
>= 9.2.1.16
>= 9.3.0.8
>= 9.4.0.6
CVE-2019-19906
CVE-2013-4122
Any other version
Upgrade your version of PowerScale OneFS.
CVE-2022-34437
PowerScale OneFS
9.1.0.0 through 9.1.0.21
9.2.1.0 through 9.2.1.15
9.3.0.0 through 9.3.0.7
Download and install the latest RUP.
>= 9.1.0.22
>= 9.2.1.16
>= 9.3.0.8
Any other version
Upgrade your version of PowerScale OneFS.
CVE-2022-34438
PowerScale OneFS
9.1.0.0 through 9.1.0.22
9.2.1.0 through 9.2.1.15
9.3.0.0 through 9.3.0.7
9.4.0.0 through 9.4.0.5
Download and install the latest RUP.
>= 9.1.0.23
>= 9.2.1.16
>= 9.3.0.8
>= 9.4.0.6
Any other version
Upgrade your version of PowerScale OneFS.
CVE-2022-34439
PowerScale OneFS
9.1.0.0 through 9.1.0.22
9.2.1.0 through 9.2.1.16
9.3.0.0 through 9.3.0.7
9.4.0.0 through 9.4.0.5
Download and install the latest RUP.
>= 9.1.0.23
>= 9.2.1.16
>= 9.3.0.8
>= 9.4.0.6
Any other version
Upgrade your version of PowerScale OneFS or apply the steps listed in the “Workaround and Mitigations” in the next table.
CVE(s) Addressed
Product
Affected Version(s)
Updated Version(s)
Link to Update
CVE-2021-0148
F600 with Intel P4510 2TB and 4TB ISE drives
PowerScale OneFS Versions:
9.4.0.x
9.3.0.x
9.2.1.x
9.2.0.x
9.1.0.x
9.0.0.x
Drive Support Package versions prior to 1.42.3
Download and install >= Drive Support Package 1.42.3.
PowerScale OneFS Downloads Area
CVE-2021-0092
A200, A2000, A300, A3000, F200, F600, F800, F810, F900, H400, H500, H5600, H600, H700, H7000, B100, P100
PowerScale OneFS Versions:
9.4.0.x
9.3.0.x
9.2.1.x
9.2.0.x
9.1.0.x
9.0.0.x
Node Firmware Package versions prior to 11.5.1
Download and install the latest Node Firmware Package version >= 11.5.1.
CVE-2021-0093
CVE-2021-0099
CVE-2021-0103
CVE-2021-0107
CVE-2021-0111
CVE-2021-0114
CVE-2021-0115
CVE-2021-0116
CVE-2021-0117
CVE-2021-0118
CVE-2021-0124
CVE-2021-0125
CVE-2021-0127
CVE-2021-0060
CVE-2021-00147
A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000
CVE-2020-24511
A300, A3000, H700, H7000
CVE-2020-12358
CVE-2020-12360
A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000
CVE-2020-24486
A300, A3000, H700, H7000
CVE-2021-0144
A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000
CVE-2020-0591
A2000, A200, H400, H500, H600, F800, F900, F200, F600, B100, and P100
CVE-2020-0592
CVE-2020-0593
A2000, A200, H400, F900, F200, F600, B100, and P100
CVE-2020-8738
CVE-2020-8739
CVE-2020-8740
CVE-2020-8764
CVE-2020-0587
F900, F200, F600, B100, and P100
CVE-2020-0588
CVE-2020-0590
CVE-2020-8705
CVE-2020-8755
CVE-2020-8696
CVE-2022-24407
PowerScale OneFS
9.1.0.0 through 9.1.0.21
9.2.1.0 through 9.2.1.15
9.3.0.0 through 9.3.0.7
9.4.0.0 through 9.4.0.5
Download and install the latest RUP.
>= 9.1.0.22
>= 9.2.1.16
>= 9.3.0.8
>= 9.4.0.6
CVE-2019-19906
CVE-2013-4122
Any other version
Upgrade your version of PowerScale OneFS.
CVE-2022-34437
PowerScale OneFS
9.1.0.0 through 9.1.0.21
9.2.1.0 through 9.2.1.15
9.3.0.0 through 9.3.0.7
Download and install the latest RUP.
>= 9.1.0.22
>= 9.2.1.16
>= 9.3.0.8
Any other version
Upgrade your version of PowerScale OneFS.
CVE-2022-34438
PowerScale OneFS
9.1.0.0 through 9.1.0.22
9.2.1.0 through 9.2.1.15
9.3.0.0 through 9.3.0.7
9.4.0.0 through 9.4.0.5
Download and install the latest RUP.
>= 9.1.0.23
>= 9.2.1.16
>= 9.3.0.8
>= 9.4.0.6
Any other version
Upgrade your version of PowerScale OneFS.
CVE-2022-34439
PowerScale OneFS
9.1.0.0 through 9.1.0.22
9.2.1.0 through 9.2.1.16
9.3.0.0 through 9.3.0.7
9.4.0.0 through 9.4.0.5
Download and install the latest RUP.
>= 9.1.0.23
>= 9.2.1.16
>= 9.3.0.8
>= 9.4.0.6
Any other version
Upgrade your version of PowerScale OneFS or apply the steps listed in the “Workaround and Mitigations” in the next table.
Keinoja ongelman kiertämiseen tai lieventämiseen
CVE
Workarounds
CVE-2022-34439
This vulnerability only applies to
- ethernet backend cluster and
- single (non-redundant) backend configuration
Disable LBFO by issuing this command:
if $(isi cluster internal-networks view | grep -q “Failover Status: disabled” ) && $(isi cluster internal-networks view | grep -q “Fabric: Ethernet”); then echo; echo “Disabling service, please re-enable after upgrade to fixed version” ; isi services isi_lbfo_d disable ; else echo; echo “Not impacted” ; fi
After patch applied or upgrade to a version with the issue resolved, revert this mitigation with command:
#isi services isi_lbfo_d enable
Note: This is required prior to future configurations using redundant backend interfaces
Versiohistoria
Revision
Date
Description
1.0
2022-10-13
Initial Release
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Isilon A200, Isilon A2000, Isilon F800, Isilon F810, Isilon H400, Isilon H500, Isilon H5600, Isilon H600, PowerScale Archive A300, PowerScale Archive A3000, PowerScale B100, PowerScale F200, PowerScale F600, PowerScale F900, PowerScale Hybrid H700Näytä lisää
14 lokak. 2022
Related news
Gentoo Linux Security Advisory 202402-22 - Multiple vulnerabilities have been discovered in intel-microcode, the worst of which can lead to privilege escalation. Versions greater than or equal to 20230214_p20230212 are affected.
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Red Hat OpenShift Container Platform release 4.11.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21235: A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands o...
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges.
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters.
Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application.
Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.
Red Hat Security Advisory 2022-5924-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring.
An update is now available for Service Telemetry Framework 1.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Red Hat Security Advisory 2022-5840-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
The Migration Toolkit for Containers (MTC) 1.7.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1365: cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group
Ubuntu Security Notice 5535-1 - Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. A local attacker could use this to escalate privileges.
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).
Red Hat Security Advisory 2022-5132-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.
Ubuntu Security Notice 5486-1 - It was discovered that some Intel processors did not implement sufficient control flow management. A local attacker could use this to cause a denial of service. Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. A local attacker could use this to escalate privileges.
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution.
Red Hat Security Advisory 2022-4668-01 - Red Hat OpenShift Virtualization release 4.10.1 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
Improper input validation in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
Improper input validation in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
Improper input validation in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
Improper input validation in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access.
Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access.
Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access.
Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access.
Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.