SB20240620122 - Multiple vulnerabilities in Dell PowerStore Family
Published: June 20, 2024 Updated: January 31, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 64 secuirty vulnerabilities.
1) Resource management error (CVE-ID: CVE-2021-22569)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application. protobuf-java allowes the interleaving of
com.google.protobuf.UnknownFieldSet fields in such a way that would be
processed out of order. A small malicious payload can occupy the parser
for several minutes by creating large numbers of short-lived objects
that cause frequent, repeated pauses. A remote attacker can trick the victim into passing specially crafted data to the application and perform a denial of service attack.
2) Double Free (CVE-ID: CVE-2022-4450)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the PEM_read_bio_ex() function. A remote attacker can pass specially crafted PEM file to the application, trigger a double free error and perform a denial of service (DoS) attack.
3) Use-after-free (CVE-ID: CVE-2023-0215)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the BIO_new_NDEF function. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.
4) Type Confusion (CVE-ID: CVE-2023-0286)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error related to X.400 address processing inside an X.509 GeneralName. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and perform a denial of service (DoS) attack or read memory contents.
In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
5) Improper Authorization (CVE-ID: CVE-2023-34058)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an error when handling SAML token signature. A remote attacker that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.
6) Improper access control (CVE-ID: CVE-2023-34059)
The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the vmware-user-suid-wrapper. A local attacker can hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
7) SQL injection (CVE-ID: CVE-2024-1597)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data when using the "PreferQueryMode=SIMPLE" option. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
8) Incorrect default permissions (CVE-ID: CVE-2022-41946)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to application stores files with sensitive information in system's temporary directory. A local user can read the files and gain access to sensitive information.
9) SQL injection (CVE-ID: CVE-2022-31197)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data within the java.sql.ResultRow.refreshRow() method when processing column names. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database using the statement terminator, e.g." ;".
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
10) Information disclosure (CVE-ID: CVE-2018-6594)
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information on the target system.The weakness exists in the ElGamal implementation in PyCrypto due to generation of weak ElGamal key parameters by the source code in the lib/Crypto/PublicKey/ElGamal.py file. A remote attacker can gain access to potentially sensitive information.
11) Input validation error (CVE-ID: CVE-2022-3171)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input containing multiple instances of non-repeated embedded messages with repeated or unknown fields. A remote attacker can cause objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses.
12) Integer overflow (CVE-ID: CVE-2020-36242)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when processing certain sequences of update calls to symmetrically encrypt multi-GB values. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Resource exhaustion (CVE-ID: CVE-2018-1000518)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling compressed data. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
14) Improper input validation (CVE-ID: CVE-2022-1941)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Connector/Python (Python) component in MySQL Connectors. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.
15) Improper input validation (CVE-ID: CVE-2021-22570)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Compiling (protobuf) component in MySQL Server. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.
16) Covert Timing Channel (CVE-ID: CVE-2020-25659)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
17) Inadequate encryption strength (CVE-ID: CVE-2023-48795)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to incorrect implementation of the SSH Binary Packet Protocol (BPP), which mishandles the handshake phase and the use of sequence numbers. A remote attacker can perform MitM attack and delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5.
The vulnerability was dubbed "Terrapin attack" and it affects both client and server implementations.
18) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-40217)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error in ssl.SSLSocket implementation when handling TLS client authentication. A remote attacker can trick the application to send data unencrypted.
19) Information disclosure (CVE-ID: CVE-2023-32681)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. A remote attacker can gain unauthorized access to sensitive information on the system.
20) Improper validation of certificate with host mismatch (CVE-ID: CVE-2020-14387)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists in Samba rsync due to the application does not verify the hostname in the server certificate in openssl mode. A remote attacker can supply any valid certificate for another hostname and intercept the traffic.
21) HTTP response splitting (CVE-ID: CVE-2021-33621)
The vulnerability allows a remote attacker to perform HTTP splitting attacks.
The vulnerability exists due to software does not corrector process CRLF character sequences when handling cookies. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.
Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.
22) Incorrect Regular Expression (CVE-ID: CVE-2023-28755)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing URLs. A remote attacker can pass specially crafted URL to the application and perform regular expression denial of service (ReDos) attack.
23) Incorrect Regular Expression (CVE-ID: CVE-2023-28756)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing strings that have specific characters. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
24) Information disclosure (CVE-ID: CVE-2023-4641)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to an error in gpasswd(1), which fails to clean memory properly. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. A local user with enough access can retrieve the password from the memory.
25) Path traversal (CVE-ID: CVE-2023-34478)
The vulnerability allows a remote attacker to bypass authentication.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and bypass authentication process, when used together with APIs or other web frameworks that route requests based on non-normalized requests.
26) Heap-based buffer overflow (CVE-ID: CVE-2023-2137)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in sqlite. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
27) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-46835)
The vulnerability allows a remote guest to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions caused by a mismatch in IOMMU quarantine page table levels. A device in quarantine mode can access data from previous quarantine page table usages, possibly leaking data used by previous domains that also had the device assigned.
28) Security features bypass (CVE-ID: CVE-2023-46836)
The vulnerability allows a remote guest to bypass implemented security restrictions.
The vulnerability exists due to improper implementation of mitigations against BTC/SRSO. A malicious guest can bypass BTC/SRSO protections and launch a BTC/SRSO attack against Xen, which can result in memory access to other guests.
29) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2022-4304)
The vulnerability allows a remote attacker to obtain sensitive information.
The vulnerability exists due to a timing based side channel exists in the OpenSSL RSA Decryption implementation. A remote attacker can perform a Bleichenbacher style attack and decrypt data sent over the network.
To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
30) Buffer overflow (CVE-ID: CVE-2021-41496)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the array_from_pyobj() function in fortranobject.c. A remote user can pass an array with negative values to the application and perform a denial of service (DoS) attack.
31) NULL pointer dereference (CVE-ID: CVE-2023-31083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the hci_uart_tty_ioctl() function in drivers/bluetooth/hci_ldisc.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
32) Insufficient verification of data authenticity (CVE-ID: CVE-2022-23491)
The vulnerability allows a remote attacker to bypass certificate validation checks.
The vulnerability exists due to presence of the TrustCor certificate in the Root Certificates list. the certificate is removed due to TrustCor's ownership also operated a business that produced spyware. Therefore, any checks that rely on digital signatures of trusted certificates were compromised.
33) Incorrect default permissions (CVE-ID: CVE-2023-2976)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions in com.google.common.io.FileBackedOutputStream. A local user with access to the system can view contents of files and directories or modify them.
34) Incorrect default permissions (CVE-ID: CVE-2020-8908)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for files located in the temporary directory set by the Guava com.google.common.io.Files.createTempDir(). A local user with access to the system can view contents of files and directories or modify them.
35) Input validation error (CVE-ID: CVE-2021-30004)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to insufficient validation of user-supplied input in tls/pkcs1.c and tls/x509v3.c files in wpa_supplicant and hostapd when handling AlgorithmIdentifier parameters. A remote attacker can pass specially crafted input to the application and perform MitM attack.
36) Information disclosure (CVE-ID: CVE-2017-5715)
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.
37) Improper input validation (CVE-ID: CVE-2023-35116)
The vulnerability allows a remote authenticated user to perform service disruption.
The vulnerability exists due to improper input validation within the Oracle Database Fleet Patching and Provisioning (jackson-databind) in Oracle Database Server. A remote authenticated user can exploit this vulnerability to perform service disruption.
38) Code Injection (CVE-ID: CVE-2022-21797)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the pre_dispatch flag in Parallel() class due to the eval() statement. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
39) Insufficient entropy (CVE-ID: CVE-2023-31582)
The vulnerability allows a remote attacker to brute-force JWT token.
The vulnerability exists due to usage of insufficient entropy when generating JWT token. A remote attacker can brute-force the JWT token and gain unauthorized access to the application.
40) Out-of-bounds read (CVE-ID: CVE-2023-39197)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Netfilter Connection Tracking (conntrack) in the Linux kernel in the nf_conntrack_dccp_packet() function in net/netfilter/nf_conntrack_proto_dccp.c. A remote attacker can send specially crafted DCCP packets to the system, trigger an out-of-bounds read error and read contents of memory on the system.
41) NULL pointer dereference (CVE-ID: CVE-2023-6176)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel API for the cryptographic algorithm scatterwalk functionality in scatterwalk_copychunks(). A local user can send a malicious packet with specific socket configuration and crash the OS kernel.
42) Out-of-bounds write (CVE-ID: CVE-2023-45863)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the fill_kobj_path() function in lib/kobject.c. A local user can can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
43) Buffer overflow (CVE-ID: CVE-2023-45871)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the IGB driver in drivers/net/ethernet/intel/igb/igb_main.c when handling frames larger than the MTU. A remote attacker can send specially crafted traffic to the system, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
44) Use-after-free (CVE-ID: CVE-2023-39198)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the QXL driver in the Linux kernel. A local privileged user can trigger a use-after-free error and escalate privileges on the system.
45) Out-of-bounds write (CVE-ID: CVE-2023-5717)
The vulnerability local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the Linux kernel's Linux Kernel Performance Events (perf) component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
46) Buffer overflow (CVE-ID: CVE-2021-33430)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the PyArray_NewFromDescr_int() function of ctors.c. A remote attacker can pass specially crafted data to the library and perform a denial of service (DoS) attack.
47) Integer overflow (CVE-ID: CVE-2022-48468)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within parse_required_member() function. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
48) Resource exhaustion (CVE-ID: CVE-2023-34462)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources if no idle timeout handler was configured. A remote attacker can send a client hello packet, which leads the server to buffer up to 16MB of data per connection and results in a denial of service condition.
49) Stack-based buffer overflow (CVE-ID: CVE-2022-3479)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the NSS_GetClientAuthData() function in /lib/ssl/authcert.c when accessing gnutls server without a user certificate in the database. A remote attacker can trigger a stack-based buffer overflow and crash the application using the affected library.
50) NULL pointer dereference (CVE-ID: CVE-2022-2309)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the iterwalk() function. A remote attacker can pass specially crafted XML data to the application and perform a denial of service (DoS) attack.
51) Deserialization of Untrusted Data (CVE-ID: CVE-2023-6378)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure input validation when processing serialized data in logback receiver component. A remote attacker can pass specially crafted data to the application and cause a denial of service condition on the target system.
52) Integer overflow (CVE-ID: CVE-2023-46228)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when processing files in lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, and lib/header.c. A remote attacker can pass specially crafted file to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
53) Out-of-bounds read (CVE-ID: CVE-2023-39615)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the xmlSAX2StartElement() function in /libxml2/SAX2.c. A remote attacker can pass specially crafted XML input to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
54) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2023-5981)
The vulnerability allows a remote attacker to perform timing attack.
The vulnerability exists due to the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. A remote attacker can perform timing sidechannel attack in RSA-PSK key exchange.
55) Access of Uninitialized Pointer (CVE-ID: CVE-2023-36054)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c does not validate the relationship between n_key_data and the key_data array count and frees an uninitialized pointer. A remote user can send a specially crafted request to the application and perform a denial of service (DoS) attack.
56) Path traversal (CVE-ID: CVE-2018-18586)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
** DISPUTED ** chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application.
57) Security features bypass (CVE-ID: CVE-2023-4039)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the GCC's stack smashing protection does not detect or defend against overflows of dynamically-sized local variables on AArch64 targets. A remote attacker can bypass expected security restrictions and successfully exploit buffer overflow vulnerabilities.
58) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-5870)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to pg_cancel_backend rolse signals background workers, including the logical replication launcher, autovacuum workers and the autovacuum launcher. A remote privileged user can abuse this behavior and perform a denial of service (DoS) attack.
59) Information disclosure (CVE-ID: CVE-2023-5868)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the aggregate function calls when handling "unknown"-type arguments. A remote user can read parts of system memory.
60) Integer overflow (CVE-ID: CVE-2023-5869)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in array modification. A remote user can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
61) Security restrictions bypass (CVE-ID: CVE-2018-14348)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.62) Improper Certificate Validation (CVE-ID: CVE-2024-30475)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.
63) Cross-site scripting (CVE-ID: CVE-2024-30476)
The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
64) Resource exhaustion (CVE-ID: CVE-2024-30474)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.