Filtered by vendor Dell
Subscribe
Search
Total
231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36307 | 1 Dell | 1 Networking Os10 | 2021-11-23 | 8.5 HIGH | 8.8 HIGH |
| Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system. | |||||
| CVE-2021-36321 | 1 Dell | 18 X1008, X1008 Firmware, X1008p and 15 more | 2021-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service. | |||||
| CVE-2021-21528 | 1 Dell | 1 Emc Powerscale Onefs | 2021-11-17 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions. | |||||
| CVE-2019-3737 | 1 Dell | 1 Avamar Data Migration Enabler Web Interface | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application. | |||||
| CVE-2019-3736 | 1 Dell | 5 Emc Idpa Dp4400, Emc Idpa Dp5800, Emc Idpa Dp8300 and 2 more | 2021-11-02 | 4.0 MEDIUM | 7.2 HIGH |
| Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user. | |||||
| CVE-2021-36297 | 1 Dell | 1 Supportassist For Home Pcs | 2021-10-07 | 4.4 MEDIUM | 7.8 HIGH |
| SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll's, | |||||
| CVE-2020-26181 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2021-10-04 | 7.2 HIGH | 7.8 HIGH |
| Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges. | |||||
| CVE-2021-36286 | 1 Dell | 1 Supportassist Client Consumer | 2021-10-01 | 3.6 LOW | 7.1 HIGH |
| Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin. | |||||
| CVE-2020-26191 | 1 Dell | 1 Emc Powerscale Onefs | 2021-09-14 | 4.6 MEDIUM | 7.8 HIGH |
| Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users. | |||||
| CVE-2017-8007 | 1 Dell | 4 Emc M\&r, Emc Storage Monitoring And Reporting, Emc Vipr Srm and 1 more | 2021-09-13 | 6.5 MEDIUM | 8.8 HIGH |
| In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call. | |||||
| CVE-2017-8012 | 1 Dell | 4 Emc M\&r, Emc Storage Monitoring And Reporting, Emc Vipr Srm and 1 more | 2021-09-13 | 5.8 MEDIUM | 7.4 HIGH |
| In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities. | |||||
| CVE-2015-4057 | 1 Dell | 1 Vce Vision Intelligent Operations | 2021-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network. | |||||
| CVE-2021-36281 | 1 Dell | 1 Emc Powerscale Onefs | 2021-08-25 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges. | |||||
| CVE-2021-36279 | 1 Dell | 1 Emc Powerscale Onefs | 2021-08-24 | 7.2 HIGH | 7.8 HIGH |
| Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. | |||||
| CVE-2021-21601 | 1 Dell | 2 Emc Data Protection Search, Emc Integrated Data Protection Appliance | 2021-08-18 | 2.1 LOW | 7.8 HIGH |
| Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. | |||||
| CVE-2021-36277 | 1 Dell | 2 Command \| Update, Update\/alienware Update | 2021-08-17 | 7.2 HIGH | 7.8 HIGH |
| Dell Command Update, Dell Update, and Alienware Update versions prior to 4.3 contains a Improper Certificate Verification vulnerability. A local authenticated malicious user could exploit this vulnerability by modifying local configuration files in order to execute arbitrary code on the system. | |||||
| CVE-2021-21585 | 1 Dell | 1 Openmanage Enterprise | 2021-08-13 | 9.0 HIGH | 7.2 HIGH |
| Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands. | |||||
| CVE-2021-21596 | 1 Dell | 2 Openmanage Enterprise, Openmanage Enterprise-modular | 2021-08-13 | 5.8 MEDIUM | 8.8 HIGH |
| Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability leading to information disclosure and a possible elevation of privileges. | |||||
| CVE-2021-21553 | 1 Dell | 1 Powerscale Onefs | 2021-08-11 | 7.2 HIGH | 8.8 HIGH |
| Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest. | |||||
| CVE-2020-5351 | 1 Dell | 1 Emc Data Protection Advisor | 2021-08-06 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious user with the knowledge of the hard-coded password may login to the system and gain read-only privileges. | |||||
| CVE-2020-5353 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2021-08-06 | 9.0 HIGH | 8.8 HIGH |
| The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system. | |||||
| CVE-2020-26180 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2021-08-06 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols. | |||||
| CVE-2016-6645 | 2 Dell, Emc | 3 Emc Unisphere, Solutions Enabler, Unisphere | 2021-08-05 | 9.0 HIGH | 8.8 HIGH |
| The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class. | |||||
| CVE-2020-5315 | 1 Dell | 1 Emc Repository Manager | 2021-08-02 | 2.1 LOW | 8.8 HIGH |
| Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage vulnerability. Proxy server user password is stored in a plain text in a local database. A local authenticated malicious user with access to the local file system may use the exposed password to access the with privileges of the compromised user. | |||||
| CVE-2020-5316 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2021-08-02 | 4.6 MEDIUM | 7.8 HIGH |
| Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code. | |||||
| CVE-2020-5320 | 1 Dell | 2 Emc Openmanage Enterprise, Emc Openmanage Enterprise-modular | 2021-07-29 | 6.5 MEDIUM | 7.2 HIGH |
| Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a SQL injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions. | |||||
| CVE-2020-5321 | 1 Dell | 2 Emc Openmanage Enterprise, Emc Openmanage Enterprise-modular | 2021-07-29 | 5.5 MEDIUM | 7.6 HIGH |
| Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an improper input validation vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to spawn tasks with elevated privileges. | |||||
| CVE-2019-3752 | 1 Dell | 2 Emc Avamar Server, Emc Integrated Data Protection Appliance | 2021-07-28 | 6.4 MEDIUM | 8.2 HIGH |
| Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request. | |||||
| CVE-2019-3710 | 1 Dell | 1 Emc Networking Os10 | 2021-07-21 | 6.8 MEDIUM | 8.1 HIGH |
| Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges. | |||||
| CVE-2021-21573 | 1 Dell | 256 Alienware M15 R6, Alienware M15 R6 Firmware, Chengming 3990 and 253 more | 2021-06-30 | 6.9 MEDIUM | 7.5 HIGH |
| Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions. | |||||
| CVE-2021-21572 | 1 Dell | 256 Alienware M15 R6, Alienware M15 R6 Firmware, Chengming 3990 and 253 more | 2021-06-30 | 6.9 MEDIUM | 7.5 HIGH |
| Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions. | |||||
| CVE-2021-21574 | 1 Dell | 256 Alienware M15 R6, Alienware M15 R6 Firmware, Chengming 3990 and 253 more | 2021-06-30 | 6.9 MEDIUM | 7.5 HIGH |
| Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions. | |||||
| CVE-2021-21549 | 1 Dell | 3 Xtremio Management Server, Xtremio X1, Xtremio X2 | 2021-05-28 | 6.8 MEDIUM | 8.8 HIGH |
| Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attacker could potentially exploit this vulnerability, leading to a privileged victim application user being tricked into sending state-changing requests to the vulnerable application, causing unintended server operations. | |||||
| CVE-2021-21530 | 1 Dell | 1 Openmanage Enterprise-modular | 2021-05-10 | 6.5 MEDIUM | 8.8 HIGH |
| Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive information in the system, resulting in information disclosure and elevation of privilege. | |||||
| CVE-2021-21539 | 1 Dell | 1 Idrac9 Firmware | 2021-05-10 | 4.6 MEDIUM | 7.1 HIGH |
| Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface. | |||||
| CVE-2021-21540 | 1 Dell | 1 Idrac9 Firmware | 2021-05-10 | 5.5 MEDIUM | 8.1 HIGH |
| Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload. | |||||
| CVE-2021-21531 | 1 Dell | 5 Powermax Os, Solutions Enabler, Solutions Enabler Virtual Appliance and 2 more | 2021-05-10 | 4.6 MEDIUM | 7.8 HIGH |
| Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions. | |||||
| CVE-2021-21535 | 1 Dell | 1 Hybrid Client | 2021-05-06 | 7.2 HIGH | 7.8 HIGH |
| Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system. | |||||
| CVE-2021-21545 | 1 Dell | 1 Peripheral Manager | 2021-04-26 | 7.2 HIGH | 7.8 HIGH |
| Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user. | |||||
| CVE-2020-12695 | 18 Asus, Broadcom, Canon and 15 more | 257 Rt-n11, Adsl, Selphy Cp1200 and 254 more | 2021-04-23 | 7.8 HIGH | 7.5 HIGH |
| The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | |||||
| CVE-2021-21518 | 1 Dell | 3 Supportassist Client Promanage, Supportassist For Business Pcs, Supportassist For Home Pcs | 2021-03-19 | 7.2 HIGH | 7.8 HIGH |
| Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges. | |||||
| CVE-2021-21506 | 1 Dell | 1 Emc Powerscale Onefs | 2021-03-12 | 6.5 MEDIUM | 8.8 HIGH |
| PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISI_PRIV_SYS_SUPPORT and ISI_PRIV_LOGIN_PAPI privileges could potentially exploit this vulnerability, leading to potential privileges escalation. | |||||
| CVE-2021-21503 | 1 Dell | 1 Emc Powerscale Onefs | 2021-03-12 | 4.6 MEDIUM | 7.8 HIGH |
| PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation. | |||||
| CVE-2021-21517 | 1 Dell | 1 Emc Srs Policy Manager | 2021-03-08 | 6.4 MEDIUM | 7.2 HIGH |
| SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service. | |||||
| CVE-2020-26194 | 1 Dell | 1 Emc Powerscale Onefs | 2021-02-12 | 4.6 MEDIUM | 7.8 HIGH |
| Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to compromised cryptographic operations. Note: no non-admin users or roles have these privileges by default. | |||||
| CVE-2020-26193 | 1 Dell | 1 Emc Powerscale Onefs | 2021-02-12 | 7.2 HIGH | 7.8 HIGH |
| Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. | |||||
| CVE-2020-26192 | 1 Dell | 1 Emc Powerscale Onefs | 2021-02-12 | 4.6 MEDIUM | 7.8 HIGH |
| Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no non-admin users or roles have these privileges by default. | |||||
| CVE-2020-5361 | 1 Dell | 1 Cpg Bios | 2021-01-29 | 7.2 HIGH | 7.6 HIGH |
| Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication. | |||||
| CVE-2020-29494 | 1 Dell | 2 Emc Avamar Server, Emc Integrated Data Protection Appliance | 2021-01-21 | 5.5 MEDIUM | 8.7 HIGH |
| Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files. | |||||
| CVE-2020-29491 | 1 Dell | 8 Wyse 3040, Wyse 5010, Wyse 5040 and 5 more | 2021-01-08 | 5.0 MEDIUM | 8.6 HIGH |
| Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the sensitive information on the local network, leading to the potential compromise of impacted thin clients. | |||||