Filtered by vendor Dell
Subscribe
Search
Total
223 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43088 | 1 Dell | 2 Precision 7865 Tower, Precision 7865 Tower Firmware | 2024-01-04 | N/A | 6.8 MEDIUM |
| Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device. | |||||
| CVE-2023-39251 | 1 Dell | 26 Inspiron 7510, Inspiron 7510 Firmware, Inspiron 7610 and 23 more | 2024-01-04 | N/A | 6.7 MEDIUM |
| Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system. | |||||
| CVE-2023-44278 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2023-12-27 | N/A | 6.7 MEDIUM |
| Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application. | |||||
| CVE-2023-44279 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2023-12-27 | N/A | 6.7 MEDIUM |
| Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker | |||||
| CVE-2023-44284 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2023-12-27 | N/A | 4.3 MEDIUM |
| Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized read access to application data. | |||||
| CVE-2023-44286 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2023-12-27 | N/A | 6.1 MEDIUM |
| Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user's DOM environment in the browser. . Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2023-48668 | 1 Dell | 1 Powerprotect Data Domain Management Center | 2023-12-27 | N/A | 6.7 MEDIUM |
| Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC. | |||||
| CVE-2023-28053 | 1 Dell | 1 Emc Networker | 2023-12-22 | N/A | 5.3 MEDIUM |
| Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure. | |||||
| CVE-2023-48661 | 1 Dell | 3 Powermax Os, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2023-12-19 | N/A | 4.9 MEDIUM |
| Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system. | |||||
| CVE-2023-44301 | 1 Dell | 2 Powerprotect Data Manager Dm5500, Powerprotect Data Manager Dm5500 Firmware | 2023-12-18 | N/A | 5.4 MEDIUM |
| Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability. A network attacker with low privileges could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2023-44306 | 1 Dell | 2 Dm5500, Dm5500 Firmware | 2023-12-18 | N/A | 6.5 MEDIUM |
| Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem. | |||||
| CVE-2023-44300 | 1 Dell | 2 Powerprotect Data Manager Dm5500, Powerprotect Data Manager Dm5500 Firmware | 2023-12-18 | N/A | 5.5 MEDIUM |
| Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in the appliance. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain service credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2023-44297 | 1 Dell | 26 Poweredge C6620, Poweredge C6620 Firmware, Poweredge Hs5610 and 23 more | 2023-12-12 | N/A | 6.8 MEDIUM |
| Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service. | |||||
| CVE-2023-44298 | 1 Dell | 26 Poweredge C6620, Poweredge C6620 Firmware, Poweredge Hs5610 and 23 more | 2023-12-12 | N/A | 6.8 MEDIUM |
| Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service. | |||||
| CVE-2023-43082 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2023-11-30 | N/A | 5.9 MEDIUM |
| Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate. | |||||
| CVE-2023-32469 | 1 Dell | 6 Precision 5820, Precision 5820 Firmware, Precision 7820 and 3 more | 2023-11-29 | N/A | 6.7 MEDIUM |
| Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution. | |||||
| CVE-2023-44296 | 1 Dell | 1 E-lab Navigator | 2023-11-20 | N/A | 5.5 MEDIUM |
| Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information. | |||||
| CVE-2023-43087 | 1 Dell | 1 Powerscale Onefs | 2023-11-09 | N/A | 6.5 MEDIUM |
| Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure. | |||||
| CVE-2023-43076 | 1 Dell | 1 Powerscale Onefs | 2023-11-09 | N/A | 6.5 MEDIUM |
| Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. A low privilege remote attacker could potentially exploit this vulnerability to cause an out of memory (OOM) condition. | |||||
| CVE-2023-39250 | 1 Dell | 1 Storage Integration Tools For Vmware | 2023-08-24 | N/A | 5.5 MEDIUM |
| Dell Storage Integration Tools for VMware (DSITV) 06.01.00.016 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks. | |||||
| CVE-2023-28075 | 1 Dell | 484 Alienware M15 R7, Alienware M15 R7 Firmware, Alienware M16 and 481 more | 2023-08-22 | N/A | 6.3 MEDIUM |
| Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system. | |||||
| CVE-2023-32491 | 1 Dell | 1 Powerscale Onefs | 2023-08-22 | N/A | 6.5 MEDIUM |
| Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2023-32489 | 1 Dell | 1 Powerscale Onefs | 2023-08-22 | N/A | 6.7 MEDIUM |
| Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain elevated privileges. | |||||
| CVE-2023-32488 | 1 Dell | 1 Powerscale Onefs | 2023-08-22 | N/A | 4.3 MEDIUM |
| Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2023-32490 | 1 Dell | 1 Powerscale Onefs | 2023-08-22 | N/A | 6.7 MEDIUM |
| Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability. A high privilege local attacker could potentially exploit this vulnerability, leading to system takeover. | |||||
| CVE-2023-32494 | 1 Dell | 1 Powerscale Onefs | 2023-08-22 | N/A | 6.7 MEDIUM |
| Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also. | |||||
| CVE-2022-31238 | 1 Dell | 1 Emc Powerscale Onefs | 2023-08-08 | N/A | 5.5 MEDIUM |
| Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2023-32476 | 1 Dell | 1 Hybrid Client | 2023-07-31 | N/A | 5.5 MEDIUM |
| Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability. An unauthenticated malicious user on the device can access hard coded secrets in javascript files. | |||||
| CVE-2023-32478 | 1 Dell | 1 Powerstoreos | 2023-07-31 | N/A | 4.9 MEDIUM |
| Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure. | |||||
| CVE-2023-32455 | 1 Dell | 10 Latitude 3420, Latitude 3440, Latitude 5440 and 7 more | 2023-07-28 | N/A | 5.5 MEDIUM |
| Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. | |||||
| CVE-2023-32446 | 1 Dell | 10 Latitude 3420, Latitude 3440, Latitude 5440 and 7 more | 2023-07-28 | N/A | 5.5 MEDIUM |
| Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. | |||||
| CVE-2023-32447 | 1 Dell | 10 Latitude 3420, Latitude 3440, Latitude 5440 and 7 more | 2023-07-28 | N/A | 5.5 MEDIUM |
| Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. | |||||
| CVE-2023-32482 | 1 Dell | 1 Wyse Management Suite | 2023-07-26 | N/A | 4.9 MEDIUM |
| Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group. | |||||
| CVE-2023-32483 | 1 Dell | 1 Wyse Management Suite | 2023-07-26 | N/A | 4.4 MEDIUM |
| Wyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability. An authenticated malicious user having local access to the system running the application could exploit this vulnerability to read sensitive information written to log files. | |||||
| CVE-2023-32481 | 1 Dell | 1 Wyse Management Suite | 2023-07-26 | N/A | 6.5 MEDIUM |
| Wyse Management Suite versions prior to 4.0 contain a denial-of-service vulnerability. An authenticated malicious user can flood the configured SMTP server with numerous requests in order to deny access to the system. | |||||
| CVE-2021-36315 | 1 Dell | 38 Emc Powerscale Nodes A100, Emc Powerscale Nodes A100 Firmware, Emc Powerscale Nodes A200 and 35 more | 2022-07-12 | 7.2 HIGH | 6.8 MEDIUM |
| Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity. | |||||
| CVE-2022-31229 | 1 Dell | 1 Powerscale Onefs | 2022-07-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources. | |||||
| CVE-2022-29097 | 1 Dell | 1 Wyse Management Suite | 2022-07-06 | 4.0 MEDIUM | 4.9 MEDIUM |
| Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. | |||||
| CVE-2022-29096 | 1 Dell | 1 Wyse Management Suite | 2022-07-06 | 3.5 LOW | 5.4 MEDIUM |
| Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2019-3739 | 2 Dell, Oracle | 16 Bsafe Cert-j, Bsafe Crypto-j, Bsafe Ssl-j and 13 more | 2022-06-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys. | |||||
| CVE-2019-3738 | 3 Dell, Mcafee, Oracle | 16 Bsafe Cert-j, Bsafe Crypto-j, Bsafe Ssl-j and 13 more | 2022-06-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key. | |||||
| CVE-2022-29085 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2022-06-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | |||||
| CVE-2022-26866 | 1 Dell | 1 Powerstoreos | 2022-06-13 | 3.5 LOW | 5.5 MEDIUM |
| Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2022-29091 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2022-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2022-29082 | 1 Dell | 1 Emc Networker | 2022-06-08 | 4.9 MEDIUM | 4.6 MEDIUM |
| Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates. | |||||
| CVE-2022-26865 | 1 Dell | 1 Supportassist Os Recovery | 2022-06-07 | 7.2 HIGH | 6.8 MEDIUM |
| Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator. | |||||
| CVE-2019-3740 | 2 Dell, Oracle | 18 Bsafe Cert-j, Bsafe Crypto-j, Bsafe Ssl-j and 15 more | 2022-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys. | |||||
| CVE-2022-24414 | 1 Dell | 1 Cloudlink | 2022-06-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks. | |||||
| CVE-2022-24418 | 1 Dell | 56 Dell G5 5505, Dell G5 5505 Firmware, Inspiron 22-3275 and 53 more | 2022-06-07 | 7.2 HIGH | 6.7 MEDIUM |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | |||||
| CVE-2022-24417 | 1 Dell | 56 Dell G5 5505, Dell G5 5505 Firmware, Inspiron 22-3275 and 53 more | 2022-06-07 | 7.2 HIGH | 6.7 MEDIUM |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | |||||