Filtered by vendor Dell
Subscribe
Total
785 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25539 | 2 Dell, Linux | 2 Networker, Linux Kernel | 2023-06-07 | N/A | 9.8 CRITICAL |
| Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2023-28080 | 1 Dell | 1 Powerpath | 2023-06-06 | N/A | 7.3 HIGH |
| PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. | |||||
| CVE-2023-28079 | 1 Dell | 1 Powerpath | 2023-06-06 | N/A | 7.8 HIGH |
| PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. | |||||
| CVE-2023-32448 | 1 Dell | 1 Powerpath | 2023-06-06 | N/A | 5.5 MEDIUM |
| PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems. | |||||
| CVE-2023-25542 | 1 Dell | 1 Trusted Device Agent | 2023-06-06 | N/A | 7.8 HIGH |
| Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges. | |||||
| CVE-2023-23694 | 1 Dell | 1 Vxrail Hyperconverged Infrastructure | 2023-06-05 | N/A | 7.8 HIGH |
| Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | |||||
| CVE-2023-23693 | 1 Dell | 1 Vxrail Hyperconverged Infrastructure | 2023-06-01 | N/A | 8.2 HIGH |
| Dell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | |||||
| CVE-2023-25934 | 1 Dell | 1 Elastic Cloud Storage | 2023-05-31 | N/A | 7.5 HIGH |
| DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request. | |||||
| CVE-2022-34397 | 1 Dell | 3 Evasa Provider Virtual Appliance, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2023-05-31 | N/A | 5.7 MEDIUM |
| Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized. | |||||
| CVE-2023-25537 | 1 Dell | 60 Dss 8440, Dss 8440 Firmware, Emc Storage Nx3240 and 57 more | 2023-05-30 | N/A | 7.8 HIGH |
| Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege. | |||||
| CVE-2023-28068 | 1 Dell | 1 Command \| Monitor | 2023-05-30 | N/A | 7.8 HIGH |
| Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path | |||||
| CVE-2023-28045 | 1 Dell | 1 Cloudiq Collector | 2023-05-26 | N/A | 7.1 HIGH |
| Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data. | |||||
| CVE-2023-28076 | 1 Dell | 1 Cloudlink | 2023-05-25 | N/A | 7.5 HIGH |
| CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure. | |||||
| CVE-2023-28070 | 1 Dell | 1 Alienware Command Center | 2023-05-09 | N/A | 7.8 HIGH |
| Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation. | |||||
| CVE-2023-28047 | 1 Dell | 1 Display Manager | 2023-04-29 | N/A | 7.8 HIGH |
| Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges. | |||||
| CVE-2020-12695 | 18 Asus, Broadcom, Canon and 15 more | 257 Rt-n11, Adsl, Selphy Cp1200 and 254 more | 2023-04-26 | 7.8 HIGH | 7.5 HIGH |
| The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | |||||
| CVE-2023-28062 | 1 Dell | 1 Powerprotect Data Manager | 2023-04-18 | N/A | 8.8 HIGH |
| Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions. | |||||
| CVE-2023-28051 | 1 Dell | 1 Power Manager | 2023-04-13 | N/A | 7.8 HIGH |
| Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system. | |||||
| CVE-2023-28046 | 1 Dell | 1 Display Manager | 2023-04-12 | N/A | 7.1 HIGH |
| Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges. | |||||
| CVE-2023-25942 | 1 Dell | 1 Emc Powerscale Onefs | 2023-04-11 | N/A | 6.5 MEDIUM |
| Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service. | |||||