Vulnerabilities (CVE)

Filtered by vendor Dell Subscribe
Total 531 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24426 1 Dell 3 Alienware Update, Command Update, Update 2022-05-20 7.2 HIGH 7.8 HIGH
Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.
CVE-2022-24409 1 Dell 1 Bsafe Ssl-j 2022-05-13 7.5 HIGH 9.8 CRITICAL
Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date.
CVE-2021-36278 1 Dell 1 Emc Powerscale Onefs 2022-05-11 2.1 LOW 5.5 MEDIUM
Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access sensitive information. If any third-party consumes those logs, the same sensitive information is available to those systems as well.
CVE-2022-23161 1 Dell 1 Emc Powerscale Onefs 2022-05-11 5.0 MEDIUM 7.5 HIGH
Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker may potentially exploit this vulnerability, leading to denial-of-service.
CVE-2022-26856 1 Dell 1 Emc Repository Manager 2022-05-03 2.1 LOW 7.8 HIGH
Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account.
CVE-2022-22558 1 Dell 40 C4130, C4130 Firmware, C6320 and 37 more 2022-05-03 3.6 LOW 6.0 MEDIUM
Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service.
CVE-2022-24424 1 Dell 1 Emc Appsync 2022-05-03 5.0 MEDIUM 7.5 HIGH
Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.
CVE-2021-36282 1 Dell 1 Emc Powerscale Onefs 2022-05-03 2.1 LOW 3.3 LOW
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions.
CVE-2021-21568 1 Dell 1 Emc Powerscale Onefs 2022-05-03 4.0 MEDIUM 4.3 MEDIUM
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISI_PRIV_LOGIN_PAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change.
CVE-2022-24423 1 Dell 2 Integrated Dell Remote Access Controller 8, Integrated Dell Remote Access Controller 8 Firmware 2022-05-02 5.0 MEDIUM 7.5 HIGH
Dell EMC iDRAC8 versions 2.81.81 and earlier contain a denial of service vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to cause resource exhaustion, resulting in a denial of service (DoS) condition.
CVE-2021-21552 2 Dell, Microsoft 4 Wyse 5070 Thin Client, Wyse 5470 All-in-one Thin Client, Wyse 5470 Thin Client and 1 more 2022-04-26 7.2 HIGH 8.8 HIGH
Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system.
CVE-2021-21511 1 Dell 2 Emc Avamar Server, Emc Integrated Data Protection Appliance 2022-04-26 5.5 MEDIUM 8.1 HIGH
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data.
CVE-2021-21567 1 Dell 1 Powerscale Onefs 2022-04-26 4.6 MEDIUM 7.8 HIGH
Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege.
CVE-2021-36276 1 Dell 1 Dbutildrv2.sys Firmware 2022-04-25 4.6 MEDIUM 7.8 HIGH
Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
CVE-2021-36311 1 Dell 1 Emc Networker 2022-04-25 4.6 MEDIUM 7.8 HIGH
Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it.
CVE-2021-36301 1 Dell 2 Emc Idrac8 Firmware, Emc Idrac9 Firmware 2022-04-25 6.5 MEDIUM 7.2 HIGH
Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system.
CVE-2021-36308 1 Dell 1 Networking Os10 2022-04-25 9.3 HIGH 9.8 CRITICAL
Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.
CVE-2022-24413 1 Dell 1 Emc Powerscale Onefs 2022-04-20 3.3 LOW 3.6 LOW
Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss.
CVE-2022-24412 1 Dell 1 Emc Powerscale Onefs 2022-04-20 5.0 MEDIUM 7.5 HIGH
Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service.
CVE-2022-24411 1 Dell 1 Emc Powerscale Onefs 2022-04-20 4.6 MEDIUM 7.8 HIGH
Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees.