Vulnerabilities (CVE)

Filtered by vendor Dell Subscribe
Total 958 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-22227 1 Dell 1 Unity Operating Environment 2024-02-15 N/A 7.8 HIGH
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands with root privileges.
CVE-2024-22225 1 Dell 1 Unity Operating Environment 2024-02-15 N/A 7.8 HIGH
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.
CVE-2024-22224 1 Dell 1 Unity Operating Environment 2024-02-15 N/A 7.8 HIGH
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.
CVE-2024-22223 1 Dell 1 Unity Operating Environment 2024-02-15 N/A 7.8 HIGH
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.
CVE-2024-0169 1 Dell 1 Unity Operating Environment 2024-02-15 N/A 5.4 MEDIUM
Dell Unity, versions prior to 5.4, contains a cross-site scripting (XSS) vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading users to download and execute malicious software crafted by this product's feature to compromise their systems.
CVE-2024-22464 1 Dell 1 Emc Appsync 2024-02-15 N/A 6.8 MEDIUM
Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.
CVE-2023-28063 1 Dell 582 Alienware M15 R6, Alienware M15 R6 Firmware, Alienware M15 R7 and 579 more 2024-02-15 N/A 4.4 MEDIUM
Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.
CVE-2023-32479 2 Dell, Microsoft 4 Encryption, Endpoint Security Suite Enterprise, Security Management Server and 1 more 2024-02-13 N/A 7.8 HIGH
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.
CVE-2023-32454 1 Dell 1 Update Package Framework 2024-02-13 N/A 7.1 HIGH
DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service
CVE-2024-22433 1 Dell 1 Data Protection Search 2024-02-13 N/A 9.8 CRITICAL
Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.
CVE-2023-28049 1 Dell 1 Command \| Monitor 2024-02-13 N/A 7.1 HIGH
Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete.
CVE-2023-32451 1 Dell 1 Display Manager 2024-02-12 N/A 7.8 HIGH
Dell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation
CVE-2023-32474 1 Dell 1 Display Manager 2024-02-12 N/A 6.6 MEDIUM
Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion
CVE-2023-25543 1 Dell 1 Power Manager 2024-02-12 N/A 7.8 HIGH
Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system.
CVE-2021-21575 1 Dell 1 Bsafe Micro-edition-suite 2024-02-09 N/A 9.8 CRITICAL
Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.
CVE-2022-34381 1 Dell 2 Bsafe Crypto-j, Bsafe Ssl-j 2024-02-09 N/A 9.8 CRITICAL
Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.
CVE-2020-29504 1 Dell 2 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite 2024-02-08 N/A 9.8 CRITICAL
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.
CVE-2024-22430 1 Dell 1 Powerscale Onefs 2024-02-03 N/A 5.5 MEDIUM
Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service.
CVE-2024-22449 1 Dell 1 Powerscale Onefs 2024-02-03 N/A 7.8 HIGH
Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access.
CVE-2023-28068 1 Dell 1 Command \| Monitor 2024-02-02 N/A 7.8 HIGH
Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path