Filtered by vendor Dell
Subscribe
Total
956 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-22557 | 1 Dell | 3 Powerstore T, Powerstore X, Powerstoreos | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
CVE-2022-26865 | 1 Dell | 1 Supportassist Os Recovery | 2023-12-10 | 7.2 HIGH | 6.8 MEDIUM |
Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator. | |||||
CVE-2022-22560 | 1 Dell | 1 Emc Powerscale Onefs | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline. | |||||
CVE-2022-24414 | 1 Dell | 1 Cloudlink | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks. | |||||
CVE-2022-26863 | 1 Dell | 68 Alienware M15 R5, Alienware M15 R5 Firmware, G15 5515 and 65 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM. | |||||
CVE-2022-24424 | 1 Dell | 1 Emc Appsync | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. | |||||
CVE-2022-22558 | 1 Dell | 40 C4130, C4130 Firmware, C6320 and 37 more | 2023-12-10 | 3.6 LOW | 6.0 MEDIUM |
Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service. | |||||
CVE-2022-29098 | 1 Dell | 1 Powerscale Onefs | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise. | |||||
CVE-2022-23161 | 1 Dell | 1 Emc Powerscale Onefs | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker may potentially exploit this vulnerability, leading to denial-of-service. | |||||
CVE-2022-24428 | 1 Dell | 1 Emc Powerscale Onefs | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure. | |||||
CVE-2022-24413 | 1 Dell | 1 Emc Powerscale Onefs | 2023-12-10 | 3.3 LOW | 3.6 LOW |
Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss. | |||||
CVE-2022-26857 | 1 Dell | 1 Openmanage Enterprise | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions. | |||||
CVE-2022-26854 | 1 Dell | 1 Emc Powerscale Onefs | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access | |||||
CVE-2022-23156 | 1 Dell | 1 Wyse Device Agent | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server. | |||||
CVE-2021-36339 | 1 Dell | 7 Powermax Os, Solutions Enabler, Solutions Enabler Virtual Appliance and 4 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance. | |||||
CVE-2021-36319 | 1 Dell | 1 Networking Os10 | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages. | |||||
CVE-2021-36309 | 1 Dell | 1 Enterprise Sonic Os | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks. | |||||
CVE-2021-36337 | 1 Dell | 1 Wyse Management Suite | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. | |||||
CVE-2021-36320 | 1 Dell | 18 X1008, X1008 Firmware, X1008p and 15 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID. | |||||
CVE-2021-21522 | 1 Dell | 56 Latitude 5285 2-in-1, Latitude 5285 2-in-1 Firmware, Latitude 5289 2-in-1 and 53 more | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface. |