Filtered by vendor Dell
Subscribe
Total
956 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-36333 | 1 Dell | 1 Emc Cloud Link | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low privileged attacker, may potentially exploit this vulnerability, leading to an application crash. | |||||
CVE-2021-36296 | 1 Dell | 9 Emc Unity Operating Environment, Vnx5200, Vnx5400 and 6 more | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system. | |||||
CVE-2021-36324 | 1 Dell | 566 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 563 more | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||||
CVE-2021-36318 | 1 Dell | 1 Emc Avamar Server | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage. | |||||
CVE-2021-36313 | 1 Dell | 1 Cloudlink | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it may be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity. | |||||
CVE-2021-36295 | 1 Dell | 9 Emc Unity Operating Environment, Vnx5200, Vnx5400 and 6 more | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system. | |||||
CVE-2021-36298 | 1 Dell | 2 Isilon Insightiq, Isilon Insightiq Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity. | |||||
CVE-2021-36325 | 1 Dell | 566 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 563 more | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||||
CVE-2021-36312 | 1 Dell | 1 Cloudlink | 2023-12-10 | 8.5 HIGH | 9.1 CRITICAL |
Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit this vulnerability to gain unauthorized access to the system. | |||||
CVE-2021-36327 | 1 Dell | 1 Emc Streaming Data Platform | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice. | |||||
CVE-2022-22552 | 1 Dell | 1 Emc Appsync | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations. | |||||
CVE-2022-22553 | 1 Dell | 1 Emc Appsync | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users. | |||||
CVE-2021-36317 | 1 Dell | 2 Emc Avamar Server, Emc Powerprotect Data Protection Appliance | 2023-12-10 | 2.1 LOW | 6.7 MEDIUM |
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
CVE-2021-36326 | 1 Dell | 1 Emc Streaming Data Platform | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format. | |||||
CVE-2021-36283 | 1 Dell | 170 Chengming 3990, Chengming 3990 Firmware, Chengming 3991 and 167 more | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||||
CVE-2022-22551 | 1 Dell | 1 Emc Appsync | 2023-12-10 | 5.8 MEDIUM | 8.8 HIGH |
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session. | |||||
CVE-2021-36334 | 1 Dell | 1 Emc Cloud Link | 2023-12-10 | 6.0 MEDIUM | 6.8 MEDIUM |
Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine | |||||
CVE-2021-36321 | 1 Dell | 18 X1008, X1008 Firmware, X1008p and 15 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service. | |||||
CVE-2021-36338 | 1 Dell | 7 Powermax Os, Solutions Enabler, Solutions Enabler Virtual Appliance and 4 more | 2023-12-10 | 5.2 MEDIUM | 8.0 HIGH |
Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338. | |||||
CVE-2021-36315 | 1 Dell | 38 Emc Powerscale Nodes A100, Emc Powerscale Nodes A100 Firmware, Emc Powerscale Nodes A200 and 35 more | 2023-12-10 | 7.2 HIGH | 6.8 MEDIUM |
Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity. |