Vulnerabilities (CVE)

Filtered by vendor Dell Subscribe
Total 958 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-35166 2 Dell, Oracle 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more 2024-02-02 7.5 HIGH 9.8 CRITICAL
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
CVE-2024-22432 1 Dell 1 Networker 2024-02-01 N/A 6.5 MEDIUM
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account.
CVE-2020-5330 1 Dell 10 Pc5500, Pc5500 Firmware, R1-2210 and 7 more 2024-02-01 5.0 MEDIUM 7.5 HIGH
Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.
CVE-2024-22229 1 Dell 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment 2024-01-30 N/A 4.3 MEDIUM
Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities.
CVE-2023-44281 1 Dell 1 Pair 2024-01-30 N/A 7.1 HIGH
Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial of Service.
CVE-2024-22428 1 Dell 1 Emc Idrac Service Module 2024-01-23 N/A 7.8 HIGH
Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity.
CVE-2022-34364 1 Dell 1 Bsafe Ssl-j 2024-01-22 N/A 4.4 MEDIUM
Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. .
CVE-2023-43088 1 Dell 2 Precision 7865 Tower, Precision 7865 Tower Firmware 2024-01-04 N/A 6.8 MEDIUM
Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.
CVE-2023-48670 1 Dell 1 Supportassist For Home Pcs 2024-01-02 N/A 7.8 HIGH
Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges.
CVE-2004-0079 23 4d, Apple, Avaya and 20 more 66 Webstar, Mac Os X, Mac Os X Server and 63 more 2023-12-28 5.0 MEDIUM 7.5 HIGH
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CVE-2023-44277 1 Dell 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more 2023-12-27 N/A 7.8 HIGH
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
CVE-2023-44278 1 Dell 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more 2023-12-27 N/A 6.7 MEDIUM
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application.
CVE-2023-44279 1 Dell 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more 2023-12-27 N/A 6.7 MEDIUM
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker
CVE-2023-44284 1 Dell 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more 2023-12-27 N/A 4.3 MEDIUM
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized read access to application data.
CVE-2023-44285 1 Dell 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more 2023-12-27 N/A 7.8 HIGH
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.
CVE-2023-44286 1 Dell 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more 2023-12-27 N/A 6.1 MEDIUM
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user's DOM environment in the browser. . Exploitation may lead to information disclosure, session theft, or client-side request forgery.
CVE-2023-48667 1 Dell 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more 2023-12-27 N/A 7.2 HIGH
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker.
CVE-2023-48668 1 Dell 1 Powerprotect Data Domain Management Center 2023-12-27 N/A 6.7 MEDIUM
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC.
CVE-2023-48671 1 Dell 3 Powermax Os, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance 2023-12-19 N/A 7.5 HIGH
Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A remote attacker could potentially exploit this vulnerability leading to obtain sensitive information that may aid in further attacks.
CVE-2023-48665 1 Dell 3 Powermax Os, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance 2023-12-19 N/A 7.2 HIGH
Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.