Skip to main content

Dell

1272 CVEs vendor

Monthly

CVE-2021-21594 MEDIUM PATCH This Month

Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-21592 MEDIUM PATCH This Month

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-21568 MEDIUM PATCH This Month

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-21601 HIGH PATCH This Week

Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Data Protection Search Emc Integrated Data Protection Appliance
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-21600 MEDIUM PATCH This Month

Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Dell Denial Of Service Emc Networker
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-21598 LOW PATCH Monitor

Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity.

Dell Information Disclosure Wyse Thinos
NVD
CVSS 3.1
3.9
EPSS
0.2%
CVE-2021-21597 LOW PATCH Monitor

Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity.

Dell Information Disclosure Wyse Thinos
NVD
CVSS 3.1
3.9
EPSS
0.2%
CVE-2021-21567 HIGH PATCH This Week

Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Dell Information Disclosure Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-36277 HIGH PATCH This Week

Dell Command | Update, Dell Update, and Alienware Update versions before 4.3 contains an Improper Verification of Cryptographic Signature Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell RCE Jwt Attack Alienware Command Center Application Command Update +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-36276 HIGH PATCH This Week

Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Denial Of Service Information Disclosure Authentication Bypass Dbutildrv2 Sys Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-21596 HIGH PATCH This Week

Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Dell RCE Information Disclosure Openmanage Enterprise Openmanage Enterprise Modular
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-21585 HIGH PATCH This Week

Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Dell Command Injection Openmanage Enterprise
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2021-21584 MEDIUM PATCH This Month

Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Dell Information Disclosure Openmanage Enterprise Openmanage Enterprise Modular
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-21564 CRITICAL PATCH Act Now

Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Dell Information Disclosure Authentication Bypass Openmanage Enterprise
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-21581 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XSS Emc Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21580 MEDIUM This Month

Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Code Injection Emc Idrac8 Firmware Emc Idrac9 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-21579 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Open Redirect Emc Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21578 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Open Redirect Emc Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21577 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XSS Emc Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21576 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XSS Emc Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21565 MEDIUM This Month

Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-21563 MEDIUM This Month

Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper Check for Unusual or Exceptional Conditions in its auditing component.This can lead to an authenticated user with low-privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Emc Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-21562 MEDIUM This Month

Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-21553 HIGH This Week

Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Powerscale Onefs
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2021-21546 MEDIUM PATCH This Month

Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Networker
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-21538 CRITICAL PATCH Act Now

Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Authentication Bypass Idrac9 Firmware
NVD
CVSS 3.1
10.0
EPSS
1.7%
CVE-2021-21587 LOW PATCH Monitor

Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Dell Information Disclosure Wyse Management Suite
NVD
CVSS 3.1
3.3
EPSS
0.9%
CVE-2021-21591 MEDIUM This Month

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Unity Operating Environment Emc Unity Xt Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-21590 MEDIUM This Month

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Unity Operating Environment Emc Unity Xt Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-21589 MEDIUM This Month

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Emc Unity Operating Environment Emc Unity Xt Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-21588 MEDIUM This Month

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Powerflex Presentation Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2021-21574 HIGH This Week

Dell BIOSConnect feature contains a buffer overflow vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow RCE Dell Stack Overflow Alienware M15 R6 Firmware +127
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-21573 HIGH This Week

Dell BIOSConnect feature contains a buffer overflow vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow RCE Dell Stack Overflow Alienware M15 R6 Firmware +127
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-21572 HIGH This Week

Dell BIOSConnect feature contains a buffer overflow vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Heap Overflow Dell RCE Alienware M15 R6 Firmware +127
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-21571 MEDIUM This Month

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Denial Of Service Alienware M15 R6 Firmware Chengming 3990 Firmware Chengming 3991 Firmware +125
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-21557 MEDIUM PATCH This Month

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Dell RCE Denial Of Service Information Disclosure Poweredge R640 Firmware +30
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21556 MEDIUM This Month

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Dell Stack Overflow Information Disclosure +10
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21555 MEDIUM This Month

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Dell Information Disclosure Heap Overflow +10
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21554 MEDIUM PATCH This Month

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow RCE Dell Information Disclosure +11
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21559 MEDIUM PATCH This Month

Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Dell Information Disclosure Emc Networker
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2021-21558 MEDIUM PATCH This Month

Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Networker
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-21552 HIGH PATCH This Week

Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Dell Microsoft Authentication Bypass Windows 10
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-21549 HIGH This Week

Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Dell Xtremio Management Server
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-21550 MEDIUM This Month

Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Emc Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21527 MEDIUM This Month

Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Emc Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21505 CRITICAL Act Now

Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 - 2011, contain an undocumented default iDRAC account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Microsoft Authentication Bypass Emc Integrated System For Microsoft Azure Stack Hub Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-21551 HIGH POC KEV THREAT Act Now

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Dell Denial Of Service Information Disclosure Dbutil
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
58.1%
CVE-2021-21547 MEDIUM PATCH This Month

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Dell Information Disclosure Unity Operating Environment Unity Xt Operating Environment Unityvsa Operating Environment
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-21544 LOW Monitor

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Idrac9 Firmware
NVD
CVSS 3.1
2.7
EPSS
0.9%
CVE-2021-21543 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Idrac9 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-21542 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Idrac9 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2021-21541 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XSS Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-21540 HIGH This Week

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Dell Stack Overflow Idrac9 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-21539 HIGH This Week

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Dell Information Disclosure Idrac9 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2021-21531 HIGH This Week

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Solutions Enabler Solutions Enabler Virtual Appliance Unisphere For Powermax +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-21530 HIGH PATCH This Week

Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Dell Command Injection Information Disclosure Openmanage Enterprise Modular
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-21507 CRITICAL PATCH Act Now

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Information Disclosure X1008P Firmware X1018P Firmware X1026P Firmware +8
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-21537 MEDIUM This Month

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Hybrid Client
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-21536 MEDIUM This Month

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Hybrid Client
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-21535 HIGH This Week

Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Hybrid Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-21534 LOW Monitor

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Hybrid Client
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-21526 MEDIUM This Month

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Command Injection Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21545 HIGH This Week

Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Privilege Escalation Peripheral Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-21524 CRITICAL PATCH Act Now

Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Dell Deserialization RCE Storage Monitoring And Reporting Storage Resource Manager
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-21532 MEDIUM This Month

Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Wyse Thinos
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2021-21529 MEDIUM This Month

Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service System Update
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-21518 HIGH This Week

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Code Injection Supportassist Client Promanage Supportassist For Business Pcs Supportassist For Home Pcs
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-21510 MEDIUM This Month

Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Code Injection Idrac8 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-21514 MEDIUM This Month

Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Path Traversal Openmanage Server Administrator
NVD
CVSS 3.1
4.9
EPSS
5.4%
CVE-2021-21513 CRITICAL POC Act Now

Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dell Microsoft Authentication Bypass Openmanage Server Administrator
NVD
CVSS 3.1
9.8
EPSS
5.7%
CVE-2021-21515 MEDIUM This Month

Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Emc Sourceone
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-21512 MEDIUM This Month

Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerprotect Cyber Recovery
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2021-21511 HIGH This Week

Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Emc Avamar Server Emc Integrated Data Protection Appliance
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-21502 CRITICAL Act Now

Dell PowerScale OneFS versions 8.1.0 - 9.1.0 contain a "use of SSH key past account expiration" vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Emc Powerscale Onefs
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-5360 HIGH PATCH This Week

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Dell Bsafe Micro Edition Suite Database Http Server +2
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-5359 MEDIUM PATCH This Month

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Information Disclosure Bsafe Micro Edition Suite Database Weblogic Server Proxy Plug In
NVD
CVSS 3.1
5.8
EPSS
1.3%
CVE-2020-26198 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dell Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-5388 MEDIUM This Month

Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. Rated medium severity (CVSS 6.9). No vendor patch available.

Buffer Overflow RCE Dell Inspiron 15 7579 Firmware
NVD
CVSS 3.1
6.9
EPSS
0.3%
CVE-2020-26183 MEDIUM This Month

Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Emc Networker
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-26182 MEDIUM This Month

Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Networker
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-5389 MEDIUM This Month

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Dell Information Disclosure Emc Openmanage Integration For Microsoft System Center
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-5387 MEDIUM This Month

Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Xps 13 9370 Firmware
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-5386 HIGH This Week

Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Elastic Cloud Storage
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-5379 MEDIUM This Month

Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Dell Inspiron 7352 Bios
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-5378 MEDIUM This Month

Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Dell RCE G7 17 7790 Bios
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-5376 MEDIUM This Month

Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Dell RCE Inspiron 7347 Bios
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-5369 HIGH This Week

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Dell Emc Isilon Onefs Emc Powerscale Onefs
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-5383 MEDIUM This Month

Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Dell Emc Isilon Emc Powerscale Onefs
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-5385 HIGH This Week

Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Encryption Endpoint Security Suite Enterprise
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-15596 MEDIUM This Month

The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

HP Lenovo Dell Information Disclosure Elite X2 1012 G1 Firmware +13
NVD
CVSS 3.1
6.7
EPSS
0.4%
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Data Protection Search +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Dell Denial Of Service Emc Networker
NVD
EPSS 0% CVSS 3.9
LOW PATCH Monitor

Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity.

Dell Information Disclosure Wyse Thinos
NVD
EPSS 0% CVSS 3.9
LOW PATCH Monitor

Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity.

Dell Information Disclosure Wyse Thinos
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Dell Information Disclosure Powerscale Onefs
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Dell Command | Update, Dell Update, and Alienware Update versions before 4.3 contains an Improper Verification of Cryptographic Signature Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell RCE Jwt Attack +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Denial Of Service Information Disclosure +2
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Dell RCE Information Disclosure +2
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Dell Command Injection Openmanage Enterprise
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Dell Information Disclosure Openmanage Enterprise +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Dell Information Disclosure Authentication Bypass +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XSS Emc Idrac9 Firmware
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Code Injection Emc Idrac8 Firmware +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Open Redirect Emc Idrac9 Firmware
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Open Redirect Emc Idrac9 Firmware
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XSS Emc Idrac9 Firmware
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XSS Emc Idrac9 Firmware
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper Check for Unusual or Exceptional Conditions in its auditing component.This can lead to an authenticated user with low-privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Emc Powerscale Onefs
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerscale Onefs
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Powerscale Onefs
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Networker
NVD
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Authentication Bypass Idrac9 Firmware
NVD
EPSS 1% CVSS 3.3
LOW PATCH Monitor

Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Dell Information Disclosure Wyse Management Suite
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Unity Operating Environment +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Unity Operating Environment +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Emc Unity Operating Environment +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Powerflex Presentation Server
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Dell BIOSConnect feature contains a buffer overflow vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow RCE Dell +129
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Dell BIOSConnect feature contains a buffer overflow vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow RCE Dell +129
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Dell BIOSConnect feature contains a buffer overflow vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Heap Overflow Dell +129
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Denial Of Service Alienware M15 R6 Firmware +127
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Dell RCE Denial Of Service +32
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Dell +12
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Dell +12
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow RCE +13
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Dell Information Disclosure Emc Networker
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Networker
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Dell Microsoft Authentication Bypass +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Dell Xtremio Management Server
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Emc Powerscale Onefs
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Emc Powerscale Onefs
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 - 2011, contain an undocumented default iDRAC account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Microsoft Authentication Bypass +1
NVD
EPSS 58% CVSS 7.8
HIGH POC KEV THREAT Act Now

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Dell Denial Of Service Information Disclosure +1
NVD Exploit-DB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Dell Information Disclosure Unity Operating Environment +2
NVD
EPSS 1% CVSS 2.7
LOW Monitor

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Idrac9 Firmware
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Idrac9 Firmware
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Idrac9 Firmware
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XSS Idrac9 Firmware
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Dell Stack Overflow +1
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Dell Information Disclosure Idrac9 Firmware
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Solutions Enabler +4
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Dell Command Injection Information Disclosure +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Information Disclosure X1008P Firmware +10
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Hybrid Client
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Hybrid Client
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Hybrid Client
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Hybrid Client
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Command Injection +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Privilege Escalation +1
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Dell Deserialization RCE +2
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Wyse Thinos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service System Update
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Code Injection Supportassist Client Promanage +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Code Injection Idrac8 Firmware
NVD
EPSS 5% CVSS 4.9
MEDIUM This Month

Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Path Traversal Openmanage Server Administrator
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dell Microsoft Authentication Bypass +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Emc Sourceone
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerprotect Cyber Recovery
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Emc Avamar Server +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Dell PowerScale OneFS versions 8.1.0 - 9.1.0 contain a "use of SSH key past account expiration" vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Emc Powerscale Onefs
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Dell Bsafe Micro Edition Suite +4
NVD
EPSS 1% CVSS 5.8
MEDIUM PATCH This Month

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Information Disclosure Bsafe Micro Edition Suite +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dell Idrac9 Firmware
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. Rated medium severity (CVSS 6.9). No vendor patch available.

Buffer Overflow RCE Dell +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Emc Networker
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Networker
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Dell Information Disclosure +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Xps 13 9370 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Elastic Cloud Storage
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Dell Inspiron 7352 Bios
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Dell +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Dell +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Dell +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Dell Emc Isilon +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Encryption +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

HP Lenovo Dell +15
NVD
Prev Page 12 of 15 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy