Skip to main content

Dell

1272 CVEs vendor

Monthly

CVE-2020-5377 CRITICAL POC THREAT Act Now

Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dell Path Traversal Emc Openmanage Server Administrator
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
48.3%
CVE-2020-5374 HIGH This Week

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Dell Information Disclosure Emc Omimssc For Sccm Emc Omimssc For Scvmm
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5373 HIGH This Week

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Microsoft Authentication Bypass Emc Omimssc For Sccm Emc Omimssc For Scvmm
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-5366 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Path Traversal Idrac9 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-5372 HIGH This Week

Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Emc Powerstore 1000 Firmware Emc Powerstore 3000 Firmware Emc Powerstore 5000 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-5371 HIGH This Week

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Emc Isilon Onefs Emc Powerscale Onefs
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-5368 HIGH This Week

Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Vxrail D560F Firmware Vxrail D560 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-5356 MEDIUM This Month

Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Powerprotect Data Manager Powerprotect X400 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-5352 HIGH This Week

Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Emc Data Protection Advisor
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-5367 HIGH This Week

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Emc Unisphere For Powermax Emc Unisphere For Powermax Virtual Appliance Powermax Os
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2020-5345 MEDIUM This Month

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Emc Unisphere For Powermax Emc Unisphere For Powermax Virtual Appliance Powermax Os
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5358 HIGH This Week

Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Encryption Endpoint Security Suite Enterprise
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-5363 MEDIUM This Month

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Latitude 5300 Firmware Latitude 5300 2 In 1 Firmware Latitude 5400 Firmware +15
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-5362 MEDIUM This Month

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Chengming 3967 Firmware Chengming 3977 Firmware Chengming 3980 Firmware +351
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-10755 PyPI MEDIUM PATCH This Month

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Openstack Cinder Ubuntu Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-5357 MEDIUM This Month

Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. Rated medium severity (CVSS 6.0). No vendor patch available.

Dell Information Disclosure Dock Wd15 Firmware Dock Wd19 Firmware Thunderbolt Dock Tb16 Firmware +1
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2020-5365 HIGH This Week

Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Isilon Onefs
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5364 HIGH This Week

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Isilon Onefs
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5343 HIGH PATCH This Week

Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Dell Os Recovery Image For Microsoft Windows 10
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-5350 HIGH This Week

Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Emc Integrated Data Protection Appliance
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2020-5330 HIGH POC THREAT This Week

Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dell Information Disclosure R1 2210 Firmware R1 2401 Firmware Pc5500 Firmware +2
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
12.9%
CVE-2020-5348 HIGH This Week

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Dell RCE Latitude 7202 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5347 HIGH This Week

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Emc Isilon Onefs
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5344 CRITICAL Act Now

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Dell Idrac7 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-5342 HIGH PATCH This Week

Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Dell Digital Delivery
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5328 CRITICAL Act Now

Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Emc Isilon Onefs
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-5327 CRITICAL PATCH Act Now

Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Microsoft Deserialization Dell RCE +1
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-5326 MEDIUM This Month

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Intel Authentication Bypass Chengming 3980 Firmware G3 3579 Firmware +172
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2020-5324 MEDIUM This Month

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. Rated medium severity (CVSS 4.4). No vendor patch available.

Dell Information Disclosure G3 3579 Firmware G3 3779 Firmware G3 15 3590 Firmware +110
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-5319 HIGH This Week

Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Emc Unity Operating Environment Emc Unity Xt Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-5318 HIGH This Week

Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Emc Isilon Onefs
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5317 MEDIUM This Month

Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dell Emc Elastic Cloud Storage
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-18579 MEDIUM PATCH This Month

Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Dell Information Disclosure Xps 7390 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2019-18575 HIGH This Week

Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Command Configure
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2019-3750 MEDIUM This Month

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Command Update
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-3749 MEDIUM This Month

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Command Update
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-18580 CRITICAL Act Now

Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Dell RCE Deserialization Emc Storage Monitoring And Reporting
NVD
CVSS 3.1
10.0
EPSS
4.9%
CVE-2019-3764 MEDIUM This Month

Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Idrac7 Firmware Idrac8 Firmware Idrac9 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-3767 HIGH This Week

Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Imageassist
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2019-3765 HIGH This Week

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Avamar Server Emc Integrated Data Protection Appliance
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2019-3745 HIGH This Week

The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Encryption Endpoint Security Suite Enterprise
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2019-3766 CRITICAL Act Now

Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Elastic Cloud Storage
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-3747 MEDIUM This Month

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dell Emc Integrated Data Protection Appliance Firmware
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2019-3746 HIGH This Week

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Integrated Data Protection Appliance Firmware
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2019-3736 HIGH This Week

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Integrated Data Protection Appliance Firmware
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2019-3726 MEDIUM This Month

An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used. Rated medium severity (CVSS 6.7). No vendor patch available.

Dell RCE Update Package Framework
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-3754 MEDIUM This Month

Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Dell Emc Unity Operating Environment Emc Unityvsa Operating Environment +1
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-3751 HIGH This Week

Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Emc Enterprise Copy Data Management
NVD
CVSS 3.0
7.4
EPSS
0.7%
CVE-2019-3753 MEDIUM This Month

Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerconnect 8024 Firmware Emc Powerconnect 7000 Firmware Emc Powerconnect M6348 Firmware +3
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-15084 HIGH POC This Week

Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dell Waves Maxx Audio
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-3744 HIGH This Week

Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Microsoft Dell Digital Delivery
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-3742 HIGH This Week

Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Deserialization Digital Delivery
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-3717 MEDIUM This Month

Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Chengming 3967 Firmware Chengming 3977 Firmware Chengming 3980 Firmware +238
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2019-3741 HIGH This Week

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Unity Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-3734 MEDIUM This Month

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an improper authorization vulnerability in NAS Server quotas configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Unity Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2019-3735 HIGH This Week

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Supportassist For Home Pcs Supportassist For Business Pcs
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-3737 HIGH This Week

Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Dell Avamar Data Migration Enabler Web Interface
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-3723 CRITICAL Act Now

Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Openmanage Server Administrator
NVD
CVSS 3.0
9.1
EPSS
1.8%
CVE-2019-3722 HIGH This Week

Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Dell Emc Openmanage Server Administrator
NVD
CVSS 3.0
7.5
EPSS
3.8%
CVE-2019-3727 MEDIUM This Month

Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Emc Recoverpoint Recoverpoint For Virtual Machines
NVD
CVSS 3.0
6.7
EPSS
0.7%
CVE-2019-3707 CRITICAL Act Now

Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Idrac9 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2019-3706 CRITICAL Act Now

Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Idrac9 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2019-3705 CRITICAL Act Now

Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Dell RCE Idrac6 Firmware Idrac7 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2019-3721 HIGH This Week

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Emc Openmanage Server Administrator
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-3720 MEDIUM This Month

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Dell Emc Openmanage Server Administrator
NVD
CVSS 3.1
4.9
EPSS
3.5%
CVE-2019-3719 HIGH PATCH This Week

Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity.

Dell RCE Supportassist
NVD
CVSS 3.1
8.0
EPSS
16.1%
CVE-2019-3718 HIGH This Week

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell CSRF Supportassist
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-3710 HIGH This Week

Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Dell Emc Networking Os10
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2019-3712 HIGH PATCH This Week

Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Dell RCE Windows Embedded Standard Wyse Device Agent Wyse Thinlinux Hagent
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2019-3704 HIGH This Week

VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Emc Vnx2 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-15776 MEDIUM This Month

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Idrac7 Firmware Idrac8 Firmware
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-15774 HIGH This Week

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Dell Idrac7 Firmware Idrac8 Firmware +1
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-15773 MEDIUM PATCH This Month

Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Dell Information Disclosure Data Protection Encryption
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2018-15768 MEDIUM POC This Month

Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell Information Disclosure Openmanage Network Manager
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
9.1%
CVE-2018-15767 HIGH POC THREAT This Week

The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dell Openmanage Network Manager
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
12.3%
CVE-2018-11077 MEDIUM PATCH This Month

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Dell Command Injection Emc Avamar Emc Integrated Data Protection Appliance Vsphere Data Protection
NVD
CVSS 3.0
6.7
EPSS
1.0%
CVE-2018-11076 MEDIUM PATCH This Month

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Java Dell Information Disclosure Emc Avamar Emc Integrated Data Protection Appliance +1
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-11067 MEDIUM PATCH This Month

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Dell Open Redirect Emc Avamar Emc Integrated Data Protection Appliance Vsphere Data Protection
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-11066 CRITICAL PATCH Act Now

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell RCE Emc Avamar Emc Integrated Data Protection Appliance Vsphere Data Protection
NVD
CVSS 3.0
9.8
EPSS
9.9%
CVE-2018-15772 HIGH This Week

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Emc Recoverpoint Emc Recoverpoint For Virtual Machines
NVD
CVSS 3.0
7.1
EPSS
0.4%
CVE-2018-15771 MEDIUM This Month

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Recoverpoint Recoverpoint For Virtual Machines
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-15765 MEDIUM This Month

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Secure Remote Services
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-11080 HIGH This Week

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Secure Remote Services
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-11079 HIGH This Week

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Secure Remote Services
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-15766 HIGH This Week

On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Brute Force Encryption Endpoint Security Suite Enterprise
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2018-11064 HIGH This Week

Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Emc Unity Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-11072 HIGH This Week

Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Dell Digital Delivery
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-15764 CRITICAL Act Now

Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell RCE Esrs Policy Manager
NVD
CVSS 3.0
9.8
EPSS
5.3%
CVE-2018-1251 HIGH This Week

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Open Redirect Emc Unity Firmware Emc Unityvsa
NVD
CVSS 3.0
8.1
EPSS
2.5%
CVE-2018-1250 MEDIUM This Month

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Emc Unity Firmware Emc Unityvsa
NVD
CVSS 3.0
6.5
EPSS
1.6%
EPSS 48% CVSS 9.1
CRITICAL POC THREAT Act Now

Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dell Path Traversal Emc Openmanage Server Administrator
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Dell Information Disclosure +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Microsoft Authentication Bypass +2
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Path Traversal Idrac9 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Emc Powerstore 1000 Firmware +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Emc Isilon Onefs +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Vxrail D560F Firmware +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Powerprotect Data Manager +1
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Emc Data Protection Advisor
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Emc Unisphere For Powermax +2
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Emc Unisphere For Powermax +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Encryption +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Latitude 5300 Firmware +17
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Chengming 3967 Firmware +353
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Openstack Cinder +1
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. Rated medium severity (CVSS 6.0). No vendor patch available.

Dell Information Disclosure Dock Wd15 Firmware +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Isilon Onefs
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Isilon Onefs
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Dell Os Recovery Image For Microsoft Windows 10
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Emc Integrated Data Protection Appliance
NVD
EPSS 13% CVSS 7.5
HIGH POC THREAT This Week

Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dell Information Disclosure R1 2210 Firmware +4
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Dell +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Emc Isilon Onefs
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Dell Digital Delivery
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Emc Isilon Onefs
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Microsoft Deserialization +3
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Intel Authentication Bypass +174
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. Rated medium severity (CVSS 4.4). No vendor patch available.

Dell Information Disclosure G3 3579 Firmware +112
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Emc Unity Operating Environment +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Emc Isilon Onefs
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dell Emc Elastic Cloud Storage
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Dell Information Disclosure Xps 7390 Firmware
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Command Configure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Command Update
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Command Update
NVD
EPSS 5% CVSS 10.0
CRITICAL Act Now

Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Dell RCE +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Idrac7 Firmware +2
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Imageassist
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Avamar Server +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Encryption +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Elastic Cloud Storage
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dell Emc Integrated Data Protection Appliance Firmware
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Integrated Data Protection Appliance Firmware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Integrated Data Protection Appliance Firmware
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used. Rated medium severity (CVSS 6.7). No vendor patch available.

Dell RCE Update Package Framework
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Dell +3
NVD
EPSS 1% CVSS 7.4
HIGH This Week

Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Emc Enterprise Copy Data Management
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerconnect 8024 Firmware +5
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dell Waves Maxx Audio
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Microsoft +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Deserialization +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Chengming 3967 Firmware +240
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Unity Operating Environment +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an improper authorization vulnerability in NAS Server quotas configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Unity Operating Environment +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Supportassist For Home Pcs +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Dell Avamar Data Migration Enabler Web Interface
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Openmanage Server Administrator
NVD
EPSS 4% CVSS 7.5
HIGH This Week

Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Dell Emc Openmanage Server Administrator
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Emc Recoverpoint +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Idrac9 Firmware
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Idrac9 Firmware
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Dell RCE +4
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Emc Openmanage Server Administrator
NVD
EPSS 4% CVSS 4.9
MEDIUM This Month

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Dell +1
NVD
EPSS 16% CVSS 8.0
HIGH PATCH This Week

Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity.

Dell RCE Supportassist
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell CSRF Supportassist
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Dell Emc Networking Os10
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Dell RCE +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Emc Vnx2 Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Idrac7 Firmware +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Dell +3
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Dell Information Disclosure Data Protection Encryption
NVD
EPSS 9% CVSS 6.5
MEDIUM POC This Month

Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell Information Disclosure Openmanage Network Manager
NVD Exploit-DB
EPSS 12% CVSS 8.8
HIGH POC THREAT This Week

The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dell Openmanage Network Manager
NVD Exploit-DB
EPSS 1% CVSS 6.7
MEDIUM PATCH This Month

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Dell Command Injection Emc Avamar +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Java Dell Information Disclosure +3
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Dell Open Redirect Emc Avamar +2
NVD
EPSS 10% CVSS 9.8
CRITICAL PATCH Act Now

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell RCE Emc Avamar +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Emc Recoverpoint +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Recoverpoint +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Secure Remote Services
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Secure Remote Services
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Secure Remote Services
NVD
EPSS 1% CVSS 7.5
HIGH This Week

On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Brute Force +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Emc Unity Operating Environment +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Dell Digital Delivery
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell RCE Esrs Policy Manager
NVD
EPSS 2% CVSS 8.1
HIGH This Week

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Open Redirect Emc Unity Firmware +1
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Emc Unity Firmware +1
NVD
Prev Page 13 of 15 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy