Skip to main content

Dell

1272 CVEs vendor

Monthly

CVE-2018-1246 MEDIUM This Month

Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Dell XSS Emc Unity Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-11071 HIGH This Week

Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Isilon Onefs Isilonsd Edge
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-11078 HIGH This Week

Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Dell Information Disclosure Emc Vplex Geosynchrony
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2018-15748 HIGH POC This Week

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell Information Disclosure Brute Force 2335Dn Engine Firmware 2335Dn Network Firmware +1
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-11063 HIGH This Week

Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Wyse Management Suite
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-11048 HIGH This Week

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XXE Denial Of Service Emc Data Protection Advisor Emc Integrated Data Protection Appliance
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2018-11050 HIGH This Week

Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Networker
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-11052 CRITICAL Act Now

Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Elastic Cloud Storage
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2018-1249 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Idrac9 Firmware
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-1244 HIGH This Week

Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Idrac7 Firmware Idrac8 Firmware Idrac9 Firmware
NVD
CVSS 3.0
8.8
EPSS
3.5%
CVE-2018-1243 HIGH This Week

Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Idrac6 Firmware Idrac7 Firmware Idrac8 Firmware +1
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-1212 HIGH This Week

The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Idrac6 Modular Idrac6 Monolithic
NVD
CVSS 3.0
8.8
EPSS
4.3%
CVE-2018-11053 MEDIUM PATCH This Month

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Dell Information Disclosure Emc Idrac Service Module
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2018-1242 MEDIUM This Month

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Recoverpoint Recoverpoint For Virtual Machines
NVD
CVSS 3.0
6.5
EPSS
2.8%
CVE-2018-1241 HIGH This Week

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Recoverpoint Recoverpoint For Virtual Machines
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-1235 CRITICAL POC THREAT Act Now

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dell Command Injection Recoverpoint Recoverpoint For Virtual Machines
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
43.3%
CVE-2018-10828 MEDIUM POC This Month

An issue was discovered in Alps Pointing-device Driver 10.1.101.207. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Dell Denial Of Service Pointing Device Driver
NVD GitHub Exploit-DB
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-1239 HIGH This Week

Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Emc Unity Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.0
7.2
EPSS
3.4%
CVE-2018-1183 CRITICAL Act Now

In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft XXE Dell Emc Smis +15
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-1240 HIGH This Week

Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Information Disclosure Vipr Controller
NVD
CVSS 3.0
8.0
EPSS
0.5%
CVE-2018-1217 CRITICAL POC THREAT Act Now

Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dell Emc Avamar Emc Integrated Data Protection Appliance
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
46.6%
CVE-2018-1238 HIGH This Week

Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Dell Command Injection Emc Scaleio
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-1237 CRITICAL Act Now

Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Emc Scaleio
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-1205 HIGH This Week

Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Buffer Overflow Emc Scaleio
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-1213 HIGH POC This Week

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dell Emc Isilon Onefs
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-1204 MEDIUM POC This Month

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Dell RCE Path Traversal Emc Isilon Onefs
NVD Exploit-DB
CVSS 3.0
6.7
EPSS
2.4%
CVE-2018-1203 MEDIUM POC This Month

In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Dell RCE Emc Isilon Onefs
NVD Exploit-DB
CVSS 3.0
6.7
EPSS
2.2%
CVE-2018-1202 MEDIUM POC This Month

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell XSS Emc Isilon
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
2.2%
CVE-2018-1201 MEDIUM POC This Month

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell XSS Emc Isilon
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
1.9%
CVE-2018-1189 MEDIUM POC THREAT This Month

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell XSS Emc Isilon
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
28.7%
CVE-2018-1188 MEDIUM POC This Month

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell XSS Emc Isilon
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
1.9%
CVE-2018-1187 MEDIUM POC This Month

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell XSS Emc Isilon
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
1.9%
CVE-2018-1186 MEDIUM POC This Month

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell XSS Emc Isilon
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
1.9%
CVE-2018-1211 HIGH This Week

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Path Traversal Emc Idrac7 Emc Idrac8
NVD
CVSS 3.0
7.5
EPSS
3.3%
CVE-2018-1207 CRITICAL POC THREAT Act Now

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Dell RCE Emc Idrac7 Emc Idrac8
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
90.8%
CVE-2018-1218 HIGH POC THREAT This Week

In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dell Denial Of Service Buffer Overflow Emc Networker
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
14.0%
CVE-2018-1206 HIGH This Week

Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Data Protection Advisor
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1216 CRITICAL Act Now

A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Emc Solutions Enabler Virtual Appliance Emc Unisphere For Vmax Virtual Appliance Emc Vasa Virtual Appliance +1
NVD
CVSS 3.0
9.8
EPSS
22.1%
CVE-2018-1215 HIGH This Week

An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Dell Emc Solutions Enabler Virtual Appliance Emc Unisphere For Vmax Virtual Appliance Emc Vasa Virtual Appliance +1
NVD
CVSS 3.0
8.8
EPSS
4.4%
CVE-2018-1214 HIGH This Week

Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Microsoft Dell Emc Supportassist Enterprise
NVD
CVSS 3.0
7.0
EPSS
0.8%
CVE-2017-14386 MEDIUM PATCH This Month

The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dell 2355Dn Firmware 2335Dn Firmware
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-14374 CRITICAL Act Now

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Microsoft Authentication Bypass Storage Manager
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2015-7268 MEDIUM This Month

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Lenovo Microsoft Samsung Dell Authentication Bypass +4
NVD
CVSS 3.0
4.2
EPSS
0.1%
CVE-2015-7267 MEDIUM This Month

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Dell Authentication Bypass Samsung Lenovo 850 Pro Firmware +3
NVD
CVSS 3.0
4.2
EPSS
0.1%
CVE-2017-10955 HIGH Act Now

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 33.5% and no vendor patch available.

Dell Command Injection RCE Data Protection Advisor
NVD
CVSS 3.1
8.8
EPSS
33.5%
CVE-2017-10949 HIGH Act Now

Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.0% and no vendor patch available.

Path Traversal Dell Information Disclosure Storage Manager 2016
NVD
CVSS 3.0
7.5
EPSS
18.0%
CVE-2017-6005 HIGH This Week

Waves MaxxAudio, as installed on Dell laptops, adds a "WavesSysSvc" Windows service with File Version 1.1.6.0. Rated high severity (CVSS 7.0). No vendor patch available.

Dell Microsoft RCE Maxxaudio
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2015-7275 MEDIUM This Month

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dell Integrated Remote Access Controller Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-7274 HIGH This Week

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Privilege Escalation Integrated Remote Access Controller Firmware
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2015-7273 CRITICAL Act Now

Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XXE Integrated Remote Access Controller Firmware
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2015-7272 CRITICAL Act Now

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Dell Denial Of Service Integrated Remote Access Controller Firmware
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2015-7271 CRITICAL Act Now

Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Integrated Remote Access Controller Firmware
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2015-7270 HIGH This Week

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Dell Integrated Remote Access Controller Firmware
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2016-5685 HIGH This Week

Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Dell Idrac7 Firmware Idrac8 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2016-4004 MEDIUM POC THREAT This Month

Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.2%.

Path Traversal Dell Openmanage Server Administrator
NVD Exploit-DB
CVSS 3.0
4.9
EPSS
12.2%
CVE-2016-2397 CRITICAL Act Now

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Command Injection Sonicwall Dell Uma Em5000 Firmware +2
NVD
CVSS 3.0
9.8
EPSS
5.0%
CVE-2016-2396 CRITICAL Act Now

The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sonicwall Dell Analyzer Global Management System +1
NVD
CVSS 3.0
9.9
EPSS
0.6%
CVE-2016-2268 MEDIUM PATCH This Month

Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Apple Information Disclosure Dell Secureworks
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2015-6856 HIGH POC This Week

Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dell Pre Boot Authentication Driver
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-7770 MEDIUM This Month

Dell SonicWall TotalSecure TZ 100 devices with firmware before 5.9.1.0-22o allow remote attackers to cause a denial of service via a crafted packet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sonicwall Denial Of Service Dell Sonicwall Totalsecure Tz 100 Firmware
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-4173 MEDIUM This Month

Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before. Rated medium severity (CVSS 6.9). No vendor patch available.

Sonicwall Information Disclosure Dell Microsoft Netextender
NVD
CVSS 2.0
6.9
EPSS
0.3%
CVE-2015-5696 MEDIUM POC THREAT This Month

Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.2%.

Denial Of Service Dell Netvault Backup
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
16.2%
CVE-2015-2890 MEDIUM This Month

The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Bios
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2015-4067 CRITICAL Act Now

Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.8% and no vendor patch available.

RCE Buffer Overflow Dell Netvault Backup
NVD
CVSS 2.0
10.0
EPSS
10.8%
CVE-2015-3990 CRITICAL Act Now

The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sonicwall Information Disclosure Dell Uma Em5000 Firmware Analyzer +1
NVD
CVSS 2.0
9.0
EPSS
0.6%
CVE-2015-2248 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Sonicwall CSRF Dell Remote Access Firmware
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
2.7%
CVE-2015-3447 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sonicwall Dell Sonicos
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-1605 HIGH This Week

Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dell Asset Manager
NVD
CVSS 2.0
7.5
EPSS
3.4%
CVE-2014-8272 MEDIUM POC THREAT This Month

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 59.6%.

Information Disclosure Dell Idrac6 Modular Idrac7 Ipmi +1
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
59.6%
Threat
4.3
CVE-2014-8420 CRITICAL POC THREAT Emergency

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.8%.

Sonicwall RCE Dell Analyzer Global Management System +1
NVD
CVSS 2.0
9.0
EPSS
73.8%
Threat
5.5
CVE-2013-3304 MEDIUM POC THREAT This Month

Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.6%.

Path Traversal Dell Equallogic Ps4000 Firmware
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
13.6%
CVE-2014-5036 LOW Monitor

The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure Dell Eucalyptus
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-5024 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sonicwall Dell Analyzer Global Management System +1
NVD
CVSS 2.0
4.3
EPSS
1.4%
CVE-2014-4977 MEDIUM POC THREAT This Month

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.5%.

Sonicwall PHP SQLi Dell Scrutinizer
NVD Exploit-DB GitHub
CVSS 2.0
6.5
EPSS
84.5%
Threat
5.3
CVE-2014-4976 MEDIUM POC This Month

Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sonicwall Privilege Escalation Dell Scrutinizer
NVD GitHub
CVSS 2.0
5.5
EPSS
3.1%
CVE-2014-2959 CRITICAL Act Now

logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Powervault Ml6000 Firmware Powervault Ml6000 Scalar I500 Firmware +1
NVD
CVSS 2.0
9.0
EPSS
1.5%
CVE-2014-2879 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.1%.

XSS Sonicwall Dell Email Security Appliance
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
15.1%
CVE-2013-0740 MEDIUM This Month

Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Dell Openmanage Server Administrator
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-0332 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Dell Sonicwall XSS Global Management System Analyzer
NVD
CVSS 2.0
4.3
EPSS
1.8%
CVE-2014-0330 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Dell XSS Kace K1000 Systems Management Appliance Software Kace K1000 Systems Management Appliance
NVD
CVSS 2.0
4.3
EPSS
1.4%
CVE-2014-1671 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Dell SQLi Kace K1000 Systems Management Appliance Software Kace K1000 Systems Management Virtual Appliance +3
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.3%
CVE-2013-3606 HIGH This Week

The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerconnect 3348 Powerconnect 3524P Powerconnect 5324
NVD
CVSS 2.0
7.8
EPSS
1.2%
CVE-2013-3595 MEDIUM This Month

The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerconnect 3348 Powerconnect 3524P Powerconnect 5324
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2013-3594 CRITICAL Act Now

The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service RCE Powerconnect 3348 Powerconnect 3524P +1
NVD
CVSS 2.0
10.0
EPSS
2.0%
CVE-2013-7025 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Dell Sonicwall XSS Analyzer Global Management System +1
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
3.1%
CVE-2013-6246 MEDIUM POC This Month

The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dell Quest One Password Manager
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
8.0%
CVE-2013-3589 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Dell XSS Idrac6 Firmware Idrac6 Monolithic Idrac7 Firmware +1
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2013-3582 HIGH POC This Week

Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Dell Latitude D530 Latitude D531 Latitude D630 +19
NVD
CVSS 2.0
7.6
EPSS
0.8%
CVE-2013-4785 CRITICAL Act Now

The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Idrac6 Firmware
NVD
CVSS 2.0
10.0
EPSS
2.0%
CVE-2013-4783 CRITICAL Act Now

The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Idrac6 Bmc
NVD
CVSS 2.0
10.0
EPSS
3.6%
EPSS 1% CVSS 6.1
MEDIUM This Month

Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Dell XSS +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Isilon Onefs +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Dell Information Disclosure Emc Vplex Geosynchrony
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell Information Disclosure Brute Force +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Wyse Management Suite
NVD
EPSS 2% CVSS 8.1
HIGH This Week

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XXE Denial Of Service +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Networker
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Elastic Cloud Storage
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Idrac9 Firmware
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Idrac7 Firmware +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Idrac6 Firmware +3
NVD
EPSS 4% CVSS 8.8
HIGH This Week

The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Idrac6 Modular +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Dell Information Disclosure Emc Idrac Service Module
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Recoverpoint +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Recoverpoint +1
NVD
EPSS 43% CVSS 9.8
CRITICAL POC THREAT Act Now

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dell Command Injection Recoverpoint +1
NVD Exploit-DB
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An issue was discovered in Alps Pointing-device Driver 10.1.101.207. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Dell Denial Of Service Pointing Device Driver
NVD GitHub Exploit-DB
EPSS 3% CVSS 7.2
HIGH This Week

Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Emc Unity Operating Environment +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft XXE +17
NVD
EPSS 1% CVSS 8.0
HIGH This Week

Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Information Disclosure +1
NVD
EPSS 47% CVSS 9.8
CRITICAL POC THREAT Act Now

Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dell Emc Avamar +1
NVD Exploit-DB
EPSS 2% CVSS 7.5
HIGH This Week

Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Dell Command Injection Emc Scaleio
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Emc Scaleio
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Buffer Overflow Emc Scaleio
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dell Emc Isilon Onefs
NVD Exploit-DB
EPSS 2% CVSS 6.7
MEDIUM POC This Month

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Dell RCE Path Traversal +1
NVD Exploit-DB
EPSS 2% CVSS 6.7
MEDIUM POC This Month

In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Dell RCE Emc Isilon Onefs
NVD Exploit-DB
EPSS 2% CVSS 4.8
MEDIUM POC This Month

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell XSS Emc Isilon
NVD Exploit-DB
EPSS 2% CVSS 4.8
MEDIUM POC This Month

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell XSS Emc Isilon
NVD Exploit-DB
EPSS 29% CVSS 4.8
MEDIUM POC THREAT This Month

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell XSS Emc Isilon
NVD Exploit-DB
EPSS 2% CVSS 4.8
MEDIUM POC This Month

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell XSS Emc Isilon
NVD Exploit-DB
EPSS 2% CVSS 4.8
MEDIUM POC This Month

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell XSS Emc Isilon
NVD Exploit-DB
EPSS 2% CVSS 4.8
MEDIUM POC This Month

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell XSS Emc Isilon
NVD Exploit-DB
EPSS 3% CVSS 7.5
HIGH This Week

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Path Traversal +2
NVD
EPSS 91% CVSS 9.8
CRITICAL POC THREAT Act Now

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Dell RCE +2
NVD Exploit-DB
EPSS 14% CVSS 7.5
HIGH POC THREAT This Week

In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dell Denial Of Service Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Data Protection Advisor
NVD
EPSS 22% CVSS 9.8
CRITICAL Act Now

A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Emc Solutions Enabler Virtual Appliance +3
NVD
EPSS 4% CVSS 8.8
HIGH This Week

An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Dell Emc Solutions Enabler Virtual Appliance +3
NVD
EPSS 1% CVSS 7.0
HIGH This Week

Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Microsoft Dell +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dell 2355Dn Firmware +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Microsoft Authentication Bypass +1
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Lenovo Microsoft Samsung +6
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Dell Authentication Bypass Samsung +5
NVD
EPSS 33% CVSS 8.8
HIGH Act Now

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 33.5% and no vendor patch available.

Dell Command Injection RCE +1
NVD
EPSS 18% CVSS 7.5
HIGH Act Now

Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.0% and no vendor patch available.

Path Traversal Dell Information Disclosure +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Waves MaxxAudio, as installed on Dell laptops, adds a "WavesSysSvc" Windows service with File Version 1.1.6.0. Rated high severity (CVSS 7.0). No vendor patch available.

Dell Microsoft RCE +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dell Integrated Remote Access Controller Firmware
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Privilege Escalation Integrated Remote Access Controller Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XXE Integrated Remote Access Controller Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Dell Denial Of Service +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Integrated Remote Access Controller Firmware
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Dell Integrated Remote Access Controller Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Dell Idrac7 Firmware +1
NVD
EPSS 12% CVSS 4.9
MEDIUM POC THREAT This Month

Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.2%.

Path Traversal Dell Openmanage Server Administrator
NVD Exploit-DB
EPSS 5% CVSS 9.8
CRITICAL Act Now

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Command Injection Sonicwall +4
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sonicwall Dell +3
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Apple Information Disclosure Dell +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dell Pre Boot Authentication Driver
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Dell SonicWall TotalSecure TZ 100 devices with firmware before 5.9.1.0-22o allow remote attackers to cause a denial of service via a crafted packet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sonicwall Denial Of Service Dell +1
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before. Rated medium severity (CVSS 6.9). No vendor patch available.

Sonicwall Information Disclosure Dell +2
NVD
EPSS 16% CVSS 5.0
MEDIUM POC THREAT This Month

Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.2%.

Denial Of Service Dell Netvault Backup
NVD Exploit-DB
EPSS 0% CVSS 6.0
MEDIUM This Month

The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Bios
NVD
EPSS 11% CVSS 10.0
CRITICAL Act Now

Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.8% and no vendor patch available.

RCE Buffer Overflow Dell +1
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sonicwall Information Disclosure Dell +3
NVD
EPSS 3% CVSS 6.8
MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Sonicwall CSRF Dell +1
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sonicwall Dell +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dell Asset Manager
NVD
EPSS 60% 4.3 CVSS 5.0
MEDIUM POC THREAT This Month

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 59.6%.

Information Disclosure Dell Idrac6 Modular +3
NVD Exploit-DB
EPSS 74% 5.5 CVSS 9.0
CRITICAL POC THREAT Emergency

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.8%.

Sonicwall RCE Dell +3
NVD
EPSS 14% CVSS 5.0
MEDIUM POC THREAT This Month

Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.6%.

Path Traversal Dell Equallogic Ps4000 Firmware
NVD Exploit-DB
EPSS 0% CVSS 1.9
LOW Monitor

The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure Dell Eucalyptus
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sonicwall Dell +3
NVD
EPSS 84% 5.3 CVSS 6.5
MEDIUM POC THREAT This Month

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.5%.

Sonicwall PHP SQLi +2
NVD Exploit-DB GitHub
EPSS 3% CVSS 5.5
MEDIUM POC This Month

Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sonicwall Privilege Escalation Dell +1
NVD GitHub
EPSS 1% CVSS 9.0
CRITICAL Act Now

logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Powervault Ml6000 Firmware +3
NVD
EPSS 15% CVSS 4.3
MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.1%.

XSS Sonicwall Dell +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Dell Openmanage Server Administrator
NVD VulDB
EPSS 2% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Dell Sonicwall XSS +2
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Dell XSS +2
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Dell SQLi +5
NVD Exploit-DB
EPSS 1% CVSS 7.8
HIGH This Week

The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerconnect 3348 +2
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerconnect 3348 +2
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service RCE +3
NVD
EPSS 3% CVSS 3.5
LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Dell Sonicwall XSS +3
NVD Exploit-DB
EPSS 8% CVSS 5.0
MEDIUM POC This Month

The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dell Quest One Password Manager
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Dell XSS Idrac6 Firmware +3
NVD
EPSS 1% CVSS 7.6
HIGH POC This Week

Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Dell Latitude D530 +21
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Idrac6 Firmware
NVD
EPSS 4% CVSS 10.0
CRITICAL Act Now

The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Idrac6 Bmc
NVD
Prev Page 14 of 15 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy