Skip to main content

Dell

1272 CVEs vendor

Monthly

CVE-2025-36595 HIGH PATCH This Week

A remote code execution vulnerability (CVSS 7.2). High severity vulnerability requiring prompt remediation.

RCE Dell Solutions Enabler Virtual Appliance Unisphere For Powermax Virtual Appliance
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-32753 MEDIUM This Month

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, information disclosure, and information tampering.

SQLi Information Disclosure Denial Of Service Dell Powerscale Onefs
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-53298 CRITICAL Act Now

CVE-2024-53298 is a critical missing authorization vulnerability in Dell PowerScale OneFS NFS export functionality that allows unauthenticated remote attackers to gain unauthorized filesystem access without authentication. Affected versions range from 9.5.0.0 through 9.10.0.1, and successful exploitation enables arbitrary file read, modification, and deletion, leading to complete system compromise. With a CVSS score of 9.8 and network-based attack vector requiring no privileges or user interaction, this vulnerability poses severe risk to unpatched Dell PowerScale deployments; KEV status and active exploitation details require vendor advisory verification.

Authentication Bypass Dell Powerscale Onefs
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-50164 HIGH PATCH This Week

Kernel memory corruption vulnerability in the Linux kernel's iwlwifi driver (Intel WiFi module) that allows a local privileged attacker to cause a denial of service or potentially execute arbitrary code. The vulnerability stems from improper list management in the iwl_mvm_mac_wake_tx_queue function, where disabled station queues are not properly cleaned up, leading to list_add corruption when new elements are added. Affected users are those running Linux kernel versions containing the vulnerable iwlwifi mvm driver on systems with Intel WiFi adapters; the vulnerability requires local access and low privileges to exploit.

Linux Information Disclosure Dell Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-50054 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix NULL pointer dereference in iavf_get_link_ksettings Fix possible NULL pointer dereference, due to freeing of adapter->vf_res in iavf_init_get_resources. Previous commit introduced a regression, where receiving IAVF_ERR_ADMIN_QUEUE_NO_WORK from iavf_get_vf_config would free adapter->vf_res. However, netdev is still registered, so ethtool_ops can be called. Calling iavf_get_link_ksettings with no vf_res, will result with: [ 9385.242676] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 9385.242683] #PF: supervisor read access in kernel mode [ 9385.242686] #PF: error_code(0x0000) - not-present page [ 9385.242690] PGD 0 P4D 0 [ 9385.242696] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI [ 9385.242701] CPU: 6 PID: 3217 Comm: pmdalinux Kdump: loaded Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1 [ 9385.242708] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.11.0 11/02/2019 [ 9385.242710] RIP: 0010:iavf_get_link_ksettings+0x29/0xd0 [iavf] [ 9385.242745] Code: 00 0f 1f 44 00 00 b8 01 ef ff ff 48 c7 46 30 00 00 00 00 48 c7 46 38 00 00 00 00 c6 46 0b 00 66 89 46 08 48 8b 87 68 0e 00 00 <f6> 40 08 80 75 50 8b 87 5c 0e 00 00 83 f8 08 74 7a 76 1d 83 f8 20 [ 9385.242749] RSP: 0018:ffffc0560ec7fbd0 EFLAGS: 00010246 [ 9385.242755] RAX: 0000000000000000 RBX: ffffc0560ec7fc08 RCX: 0000000000000000 [ 9385.242759] RDX: ffffffffc0ad4550 RSI: ffffc0560ec7fc08 RDI: ffffa0fc66674000 [ 9385.242762] RBP: 00007ffd1fb2bf50 R08: b6a2d54b892363ee R09: ffffa101dc14fb00 [ 9385.242765] R10: 0000000000000000 R11: 0000000000000004 R12: ffffa0fc66674000 [ 9385.242768] R13: 0000000000000000 R14: ffffa0fc66674000 R15: 00000000ffffffa1 [ 9385.242771] FS: 00007f93711a2980(0000) GS:ffffa0fad72c0000(0000) knlGS:0000000000000000 [ 9385.242775] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9385.242778] CR2: 0000000000000008 CR3: 0000000a8e61c003 CR4: 00000000003706e0 [ 9385.242781] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 9385.242784] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 9385.242787] Call Trace: [ 9385.242791] <TASK> [ 9385.242793] ethtool_get_settings+0x71/0x1a0 [ 9385.242814] __dev_ethtool+0x426/0x2f40 [ 9385.242823] ? slab_post_alloc_hook+0x4f/0x280 [ 9385.242836] ? kmem_cache_alloc_trace+0x15d/0x2f0 [ 9385.242841] ? dev_ethtool+0x59/0x170 [ 9385.242848] dev_ethtool+0xa7/0x170 [ 9385.242856] dev_ioctl+0xc3/0x520 [ 9385.242866] sock_do_ioctl+0xa0/0xe0 [ 9385.242877] sock_ioctl+0x22f/0x320 [ 9385.242885] __x64_sys_ioctl+0x84/0xc0 [ 9385.242896] do_syscall_64+0x3a/0x80 [ 9385.242904] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 9385.242918] RIP: 0033:0x7f93702396db [ 9385.242923] Code: 73 01 c3 48 8b 0d ad 57 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 7d 57 38 00 f7 d8 64 89 01 48 [ 9385.242927] RSP: 002b:00007ffd1fb2bf18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 9385.242932] RAX: ffffffffffffffda RBX: 000055671b1d2fe0 RCX: 00007f93702396db [ 9385.242935] RDX: 00007ffd1fb2bf20 RSI: 0000000000008946 RDI: 0000000000000007 [ 9385.242937] RBP: 00007ffd1fb2bf20 R08: 0000000000000003 R09: 0030763066307330 [ 9385.242940] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd1fb2bf80 [ 9385.242942] R13: 0000000000000007 R14: 0000556719f6de90 R15: 00007ffd1fb2c1b0 [ 9385.242948] </TASK> [ 9385.242949] Modules linked in: iavf(E) xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nft_compat nf_nat_tftp nft_objref nf_conntrack_tftp bridge stp llc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables rfkill nfnetlink vfat fat irdma ib_uverbs ib_core intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretem ---truncated---

Null Pointer Dereference Linux Denial Of Service Dell Ubuntu +4
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50053 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling Do not call iavf_close in iavf_reset_task error handling. Doing so can lead to double call of napi_disable, which can lead to deadlock there. Removing VF would lead to iavf_remove task being stuck, because it requires crit_lock, which is held by iavf_close. Call iavf_disable_vf if reset fail, so that driver will clean up remaining invalid resources. During rapid VF resets, HW can fail to setup VF mailbox. Wrong error handling can lead to iavf_remove being stuck with: [ 5218.999087] iavf 0000:82:01.0: Failed to init adminq: -53 ... [ 5267.189211] INFO: task repro.sh:11219 blocked for more than 30 seconds. [ 5267.189520] Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1 [ 5267.189764] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 5267.190062] task:repro.sh state:D stack: 0 pid:11219 ppid: 8162 flags:0x00000000 [ 5267.190347] Call Trace: [ 5267.190647] <TASK> [ 5267.190927] __schedule+0x460/0x9f0 [ 5267.191264] schedule+0x44/0xb0 [ 5267.191563] schedule_preempt_disabled+0x14/0x20 [ 5267.191890] __mutex_lock.isra.12+0x6e3/0xac0 [ 5267.192237] ? iavf_remove+0xf9/0x6c0 [iavf] [ 5267.192565] iavf_remove+0x12a/0x6c0 [iavf] [ 5267.192911] ? _raw_spin_unlock_irqrestore+0x1e/0x40 [ 5267.193285] pci_device_remove+0x36/0xb0 [ 5267.193619] device_release_driver_internal+0xc1/0x150 [ 5267.193974] pci_stop_bus_device+0x69/0x90 [ 5267.194361] pci_stop_and_remove_bus_device+0xe/0x20 [ 5267.194735] pci_iov_remove_virtfn+0xba/0x120 [ 5267.195130] sriov_disable+0x2f/0xe0 [ 5267.195506] ice_free_vfs+0x7d/0x2f0 [ice] [ 5267.196056] ? pci_get_device+0x4f/0x70 [ 5267.196496] ice_sriov_configure+0x78/0x1a0 [ice] [ 5267.196995] sriov_numvfs_store+0xfe/0x140 [ 5267.197466] kernfs_fop_write_iter+0x12e/0x1c0 [ 5267.197918] new_sync_write+0x10c/0x190 [ 5267.198404] vfs_write+0x24e/0x2d0 [ 5267.198886] ksys_write+0x5c/0xd0 [ 5267.199367] do_syscall_64+0x3a/0x80 [ 5267.199827] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 5267.200317] RIP: 0033:0x7f5b381205c8 [ 5267.200814] RSP: 002b:00007fff8c7e8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 5267.201981] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5b381205c8 [ 5267.202620] RDX: 0000000000000002 RSI: 00005569420ee900 RDI: 0000000000000001 [ 5267.203426] RBP: 00005569420ee900 R08: 000000000000000a R09: 00007f5b38180820 [ 5267.204327] R10: 000000000000000a R11: 0000000000000246 R12: 00007f5b383c06e0 [ 5267.205193] R13: 0000000000000002 R14: 00007f5b383bb880 R15: 0000000000000002 [ 5267.206041] </TASK> [ 5267.206970] Kernel panic - not syncing: hung_task: blocked tasks [ 5267.207809] CPU: 48 PID: 551 Comm: khungtaskd Kdump: loaded Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1 [ 5267.208726] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.11.0 11/02/2019 [ 5267.209623] Call Trace: [ 5267.210569] <TASK> [ 5267.211480] dump_stack_lvl+0x33/0x42 [ 5267.212472] panic+0x107/0x294 [ 5267.213467] watchdog.cold.8+0xc/0xbb [ 5267.214413] ? proc_dohung_task_timeout_secs+0x30/0x30 [ 5267.215511] kthread+0xf4/0x120 [ 5267.216459] ? kthread_complete_and_exit+0x20/0x20 [ 5267.217505] ret_from_fork+0x22/0x30 [ 5267.218459] </TASK>

Linux Information Disclosure Dell Ubuntu Debian +3
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38077 HIGH PATCH This Week

A buffer overflow vulnerability exists in the Linux kernel's Dell WMI System Management (dell-wmi-sysman) driver in the current_password_store() function, where an empty string input causes an out-of-bounds array access via index underflow (length - 1 when length equals zero). A local, low-privilege attacker can exploit this to achieve read/write memory corruption, potentially leading to privilege escalation or denial of service. This vulnerability is not currently listed in CISA KEV catalog and requires local access with unprivileged user privileges.

Buffer Overflow Linux Dell Debian Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-25215 HIGH PATCH This Week

A security vulnerability in the cv_close functionality of Dell ControlVault3 (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Dell Memory Corruption Use After Free
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-24919 HIGH PATCH This Week

Critical deserialization vulnerability in Dell ControlVault3 that allows unauthenticated local attackers to achieve arbitrary code execution by sending specially crafted responses to the cvhDecapsulateCmd functionality. The vulnerability affects ControlVault3 prior to version 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. An attacker who can compromise ControlVault firmware or intercept responses can trigger remote code execution with system-level privileges, making this a high-impact vulnerability despite the moderate attack complexity requirement.

Deserialization RCE Dell
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-25050 HIGH PATCH This Week

CVE-2025-25050 is an out-of-bounds write vulnerability in Dell ControlVault3 and ControlVault 3 Plus that allows a local, authenticated attacker to trigger memory corruption through a specially crafted API call to the cv_upgrade_sensor_firmware function. An attacker with local access and low privileges can achieve high-impact compromise including complete confidentiality, integrity, and availability violations. The vulnerability affects all versions prior to ControlVault3 5.15.10.14 and ControlVault 3 Plus 6.2.26.36; exploitation requires local access and valid user credentials but no user interaction.

Buffer Overflow Dell
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-24922 HIGH PATCH This Week

Stack-based buffer overflow vulnerability in Dell ControlVault3's securebio_identify functionality that allows local attackers with low privileges to execute arbitrary code with high impact across the system. The vulnerability affects ControlVault3 versions prior to 5.15.10.14 and ControlVault3 Plus versions prior to 6.2.26.36, and can be triggered via a specially crafted API call with a malicious cv_object parameter.

Buffer Overflow RCE Dell
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-24311 HIGH PATCH This Week

A information disclosure vulnerability in the cv_send_blockdata functionality of Dell ControlVault3 (CVSS 8.4). High severity vulnerability requiring prompt remediation.

Buffer Overflow Information Disclosure Dell
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-27689 HIGH PATCH This Week

Dell iDRAC Tools versions prior to 11.3.0.0 contain an improper access control vulnerability (CWE-284) that allows low-privileged local attackers to escalate privileges without user interaction. The CVSS 7.8 score reflects high confidentiality, integrity, and availability impact. While no CVE-2025-27689 entry exists in public KEV catalogs or active exploitation databases at this time, the local attack vector with low complexity and low privilege requirements indicates this is a practical privilege escalation risk for organizations running vulnerable iDRAC Tool versions on multi-user systems.

Dell Privilege Escalation Idrac Tools
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-36573 HIGH PATCH This Week

Dell Smart Dock Firmware versions prior to 01.00.08.01 contain an insertion of sensitive information into log file vulnerability (CWE-532) that allows local attackers without privileges to read confidential data through log file access. This is a moderate-to-high severity information disclosure issue (CVSS 7.1) affecting physical/local access scenarios; while not remotely exploitable, the lack of privilege requirements and cross-system scope impact make this a meaningful risk for shared device environments.

Information Disclosure Dell Pro Smart Dock Sd25 Firmware Pro Thunderbolt 4 Smart Dock Sd25tb4 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-36580 MEDIUM PATCH This Month

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection

XSS Dell Wyse Management Suite
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-36578 MEDIUM PATCH This Month

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Authentication Bypass Dell Wyse Management Suite
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-36577 MEDIUM PATCH This Month

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

XSS Dell Wyse Management Suite
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-36576 LOW PATCH Monitor

Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.

CSRF SSRF Dell
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-36575 HIGH PATCH This Week

A information disclosure vulnerability in an Exposure of Sensitive Information (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Information Disclosure Dell Wyse Management Suite
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-36574 HIGH PATCH This Week

Dell Wyse Management Suite versions prior to 5.2 contain an Absolute Path Traversal vulnerability (CWE-36) that allows unauthenticated remote attackers to read arbitrary files and gain unauthorized access without user interaction. The CVSS 8.2 score reflects high confidentiality impact and low integrity impact, with network-based attack vector requiring no privileges or interaction. No KEV/CISA active exploitation data, EPSS score, or public POC is currently confirmed in available intelligence, but the unauthenticated remote nature and path traversal primitive warrant immediate patching.

Authentication Bypass Information Disclosure Path Traversal Dell Wyse Management Suite
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2025-36564 HIGH PATCH This Week

Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability (CWE-61) that allows a local user with limited privileges to escalate their permissions to higher levels without user interaction. The vulnerability has a CVSS score of 7.8 (High) with local attack vector and low attack complexity, indicating straightforward exploitation by unprivileged local users. No active exploitation in the wild has been confirmed at this time, but the local privilege escalation nature and availability of detailed CVE information presents a meaningful post-patch exploitation risk.

Privilege Escalation Dell Encryption
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32752 MEDIUM This Month

Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Thinos
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2025-36572 MEDIUM This Month

Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Powerstoreos
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-30476 MEDIUM This Month

Dell PowerScale InsightIQ, version 5.2, contains an uncontrolled resource consumption vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Insightiq
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-30475 HIGH This Month

Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an improper privilege management vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Privilege Escalation Insightiq
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-26481 HIGH This Month

Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumption vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-27695 MEDIUM This Month

Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Authentication Bypass Wyse Management Suite
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-30102 MEDIUM This Month

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-30101 MEDIUM This Month

Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check time-of-use (TOCTOU) race condition vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-22476 MEDIUM This Month

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Storage Manager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-23379 LOW Monitor

Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell XSS Storage Manager
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-22479 LOW Monitor

Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Path Traversal Storage Manager
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-22478 HIGH This Week

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Dell Information Disclosure Storage Manager
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-22477 HIGH This Week

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Storage Manager
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2023-53134 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Avoid order-5 memory allocation for TPA data The driver needs to keep track of all the possible concurrent TPA (GRO/LRO). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Dell Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-53112 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/i915/sseu: fix max_subslices array-index-out-of-bounds access It seems that commit bc3c5e0809ae ("drm/i915/sseu: Don't try to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Dell Information Disclosure Linux Ubuntu Buffer Overflow +3
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-53056 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Synchronize the IOCB count to be in order A system hang was observed with the following call trace: BUG: kernel NULL. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Dell Null Pointer Dereference Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-49869 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() During the error recovery sequence, the rtnl_lock is not held for the entire. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Dell Null Pointer Dereference Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-23377 MEDIUM This Month

Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Dell Code Injection Powerprotect Data Manager
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-23376 LOW Monitor

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Ssti Powerprotect Data Manager
NVD
CVSS 3.1
2.3
EPSS
0.1%
CVE-2025-23375 HIGH This Week

Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Powerprotect Data Manager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26478 LOW Monitor

Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.

Dell Information Disclosure Elastic Cloud Storage Objectscale
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-26477 MEDIUM This Month

Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell RCE Elastic Cloud Storage Objectscale
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2025-43704 MEDIUM This Month

Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-30100 MEDIUM This Month

Dell Alienware Command Center 6.x, versions prior to 6.7.37.0 contain an Improper Access Control Vulnerability. Rated medium severity (CVSS 6.7). No vendor patch available.

Dell Authentication Bypass Alienware Command Center
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-29984 MEDIUM This Month

Dell Trusted Device, versions prior to 7.0.3.0, contain an Incorrect Default Permissions vulnerability. Rated medium severity (CVSS 6.7). No vendor patch available.

Dell Authentication Bypass Trusted Device Agent
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-29983 MEDIUM This Month

Dell Trusted Device, versions prior to 7.0.3.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. Rated medium severity (CVSS 6.7). No vendor patch available.

Dell Information Disclosure Trusted Device Agent
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-26335 MEDIUM This Month

Dell PowerProtect Cyber Recovery, versions prior to 19.18.0.2, contains an Insertion of Sensitive Information Into Sent Data vulnerability. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Dell Information Disclosure Powerprotect Cyber Recovery
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2025-27690 CRITICAL Act Now

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Powerscale Onefs
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-26480 MEDIUM This Month

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumption vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-26479 LOW Monitor

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Buffer Overflow Dell Powerscale Onefs
NVD
CVSS 3.1
3.1
EPSS
0.2%
CVE-2025-26330 HIGH This Week

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Dell Authentication Bypass Powerscale Onefs
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-23378 LOW Monitor

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Powerscale Onefs
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-22471 MEDIUM This Month

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-29989 LOW Monitor

Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability. Rated low severity (CVSS 3.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Precision 5820 Tower Firmware Precision 7820 Tower Firmware Precision 7920 Tower Firmware +1
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2025-29988 MEDIUM This Month

Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow RCE Stack Overflow Latitude 3140 2In1 Firmware +260
NVD
CVSS 3.1
6.9
EPSS
0.1%
CVE-2025-29986 HIGH This Week

Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Common Anti-Virus Agent (CAVA). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Common Event Enabler
NVD
CVSS 3.1
8.3
EPSS
0.5%
CVE-2025-29985 MEDIUM This Month

Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent (CAVA). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Common Event Enabler
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-27686 LOW Monitor

Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Code Injection LDAP Unisphere For Powermax
NVD
CVSS 3.1
2.7
EPSS
0.3%
CVE-2025-29987 HIGH This Week

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Powerprotect Data Domain Data Domain Operating System Powerprotect Dm5500 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-29982 MEDIUM This Month

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Wyse Management Suite
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-29981 HIGH This Week

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Wyse Management Suite
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-27694 MEDIUM This Month

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Wyse Management Suite
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-27693 MEDIUM This Month

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Wyse Management Suite
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-27692 MEDIUM This Month

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Denial Of Service File Upload Wyse Management Suite
NVD
CVSS 3.1
4.7
EPSS
1.7%
CVE-2025-24386 HIGH This Month

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-24385 HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-24381 HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site ('Open Redirect') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Dell Unity Operating Environment
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-24380 HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-24379 HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-24378 HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-24377 HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-23383 HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49601 HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.3
EPSS
4.3%
CVE-2025-24383 CRITICAL Act Now

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.8% and no vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
9.1
EPSS
11.8%
CVE-2025-24382 HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.3
EPSS
3.0%
CVE-2025-22398 CRITICAL Act Now

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-49565 HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49564 HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49563 HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-49753 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: dmaengine: Fix double increment of client_count in dma_chan_get() The first time dma_chan_get() is called for a channel the channel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Dell Linux Authentication Bypass +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-26336 HIGH This Week

Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Buffer Overflow Stack Overflow Chassis Management Controller For Poweredge Fx2 Firmware Chassis Management Controller For Poweredge Vrtx Firmware
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-26475 MEDIUM PATCH This Month

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Dell Authentication Bypass Secure Connect Gateway
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-23382 MEDIUM This Month

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

Dell Information Disclosure Secure Connect Gateway
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-27688 HIGH This Week

Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Thinos
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22473 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22472 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-49561 HIGH PATCH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Incorrect Privilege Assignment vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Information Disclosure Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-49559 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Use of Default Password vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Smartfabric Os10
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-48831 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Smartfabric Os10
NVD
CVSS 3.1
8.4
EPSS
0.1%
EPSS 0% CVSS 7.2
HIGH PATCH This Week

A remote code execution vulnerability (CVSS 7.2). High severity vulnerability requiring prompt remediation.

RCE Dell Solutions Enabler Virtual Appliance +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, information disclosure, and information tampering.

SQLi Information Disclosure Denial Of Service +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

CVE-2024-53298 is a critical missing authorization vulnerability in Dell PowerScale OneFS NFS export functionality that allows unauthenticated remote attackers to gain unauthorized filesystem access without authentication. Affected versions range from 9.5.0.0 through 9.10.0.1, and successful exploitation enables arbitrary file read, modification, and deletion, leading to complete system compromise. With a CVSS score of 9.8 and network-based attack vector requiring no privileges or user interaction, this vulnerability poses severe risk to unpatched Dell PowerScale deployments; KEV status and active exploitation details require vendor advisory verification.

Authentication Bypass Dell Powerscale Onefs
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Kernel memory corruption vulnerability in the Linux kernel's iwlwifi driver (Intel WiFi module) that allows a local privileged attacker to cause a denial of service or potentially execute arbitrary code. The vulnerability stems from improper list management in the iwl_mvm_mac_wake_tx_queue function, where disabled station queues are not properly cleaned up, leading to list_add corruption when new elements are added. Affected users are those running Linux kernel versions containing the vulnerable iwlwifi mvm driver on systems with Intel WiFi adapters; the vulnerability requires local access and low privileges to exploit.

Linux Information Disclosure Dell +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix NULL pointer dereference in iavf_get_link_ksettings Fix possible NULL pointer dereference, due to freeing of adapter->vf_res in iavf_init_get_resources. Previous commit introduced a regression, where receiving IAVF_ERR_ADMIN_QUEUE_NO_WORK from iavf_get_vf_config would free adapter->vf_res. However, netdev is still registered, so ethtool_ops can be called. Calling iavf_get_link_ksettings with no vf_res, will result with: [ 9385.242676] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 9385.242683] #PF: supervisor read access in kernel mode [ 9385.242686] #PF: error_code(0x0000) - not-present page [ 9385.242690] PGD 0 P4D 0 [ 9385.242696] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI [ 9385.242701] CPU: 6 PID: 3217 Comm: pmdalinux Kdump: loaded Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1 [ 9385.242708] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.11.0 11/02/2019 [ 9385.242710] RIP: 0010:iavf_get_link_ksettings+0x29/0xd0 [iavf] [ 9385.242745] Code: 00 0f 1f 44 00 00 b8 01 ef ff ff 48 c7 46 30 00 00 00 00 48 c7 46 38 00 00 00 00 c6 46 0b 00 66 89 46 08 48 8b 87 68 0e 00 00 <f6> 40 08 80 75 50 8b 87 5c 0e 00 00 83 f8 08 74 7a 76 1d 83 f8 20 [ 9385.242749] RSP: 0018:ffffc0560ec7fbd0 EFLAGS: 00010246 [ 9385.242755] RAX: 0000000000000000 RBX: ffffc0560ec7fc08 RCX: 0000000000000000 [ 9385.242759] RDX: ffffffffc0ad4550 RSI: ffffc0560ec7fc08 RDI: ffffa0fc66674000 [ 9385.242762] RBP: 00007ffd1fb2bf50 R08: b6a2d54b892363ee R09: ffffa101dc14fb00 [ 9385.242765] R10: 0000000000000000 R11: 0000000000000004 R12: ffffa0fc66674000 [ 9385.242768] R13: 0000000000000000 R14: ffffa0fc66674000 R15: 00000000ffffffa1 [ 9385.242771] FS: 00007f93711a2980(0000) GS:ffffa0fad72c0000(0000) knlGS:0000000000000000 [ 9385.242775] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9385.242778] CR2: 0000000000000008 CR3: 0000000a8e61c003 CR4: 00000000003706e0 [ 9385.242781] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 9385.242784] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 9385.242787] Call Trace: [ 9385.242791] <TASK> [ 9385.242793] ethtool_get_settings+0x71/0x1a0 [ 9385.242814] __dev_ethtool+0x426/0x2f40 [ 9385.242823] ? slab_post_alloc_hook+0x4f/0x280 [ 9385.242836] ? kmem_cache_alloc_trace+0x15d/0x2f0 [ 9385.242841] ? dev_ethtool+0x59/0x170 [ 9385.242848] dev_ethtool+0xa7/0x170 [ 9385.242856] dev_ioctl+0xc3/0x520 [ 9385.242866] sock_do_ioctl+0xa0/0xe0 [ 9385.242877] sock_ioctl+0x22f/0x320 [ 9385.242885] __x64_sys_ioctl+0x84/0xc0 [ 9385.242896] do_syscall_64+0x3a/0x80 [ 9385.242904] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 9385.242918] RIP: 0033:0x7f93702396db [ 9385.242923] Code: 73 01 c3 48 8b 0d ad 57 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 7d 57 38 00 f7 d8 64 89 01 48 [ 9385.242927] RSP: 002b:00007ffd1fb2bf18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 9385.242932] RAX: ffffffffffffffda RBX: 000055671b1d2fe0 RCX: 00007f93702396db [ 9385.242935] RDX: 00007ffd1fb2bf20 RSI: 0000000000008946 RDI: 0000000000000007 [ 9385.242937] RBP: 00007ffd1fb2bf20 R08: 0000000000000003 R09: 0030763066307330 [ 9385.242940] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd1fb2bf80 [ 9385.242942] R13: 0000000000000007 R14: 0000556719f6de90 R15: 00007ffd1fb2c1b0 [ 9385.242948] </TASK> [ 9385.242949] Modules linked in: iavf(E) xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nft_compat nf_nat_tftp nft_objref nf_conntrack_tftp bridge stp llc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables rfkill nfnetlink vfat fat irdma ib_uverbs ib_core intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretem ---truncated---

Null Pointer Dereference Linux Denial Of Service +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling Do not call iavf_close in iavf_reset_task error handling. Doing so can lead to double call of napi_disable, which can lead to deadlock there. Removing VF would lead to iavf_remove task being stuck, because it requires crit_lock, which is held by iavf_close. Call iavf_disable_vf if reset fail, so that driver will clean up remaining invalid resources. During rapid VF resets, HW can fail to setup VF mailbox. Wrong error handling can lead to iavf_remove being stuck with: [ 5218.999087] iavf 0000:82:01.0: Failed to init adminq: -53 ... [ 5267.189211] INFO: task repro.sh:11219 blocked for more than 30 seconds. [ 5267.189520] Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1 [ 5267.189764] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 5267.190062] task:repro.sh state:D stack: 0 pid:11219 ppid: 8162 flags:0x00000000 [ 5267.190347] Call Trace: [ 5267.190647] <TASK> [ 5267.190927] __schedule+0x460/0x9f0 [ 5267.191264] schedule+0x44/0xb0 [ 5267.191563] schedule_preempt_disabled+0x14/0x20 [ 5267.191890] __mutex_lock.isra.12+0x6e3/0xac0 [ 5267.192237] ? iavf_remove+0xf9/0x6c0 [iavf] [ 5267.192565] iavf_remove+0x12a/0x6c0 [iavf] [ 5267.192911] ? _raw_spin_unlock_irqrestore+0x1e/0x40 [ 5267.193285] pci_device_remove+0x36/0xb0 [ 5267.193619] device_release_driver_internal+0xc1/0x150 [ 5267.193974] pci_stop_bus_device+0x69/0x90 [ 5267.194361] pci_stop_and_remove_bus_device+0xe/0x20 [ 5267.194735] pci_iov_remove_virtfn+0xba/0x120 [ 5267.195130] sriov_disable+0x2f/0xe0 [ 5267.195506] ice_free_vfs+0x7d/0x2f0 [ice] [ 5267.196056] ? pci_get_device+0x4f/0x70 [ 5267.196496] ice_sriov_configure+0x78/0x1a0 [ice] [ 5267.196995] sriov_numvfs_store+0xfe/0x140 [ 5267.197466] kernfs_fop_write_iter+0x12e/0x1c0 [ 5267.197918] new_sync_write+0x10c/0x190 [ 5267.198404] vfs_write+0x24e/0x2d0 [ 5267.198886] ksys_write+0x5c/0xd0 [ 5267.199367] do_syscall_64+0x3a/0x80 [ 5267.199827] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 5267.200317] RIP: 0033:0x7f5b381205c8 [ 5267.200814] RSP: 002b:00007fff8c7e8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 5267.201981] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5b381205c8 [ 5267.202620] RDX: 0000000000000002 RSI: 00005569420ee900 RDI: 0000000000000001 [ 5267.203426] RBP: 00005569420ee900 R08: 000000000000000a R09: 00007f5b38180820 [ 5267.204327] R10: 000000000000000a R11: 0000000000000246 R12: 00007f5b383c06e0 [ 5267.205193] R13: 0000000000000002 R14: 00007f5b383bb880 R15: 0000000000000002 [ 5267.206041] </TASK> [ 5267.206970] Kernel panic - not syncing: hung_task: blocked tasks [ 5267.207809] CPU: 48 PID: 551 Comm: khungtaskd Kdump: loaded Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1 [ 5267.208726] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.11.0 11/02/2019 [ 5267.209623] Call Trace: [ 5267.210569] <TASK> [ 5267.211480] dump_stack_lvl+0x33/0x42 [ 5267.212472] panic+0x107/0x294 [ 5267.213467] watchdog.cold.8+0xc/0xbb [ 5267.214413] ? proc_dohung_task_timeout_secs+0x30/0x30 [ 5267.215511] kthread+0xf4/0x120 [ 5267.216459] ? kthread_complete_and_exit+0x20/0x20 [ 5267.217505] ret_from_fork+0x22/0x30 [ 5267.218459] </TASK>

Linux Information Disclosure Dell +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A buffer overflow vulnerability exists in the Linux kernel's Dell WMI System Management (dell-wmi-sysman) driver in the current_password_store() function, where an empty string input causes an out-of-bounds array access via index underflow (length - 1 when length equals zero). A local, low-privilege attacker can exploit this to achieve read/write memory corruption, potentially leading to privilege escalation or denial of service. This vulnerability is not currently listed in CISA KEV catalog and requires local access with unprivileged user privileges.

Buffer Overflow Linux Dell +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A security vulnerability in the cv_close functionality of Dell ControlVault3 (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Dell Memory Corruption Use After Free
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Critical deserialization vulnerability in Dell ControlVault3 that allows unauthenticated local attackers to achieve arbitrary code execution by sending specially crafted responses to the cvhDecapsulateCmd functionality. The vulnerability affects ControlVault3 prior to version 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. An attacker who can compromise ControlVault firmware or intercept responses can trigger remote code execution with system-level privileges, making this a high-impact vulnerability despite the moderate attack complexity requirement.

Deserialization RCE Dell
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

CVE-2025-25050 is an out-of-bounds write vulnerability in Dell ControlVault3 and ControlVault 3 Plus that allows a local, authenticated attacker to trigger memory corruption through a specially crafted API call to the cv_upgrade_sensor_firmware function. An attacker with local access and low privileges can achieve high-impact compromise including complete confidentiality, integrity, and availability violations. The vulnerability affects all versions prior to ControlVault3 5.15.10.14 and ControlVault 3 Plus 6.2.26.36; exploitation requires local access and valid user credentials but no user interaction.

Buffer Overflow Dell
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Stack-based buffer overflow vulnerability in Dell ControlVault3's securebio_identify functionality that allows local attackers with low privileges to execute arbitrary code with high impact across the system. The vulnerability affects ControlVault3 versions prior to 5.15.10.14 and ControlVault3 Plus versions prior to 6.2.26.36, and can be triggered via a specially crafted API call with a malicious cv_object parameter.

Buffer Overflow RCE Dell
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

A information disclosure vulnerability in the cv_send_blockdata functionality of Dell ControlVault3 (CVSS 8.4). High severity vulnerability requiring prompt remediation.

Buffer Overflow Information Disclosure Dell
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Dell iDRAC Tools versions prior to 11.3.0.0 contain an improper access control vulnerability (CWE-284) that allows low-privileged local attackers to escalate privileges without user interaction. The CVSS 7.8 score reflects high confidentiality, integrity, and availability impact. While no CVE-2025-27689 entry exists in public KEV catalogs or active exploitation databases at this time, the local attack vector with low complexity and low privilege requirements indicates this is a practical privilege escalation risk for organizations running vulnerable iDRAC Tool versions on multi-user systems.

Dell Privilege Escalation Idrac Tools
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Dell Smart Dock Firmware versions prior to 01.00.08.01 contain an insertion of sensitive information into log file vulnerability (CWE-532) that allows local attackers without privileges to read confidential data through log file access. This is a moderate-to-high severity information disclosure issue (CVSS 7.1) affecting physical/local access scenarios; while not remotely exploitable, the lack of privilege requirements and cross-system scope impact make this a meaningful risk for shared device environments.

Information Disclosure Dell Pro Smart Dock Sd25 Firmware +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection

XSS Dell Wyse Management Suite
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Authentication Bypass Dell Wyse Management Suite
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

XSS Dell Wyse Management Suite
NVD
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.

CSRF SSRF Dell
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A information disclosure vulnerability in an Exposure of Sensitive Information (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Information Disclosure Dell Wyse Management Suite
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Dell Wyse Management Suite versions prior to 5.2 contain an Absolute Path Traversal vulnerability (CWE-36) that allows unauthenticated remote attackers to read arbitrary files and gain unauthorized access without user interaction. The CVSS 8.2 score reflects high confidentiality impact and low integrity impact, with network-based attack vector requiring no privileges or interaction. No KEV/CISA active exploitation data, EPSS score, or public POC is currently confirmed in available intelligence, but the unauthenticated remote nature and path traversal primitive warrant immediate patching.

Authentication Bypass Information Disclosure Path Traversal +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability (CWE-61) that allows a local user with limited privileges to escalate their permissions to higher levels without user interaction. The vulnerability has a CVSS score of 7.8 (High) with local attack vector and low attack complexity, indicating straightforward exploitation by unprivileged local users. No active exploitation in the wild has been confirmed at this time, but the local privilege escalation nature and availability of detailed CVE information presents a meaningful post-patch exploitation risk.

Privilege Escalation Dell Encryption
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Thinos
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Powerstoreos
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Dell PowerScale InsightIQ, version 5.2, contains an uncontrolled resource consumption vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Insightiq
NVD
EPSS 0% CVSS 8.1
HIGH This Month

Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an improper privilege management vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Privilege Escalation Insightiq
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumption vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Authentication Bypass +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Dell +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check time-of-use (TOCTOU) race condition vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Storage Manager
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell XSS Storage Manager
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Path Traversal Storage Manager
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Dell Information Disclosure +1
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Storage Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Avoid order-5 memory allocation for TPA data The driver needs to keep track of all the possible concurrent TPA (GRO/LRO). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Dell Linux +3
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/i915/sseu: fix max_subslices array-index-out-of-bounds access It seems that commit bc3c5e0809ae ("drm/i915/sseu: Don't try to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Dell Information Disclosure Linux +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Synchronize the IOCB count to be in order A system hang was observed with the following call trace: BUG: kernel NULL. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Dell Null Pointer Dereference Linux +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() During the error recovery sequence, the rtnl_lock is not held for the entire. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Dell Null Pointer Dereference Linux +4
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Dell Code Injection Powerprotect Data Manager
NVD
EPSS 0% CVSS 2.3
LOW Monitor

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Ssti +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Powerprotect Data Manager
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.

Dell Information Disclosure Elastic Cloud Storage +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell RCE Elastic Cloud Storage +1
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell Alienware Command Center 6.x, versions prior to 6.7.37.0 contain an Improper Access Control Vulnerability. Rated medium severity (CVSS 6.7). No vendor patch available.

Dell Authentication Bypass Alienware Command Center
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell Trusted Device, versions prior to 7.0.3.0, contain an Incorrect Default Permissions vulnerability. Rated medium severity (CVSS 6.7). No vendor patch available.

Dell Authentication Bypass Trusted Device Agent
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell Trusted Device, versions prior to 7.0.3.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. Rated medium severity (CVSS 6.7). No vendor patch available.

Dell Information Disclosure Trusted Device Agent
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Dell PowerProtect Cyber Recovery, versions prior to 19.18.0.2, contains an Insertion of Sensitive Information Into Sent Data vulnerability. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Dell Information Disclosure Powerprotect Cyber Recovery
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Powerscale Onefs
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumption vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Buffer Overflow Dell +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Dell Authentication Bypass Powerscale Onefs
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Powerscale Onefs
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Dell Denial Of Service +1
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability. Rated low severity (CVSS 3.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Precision 5820 Tower Firmware +3
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow RCE +262
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Common Anti-Virus Agent (CAVA). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Common Event Enabler
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent (CAVA). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Common Event Enabler
NVD
EPSS 0% CVSS 2.7
LOW Monitor

Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Code Injection LDAP +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Powerprotect Data Domain +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Wyse Management Suite
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Wyse Management Suite
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Wyse Management Suite
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Wyse Management Suite
NVD
EPSS 2% CVSS 4.7
MEDIUM This Month

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site ('Open Redirect') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Dell Unity Operating Environment
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 4% CVSS 7.3
HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 12% CVSS 9.1
CRITICAL Act Now

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.8% and no vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 3% CVSS 7.3
HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: dmaengine: Fix double increment of client_count in dma_chan_get() The first time dma_chan_get() is called for a channel the channel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Dell +6
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Buffer Overflow Stack Overflow +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Dell Authentication Bypass Secure Connect Gateway
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

Dell Information Disclosure Secure Connect Gateway
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Thinos
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Incorrect Privilege Assignment vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Information Disclosure Smartfabric Os10
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Use of Default Password vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Smartfabric Os10
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Smartfabric Os10
NVD
Prev Page 4 of 15 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy