Skip to main content

Dell

1272 CVEs vendor

Monthly

CVE-2024-48828 MEDIUM This Month

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Privilege Management vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Privilege Escalation Smartfabric Os10
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-48017 MEDIUM This Month

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-48015 MEDIUM This Month

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-22474 MEDIUM This Month

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) a Server-Side Request Forgery (SSRF) vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell SSRF Smartfabric Os10
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-48830 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-48013 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution with Unnecessary Privileges vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Privilege Escalation Smartfabric Os10
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-21104 MEDIUM This Month

Dell NetWorker, versions prior to 19.11.0.4 and version 19.12, contains an URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in NetWorker Management Console. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Dell Networker
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-26331 HIGH This Week

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell Thinos
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-49722 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory corruption in VF driver Disable VF's RX/TX queues, when it's disabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Dell Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-49625 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: sfc: fix kernel panic when creating VF When creating VFs a kernel panic can happen when calling to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Dell Null Pointer Dereference Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49584 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero It is possible to disable VFs while the PF driver is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Dell Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49400 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: md: Don't set mddev private to NULL in raid0 pers->free In normal stop process, it does like this: do_md_stop | __md_stop. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Dell Null Pointer Dereference Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49215 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race at socket teardown Fix a race in the xsk socket teardown code that can lead to a NULL pointer dereference splat. Rated medium severity (CVSS 4.7).

Dell Linux Race Condition Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2022-49155 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() [ 12.323788] BUG: using smp_processor_id() in preemptible. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Dell Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-51539 LOW Monitor

The Dell Secure Connect Gateway (SCG) Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Dell SQLi Secure Connect Gateway
NVD
CVSS 3.1
2.3
EPSS
0.1%
CVE-2025-21106 MEDIUM This Month

Dell Recover Point for Virtual Machines 6.0.X contains a Weak file system permission vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Recoverpoint For Virtual Machines
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21105 MEDIUM This Month

Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Recoverpoint For Virtual Machines
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2024-52541 HIGH This Week

Dell Client Platform BIOS contains a Weak Authentication vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Alienware M15 R6 Firmware Alienware M15 R7 Firmware Alienware M16 R1 Firmware +389
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-21103 HIGH This Week

Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions prior to 19.10.0.7 contain(s) an improper neutralization of server-side vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell RCE Networker
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-22480 HIGH This Week

Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Dell Information Disclosure Supportassist Os Recovery
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-21695 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-uart-backlight: fix serdev race The dell_uart_bl_serdev_probe() function calls devm_serdev_device_open() before. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Dell Null Pointer Dereference Linux Google Denial Of Service +4
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2024-29172 MEDIUM This Month

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Denial Of Service Bsafe Ssl J
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-29171 MEDIUM This Month

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains an Improper certificate verification vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Bsafe Ssl J
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-22399 HIGH PATCH This Week

Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. Rated high severity (CVSS 7.9), this vulnerability is no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Dell SSRF Utility Configuration Collector Edge
NVD
CVSS 3.1
7.9
EPSS
0.0%
CVE-2025-22402 LOW Monitor

Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Dell Information Disclosure XSS Update Manager Plugin
NVD
CVSS 3.1
2.6
EPSS
0.6%
CVE-2025-21117 MEDIUM This Month

Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Avamar Server
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-22475 LOW Monitor

Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Data Domain Operating System
NVD
CVSS 3.1
3.7
EPSS
0.2%
CVE-2024-53295 HIGH This Month

Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Data Domain Operating System
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-53296 LOW Monitor

Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Stack Overflow Buffer Overflow Denial Of Service Data Domain Operating System
NVD
CVSS 3.1
2.7
EPSS
0.2%
CVE-2024-51534 HIGH This Month

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Path Traversal Data Domain Operating System
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-21107 HIGH This Month

Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Networker
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-23374 HIGH This Month

Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Dell Information Disclosure Enterprise Sonic Distribution
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2025-22394 MEDIUM This Month

Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. Rated medium severity (CVSS 6.7). No vendor patch available.

RCE Dell Privilege Escalation Display Manager
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-21101 MEDIUM This Month

Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Dell Race Condition Information Disclosure Display Manager
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-21111 HIGH This Month

Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Dell Information Disclosure Vxrail D560 Firmware Vxrail D560F Firmware Vxrail E460 Firmware +39
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-21102 HIGH This Month

Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Dell Information Disclosure Vxrail D560 Firmware Vxrail D560F Firmware Vxrail E460 Firmware +39
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-47239 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2025-22395 HIGH This Month

Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Privilege Escalation Update Package Framework
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-47475 MEDIUM This Month

Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2024-56656 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips The 5760X (P7) chip's HW GRO/LRO interface is very similar to that. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Dell Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-51540 MEDIUM This Month

Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Dell Elastic Cloud Storage
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-52543 MEDIUM This Month

Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure Permissions vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Nativeedge Orchestrator
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-52534 MEDIUM This Month

Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Elastic Cloud Storage
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-53291 HIGH This Week

Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadata vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Nativeedge Orchestrator
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-52535 HIGH This Week

Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dell Supportassist For Business Pcs Supportassist For Home Pcs
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-47978 HIGH This Week

Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Nativeedge Orchestrator
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-51532 HIGH This Week

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Dell Powerstoreos
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-47480 HIGH This Week

Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Inventory Collector
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-52542 MEDIUM This Month

Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Appsync
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47984 MEDIUM This Month

Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Recoverpoint For Virtual Machines
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-28980 CRITICAL Act Now

Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Recoverpoint For Virtual Machines
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-24902 MEDIUM This Month

Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Recoverpoint For Virtual Machines
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-48008 MEDIUM This Month

Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Command Injection Dell Recoverpoint For Virtual Machines
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-48007 CRITICAL Act Now

Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Recoverpoint For Virtual Machines
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-38488 CRITICAL Act Now

Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Recoverpoint For Virtual Machines
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-22461 HIGH This Week

Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Command Injection Dell Recoverpoint For Virtual Machines
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-47238 MEDIUM This Month

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Embedded Box Pc 3000 Firmware Edge Gateway 3001 Firmware Edge Gateway 3002 Firmware +5
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-53292 MEDIUM This Month

Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Vxrail Hyperconverged Infrastructure
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-53290 HIGH This Week

Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell Thinos
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2024-53289 HIGH This Week

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Dell Thinos
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2024-52537 MEDIUM This Month

Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Dock Hd22Q Firmware Update Utility Dock Wd19 Firmware Update Utility Dock Wd22Tb4 Firmware Update Utility
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-52538 HIGH This Week

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dell Avamar Server
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-47977 HIGH This Week

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dell Avamar Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-47484 CRITICAL Act Now

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Dell Avamar Server
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-37144 MEDIUM This Month

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dell Data Lakehouse Insightiq +3
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-37143 CRITICAL Act Now

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Dell Data Lakehouse Insightiq Powerflex Appliance Intelligent Catalog +2
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-45761 HIGH This Week

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Dell Denial Of Service Openmanage Server Administrator
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-45760 HIGH This Week

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Openmanage Server Administrator
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-49603 MEDIUM This Month

Dell PowerScale OneFS Versions 8.2.2.x through 9.9.0.x contain an incorrect specified argument vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-49602 MEDIUM This Month

Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an improper resource unlocking vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-49600 HIGH This Week

Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE Dell Power Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-42426 MEDIUM This Month

Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain an uncontrolled resource consumption vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-38485 MEDIUM This Month

Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Dell Elastic Cloud Storage
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-42422 HIGH This Week

Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dell Networker
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-47476 HIGH This Week

Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Dell Networker Management Console
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49597 HIGH This Week

Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Wyse Management Suite
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-49596 MEDIUM This Month

Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Denial Of Service Wyse Management Suite
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-49595 MEDIUM This Month

Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Denial Of Service Wyse Management Suite
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-38296 MEDIUM This Month

Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Intel Management Engine Firmware Update Utility
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-49560 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-49558 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49557 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-48838 LOW Monitor

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a Files or Directories Accessible to External Parties vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Dell Smartfabric Os10
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-48837 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Smartfabric Os10
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-45763 HIGH This Week

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Enterprise Sonic Distribution
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-45765 HIGH This Week

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Enterprise Sonic Distribution
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-45764 CRITICAL Act Now

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Enterprise Sonic Distribution
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-48011 MEDIUM This Month

Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Data Domain Operating System
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-48010 HIGH This Week

Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Dell Data Domain Operating System
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-45759 HIGH This Week

Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Denial Of Service Data Domain Operating System
NVD
CVSS 3.1
7.3
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Privilege Management vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Dell +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) a Server-Side Request Forgery (SSRF) vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell SSRF Smartfabric Os10
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution with Unnecessary Privileges vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Privilege Escalation Smartfabric Os10
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Dell NetWorker, versions prior to 19.11.0.4 and version 19.12, contains an URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in NetWorker Management Console. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Dell Networker
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory corruption in VF driver Disable VF's RX/TX queues, when it's disabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Dell +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: sfc: fix kernel panic when creating VF When creating VFs a kernel panic can happen when calling to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Dell Null Pointer Dereference Linux +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero It is possible to disable VFs while the PF driver is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Dell Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: md: Don't set mddev private to NULL in raid0 pers->free In normal stop process, it does like this: do_md_stop | __md_stop. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Dell Null Pointer Dereference Linux +4
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race at socket teardown Fix a race in the xsk socket teardown code that can lead to a NULL pointer dereference splat. Rated medium severity (CVSS 4.7).

Dell Linux Race Condition +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() [ 12.323788] BUG: using smp_processor_id() in preemptible. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Dell Linux +3
NVD
EPSS 0% CVSS 2.3
LOW Monitor

The Dell Secure Connect Gateway (SCG) Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Dell SQLi Secure Connect Gateway
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell Recover Point for Virtual Machines 6.0.X contains a Weak file system permission vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Recoverpoint For Virtual Machines
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Recoverpoint For Virtual Machines
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Dell Client Platform BIOS contains a Weak Authentication vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Alienware M15 R6 Firmware +391
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions prior to 19.10.0.7 contain(s) an improper neutralization of server-side vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell RCE Networker
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Dell Information Disclosure Supportassist Os Recovery
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-uart-backlight: fix serdev race The dell_uart_bl_serdev_probe() function calls devm_serdev_device_open() before. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Dell Null Pointer Dereference Linux +6
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Denial Of Service Bsafe Ssl J
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains an Improper certificate verification vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Bsafe Ssl J
NVD
EPSS 0% CVSS 7.9
HIGH PATCH This Week

Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. Rated high severity (CVSS 7.9), this vulnerability is no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Dell SSRF Utility Configuration Collector Edge
NVD
EPSS 1% CVSS 2.6
LOW Monitor

Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Dell Information Disclosure XSS +1
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Avamar Server
NVD
EPSS 0% CVSS 3.7
LOW Monitor

Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Data Domain Operating System
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Data Domain Operating System
NVD
EPSS 0% CVSS 2.7
LOW Monitor

Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Stack Overflow Buffer Overflow +2
NVD
EPSS 0% CVSS 7.1
HIGH This Month

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Path Traversal +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Networker
NVD
EPSS 0% CVSS 8.0
HIGH This Month

Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Dell Information Disclosure Enterprise Sonic Distribution
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. Rated medium severity (CVSS 6.7). No vendor patch available.

RCE Dell Privilege Escalation +1
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Dell Race Condition Information Disclosure +1
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Dell Information Disclosure Vxrail D560 Firmware +41
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Dell Information Disclosure Vxrail D560 Firmware +41
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
EPSS 0% CVSS 8.2
HIGH This Month

Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Privilege Escalation +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips The 5760X (P7) chip's HW GRO/LRO interface is very similar to that. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Dell Linux +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Dell +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure Permissions vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Nativeedge Orchestrator
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Elastic Cloud Storage
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadata vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Nativeedge Orchestrator
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dell Supportassist For Business Pcs +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Nativeedge Orchestrator
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Dell Powerstoreos
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Inventory Collector
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Appsync
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Recoverpoint For Virtual Machines
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Recoverpoint For Virtual Machines
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Recoverpoint For Virtual Machines
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Command Injection Dell +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Recoverpoint For Virtual Machines
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Recoverpoint For Virtual Machines
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Command Injection Dell +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Embedded Box Pc 3000 Firmware +7
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Vxrail Hyperconverged Infrastructure
NVD
EPSS 1% CVSS 8.4
HIGH This Week

Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell Thinos
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Dell Thinos
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Dock Hd22Q Firmware Update Utility +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dell Avamar Server
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dell Avamar Server
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Dell Avamar Server
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dell +5
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Dell Data Lakehouse +4
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Dell Denial Of Service +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Openmanage Server Administrator
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell PowerScale OneFS Versions 8.2.2.x through 9.9.0.x contain an incorrect specified argument vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an improper resource unlocking vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE Dell +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain an uncontrolled resource consumption vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Dell Elastic Cloud Storage
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dell +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Dell +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Wyse Management Suite
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Denial Of Service +1
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Denial Of Service +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Intel Management Engine Firmware Update Utility
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Smartfabric Os10
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a Files or Directories Accessible to External Parties vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Dell +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Smartfabric Os10
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Enterprise Sonic Distribution
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Enterprise Sonic Distribution
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Enterprise Sonic Distribution
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Data Domain Operating System
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Dell +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Denial Of Service +1
NVD
Prev Page 5 of 15 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy