Skip to main content

Dell

1272 CVEs vendor

Monthly

CVE-2024-50095 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: RDMA/mad: Improve handling of timed out WRs of mad agent Current timeout handler of mad agent acquires/releases mad_agent_priv lock. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Dell Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-50072 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported below #GP in 32-bit mode when dosemu software was. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

RCE Intel Dell Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47483 MEDIUM This Month

Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

SQLi Information Disclosure Dell Data Lakehouse
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47481 MEDIUM This Month

Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Denial Of Service Data Lakehouse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-48016 HIGH This Week

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Secure Connect Gateway
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-47241 HIGH This Week

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Secure Connect Gateway
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2024-47240 MEDIUM This Month

Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dell Secure Connect Gateway
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-45767 MEDIUM This Month

Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Information Disclosure Dell Openmanage Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-45766 HIGH This Week

Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Dell Openmanage Enterprise
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-39586 MEDIUM This Month

Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell XXE Emc Appsync
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-39577 HIGH This Week

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-37125 HIGH This Week

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Smartfabric Os10
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-45017 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Dell Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-42423 HIGH This Week

Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Information Disclosure Citrix Workspace
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-42425 MEDIUM This Month

Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Access of Memory Location After End of Buffer vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Dell Precision 7920 Firmware 7920 Xl Firmware
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-39583 CRITICAL Act Now

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Insightiq
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-39582 MEDIUM This Month

Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dell Insightiq
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-39581 CRITICAL Act Now

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Dell Insightiq
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-39580 MEDIUM This Month

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Insightiq
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-39574 MEDIUM This Month

Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Denial Of Service Insightiq
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-42427 HIGH This Week

Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell Wyse Thinos
NVD
CVSS 3.1
7.6
EPSS
1.1%
CVE-2024-42424 MEDIUM This Month

Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Improper Input Validation vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Dell Precision 7920 Rack Firmware 7920 Xl Rack Firmware
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-39585 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dell Smartfabric Os10
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-38486 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-44984 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT Remove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT code path. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Ubuntu Information Disclosure Dell Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-37136 MEDIUM This Month

Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Path To Powerprotect
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-39579 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-39578 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-38304 MEDIUM This Month

Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Dell Emc Xc Core Xcxr2 Firmware Emc Xc Core Xc940 System Firmware +29
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-38303 MEDIUM This Month

Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Improper Input Validation vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Dell Emc Xc Core Xcxr2 Firmware Emc Xc Core Xc940 System Firmware +29
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-39584 HIGH This Week

Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Xps 8960 Firmware Xps 8950 Firmware Inspiron 3502 Firmware +17
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-44937 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Since commit e2ffcda16290 ("ACPI: OSL: Allow Notify (). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Dell Intel Denial Of Service Linux Null Pointer Dereference +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-39576 HIGH This Week

Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Power Manager
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-38305 HIGH This Week

Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Supportassist For Home Pcs
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-38483 MEDIUM This Month

Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Latitude 5290 2 In 1 Firmware Precision 3420 Tower Firmware Precision 3620 Firmware +38
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-28962 HIGH This Week

Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Alienware Update Command Update Update
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-38490 MEDIUM This Month

Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Memory Corruption RCE Denial Of Service +1
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-38489 MEDIUM This Month

Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Memory Corruption RCE Denial Of Service +1
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-38481 MEDIUM This Month

Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow RCE Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-28972 HIGH This Week

Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Insightiq
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-25948 MEDIUM This Month

Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Memory Corruption RCE Denial Of Service +1
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-25947 MEDIUM This Month

Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Memory Corruption RCE Denial Of Service +1
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-37142 HIGH This Week

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Dell Peripheral Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-37129 HIGH This Week

Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Path Traversal Dell Inventory Collector
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-37127 HIGH This Week

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Dell Peripheral Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-32857 HIGH This Week

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Dell Peripheral Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-42137 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Dell Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-41027 LOW PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: Fix userfaultfd_api to return EINVAL as expected Currently if we request a feature that is not set in the Kernel config we fail. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Dell Linux Linux Kernel
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2024-38302 MEDIUM This Month

Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data vulnerability in the DDAE (Starburst). Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Data Lakehouse
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2024-30473 MEDIUM This Month

Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dell Elastic Cloud Storage
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-40980 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drop_monitor: replace spin_lock by raw_spin_lock trace_drop_common() is called with preemption disabled, and it acquires a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Dell Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-38301 HIGH This Week

Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Denial Of Service Alienware Command Center
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-37134 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-37133 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-37132 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-37126 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-32854 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-32853 HIGH This Week

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-32852 HIGH This Week

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographic algorithm vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-0158 MEDIUM This Month

Dell BIOS contains an improper input validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Latitude 3440 Firmware Inspiron 7501 Firmware Vostro 14 3430 Firmware Optiplex 3000 Micro Firmware Alienware M16 R1 Firmware +385
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-37137 MEDIUM This Month

Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Cloudlink
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-37141 LOW Monitor

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Open Redirect Dell Data Domain Operating System
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2024-37140 HIGH This Week

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Data Domain Operating System
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-37139 MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Data Domain Operating System
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-37138 MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dell Data Domain Operating System
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-29177 LOW Monitor

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Data Domain Operating System
NVD
CVSS 3.1
2.7
EPSS
0.3%
CVE-2024-29176 HIGH This Week

Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Dell Memory Corruption Data Domain Operating System
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-29175 MEDIUM This Month

Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Dell Data Domain Operating System
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-29174 MEDIUM This Month

Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass SQLi Dell Data Domain Operating System
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-29173 MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Dell Data Domain Operating System
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-28973 MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Dell Data Domain Operating System
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-0171 MEDIUM This Month

Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. Rated medium severity (CVSS 5.3). No vendor patch available.

Authentication Bypass Dell Poweredge R6615 Firmware Poweredge R7615 Firmware Poweredge R6625 Firmware +3
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-32855 MEDIUM This Month

Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Dell Memory Corruption Inspiron 3480 Firmware Inspiron 3580 Firmware +72
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-29169 HIGH This Week

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Dell Secure Connect Gateway
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-29168 HIGH This Week

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Dell Secure Connect Gateway
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-28969 MEDIUM This Month

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Secure Connect Gateway
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-28968 MEDIUM This Month

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Secure Connect Gateway
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-28967 MEDIUM This Month

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Secure Connect Gateway
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-28966 MEDIUM This Month

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Secure Connect Gateway
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-28965 MEDIUM This Month

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Secure Connect Gateway
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-32860 HIGH This Week

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Alienware Area 51M R2 Firmware Alienware Aurora R11 Firmware Alienware Aurora R12 Firmware +19
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-32859 HIGH This Week

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Xps 8960 Firmware Xps 8950 Firmware Inspiron 3502 Firmware +20
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-32858 HIGH This Week

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Xps 8960 Firmware Xps 8950 Firmware Inspiron 3502 Firmware +20
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-32856 MEDIUM This Month

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Xps 8960 Firmware Xps 8950 Firmware Inspiron 3502 Firmware +20
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-30472 MEDIUM This Month

Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Telemetry Dashboard
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2024-28964 HIGH This Week

Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Dell Common Event Enabler
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-25949 HIGH PATCH This Week

Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Dell Networking Os10
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-28970 MEDIUM This Month

Dell Client BIOS contains an Out-of-bounds Write vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Dell Denial Of Service Memory Corruption Vostro 5502 Firmware +13
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-0160 MEDIUM This Month

Dell Client Platform contains an incorrect authorization vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Xps 17 9700 Firmware Xps 15 9500 Firmware Vostro 7500 Firmware +12
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-37130 HIGH This Week

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Openmanage Server Administrator
NVD
CVSS 3.1
7.8
EPSS
0.2%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: RDMA/mad: Improve handling of timed out WRs of mad agent Current timeout handler of mad agent acquires/releases mad_agent_priv lock. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Dell Linux Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported below #GP in 32-bit mode when dosemu software was. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

RCE Intel Dell +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

SQLi Information Disclosure Dell +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Denial Of Service +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Secure Connect Gateway
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Secure Connect Gateway
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dell Secure Connect Gateway
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Information Disclosure Dell +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Dell +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell XXE +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Dell +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Smartfabric Os10
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Dell Linux +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Information Disclosure +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Access of Memory Location After End of Buffer vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Dell +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Insightiq
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dell +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Dell +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Insightiq
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Denial Of Service +1
NVD
EPSS 1% CVSS 7.6
HIGH This Week

Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell Wyse Thinos
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Improper Input Validation vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Dell +2
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dell +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT Remove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT code path. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Ubuntu Information Disclosure Dell +2
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Path To Powerprotect
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Dell +31
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Improper Input Validation vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Dell +31
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Xps 8960 Firmware +19
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Since commit e2ffcda16290 ("ACPI: OSL: Allow Notify (). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Dell Intel Denial Of Service +3
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Power Manager
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Supportassist For Home Pcs
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Latitude 5290 2 In 1 Firmware +40
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Alienware Update +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Memory Corruption +3
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Memory Corruption +3
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow RCE +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Insightiq
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Memory Corruption +3
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Memory Corruption +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Dell +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Path Traversal Dell +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Dell +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Dell +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Dell Linux +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: Fix userfaultfd_api to return EINVAL as expected Currently if we request a feature that is not set in the Kernel config we fail. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Dell Linux +1
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data vulnerability in the DDAE (Starburst). Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Data Lakehouse
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dell Elastic Cloud Storage
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drop_monitor: replace spin_lock by raw_spin_lock trace_drop_common() is called with preemption disabled, and it acquires a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Dell Information Disclosure Linux +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Denial Of Service +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerscale Onefs
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerscale Onefs
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerscale Onefs
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerscale Onefs
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographic algorithm vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell BIOS contains an improper input validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Latitude 3440 Firmware Inspiron 7501 Firmware Vostro 14 3430 Firmware +387
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Cloudlink
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Open Redirect Dell +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Data Domain Operating System
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Data Domain Operating System
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dell Data Domain Operating System
NVD
EPSS 0% CVSS 2.7
LOW Monitor

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Data Domain Operating System
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Dell +2
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Dell Data Domain Operating System
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass SQLi Dell +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Dell Data Domain Operating System
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Dell +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. Rated medium severity (CVSS 5.3). No vendor patch available.

Authentication Bypass Dell Poweredge R6615 Firmware +5
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Dell Memory Corruption +74
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Dell +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Dell +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Secure Connect Gateway
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Secure Connect Gateway
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Secure Connect Gateway
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Secure Connect Gateway
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Secure Connect Gateway
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Alienware Area 51M R2 Firmware +21
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Xps 8960 Firmware +22
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Xps 8960 Firmware +22
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Xps 8960 Firmware +22
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Telemetry Dashboard
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Dell +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Dell Networking Os10
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell Client BIOS contains an Out-of-bounds Write vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Dell Denial Of Service +15
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Dell Client Platform contains an incorrect authorization vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Xps 17 9700 Firmware +14
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Openmanage Server Administrator
NVD
Prev Page 6 of 15 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy