Skip to main content

Dell

1272 CVEs vendor

Monthly

CVE-2024-29170 HIGH This Week

Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-36919 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload The session resources are used by FW and driver when. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Dell Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-28974 MEDIUM This Month

Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Data Protection Advisor Dp4400 Firmware Dp5900 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-22429 MEDIUM This Month

Dell BIOS contains an Improper Input Validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Edge Gateway 5000 Firmware Precision 5820 Tower Firmware Edge Gateway 3000 Firmware +47
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-25970 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-25969 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without limits or throttling vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-25968 HIGH This Week

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-25967 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-25966 HIGH This Week

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected data type vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-25965 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-28971 MEDIUM This Month

Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Openmanage Enterprise Update Manager
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2024-24908 MEDIUM This Month

Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dell Dm5500 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-22460 HIGH This Week

Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Dell Dm5500 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-28979 MEDIUM This Month

Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dell Openmanage Enterprise
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-28978 MEDIUM This Month

Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Openmanage Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-28961 HIGH This Week

Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dell Openmanage Enterprise
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-28977 MEDIUM This Month

Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Dell Repository Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-28976 HIGH This Week

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Dell Repository Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-28963 MEDIUM This Month

Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Telemetry Dashboard
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0157 MEDIUM This Month

Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Microsoft Storage Monitoring And Reporting Storage Resource Manager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-22448 MEDIUM This Month

Dell BIOS contains an Out-of-Bounds Write vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Dell Denial Of Service Memory Corruption Alienware M15 R6 Firmware +267
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-22450 HIGH This Week

Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Dell Alienware Command Center
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0159 MEDIUM This Month

Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Alienware Command Center
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26743 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix qedr_create_user_qp error flow Avoid the following warning by making sure to free the allocated resources in case. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Dell Denial Of Service Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0172 HIGH This Week

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Poweredge R660 Firmware Poweredge R760 Firmware Poweredge C6620 Firmware +90
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-25944 HIGH This Week

Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Dell Openmanage Enterprise
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-25971 MEDIUM This Month

Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell XXE Powerprotect Data Manager
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-25963 HIGH This Week

Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-25960 HIGH This Week

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-25955 HIGH This Week

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Powermax Eem Solutions Enabler Virtual Appliance Unisphere For Powermax Virtual Appliance
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-25954 HIGH This Week

Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-25953 MEDIUM This Month

Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-25952 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-25946 HIGH This Week

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Powermax Eem Solutions Enabler Virtual Appliance Unisphere For Powermax Virtual Appliance
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-25961 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-25959 MEDIUM This Month

Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-25962 MEDIUM This Month

Dell InsightIQ, version 5.0, contains an improper access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Insightiq
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-25958 HIGH This Week

Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Dell Microsoft Grab
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-25957 MEDIUM This Month

Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Microsoft Grab
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-25956 MEDIUM This Month

Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Microsoft Grab
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-25964 HIGH This Week

Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-25942 MEDIUM This Month

Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Poweredge R730 Firmware Poweredge R730Xd Firmware Poweredge R630 Firmware +22
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-22453 MEDIUM This Month

Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Dell Poweredge R730 Firmware Poweredge R730Xd Firmware +23
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-0173 LOW Monitor

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Poweredge R660 Firmware Poweredge R760 Firmware Poweredge C6620 Firmware +121
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-0163 MEDIUM This Month

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. Rated medium severity (CVSS 6.3). No vendor patch available.

Authentication Bypass Dell Poweredge R660 Firmware Poweredge R760 Firmware Poweredge C6620 Firmware +55
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0162 HIGH This Week

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Dell Poweredge R660 Firmware Poweredge R760 Firmware Poweredge C6620 Firmware +55
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-0154 LOW Monitor

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Poweredge R660 Firmware Poweredge R760 Firmware Poweredge C6620 Firmware +121
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-0161 HIGH This Week

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Poweredge T360 Firmware Poweredge R360 Firmware Poweredge R650 Firmware +83
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-24901 LOW Monitor

Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
2.3
EPSS
0.1%
CVE-2024-22463 CRITICAL Act Now

Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-22452 HIGH This Week

Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple RCE Dell Display And Peripheral Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0156 HIGH This Week

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Buffer Overflow Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Dell Buffer Overflow RCE Privilege Escalation +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0155 HIGH This Week

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Use After Free Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Use After Free Memory Corruption RCE Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-24907 HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Dell Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-24905 HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Dell Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-24904 HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Dell Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-24903 HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

Authentication Bypass Dell Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-24906 HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Dell Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-24900 HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Authentication Bypass Information Disclosure Dell Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-22458 MEDIUM PATCH This Month

Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dell Secure Connect Gateway
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-22457 HIGH PATCH This Week

Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Dell Secure Connect Gateway
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-22459 MEDIUM This Month

Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Elastic Cloud Storage
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-22426 CRITICAL Act Now

Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell File Upload Recoverpoint For Virtual Machines
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-22425 CRITICAL Act Now

Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Recoverpoint For Virtual Machines
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-22455 MEDIUM This Month

Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell E Lab Navigator
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-22454 HIGH PATCH This Week

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Dell Powerprotect Data Manager
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-22445 HIGH PATCH This Week

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Command Injection Dell Powerprotect Data Manager
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-22230 MEDIUM This Month

Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dell Unity Operating Environment
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-22228 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-22227 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-22226 MEDIUM This Month

Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dell Unity Operating Environment
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-22225 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2024-22224 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-22223 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-22222 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-22221 MEDIUM This Month

Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dell Unity Operating Environment
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-0170 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-0169 MEDIUM This Month

Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Dell Unity Operating Environment
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-0168 HIGH This Week

Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-0167 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-0166 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-0165 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2024-0164 HIGH This Week

Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-22464 MEDIUM This Month

Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Emc Appsync
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-22433 CRITICAL PATCH Act Now

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Dell Data Protection Search
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-22449 HIGH This Week

Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-22430 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-22229 MEDIUM This Month

Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Dell Unity Operating Environment Unity Xt Operating Environment Unityvsa Operating Environment
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-22428 HIGH This Week

Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Dell Emc Idrac Service Module
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0454 MEDIUM This Month

ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Microsoft Elan Match On Chip Fpr Solution Firmware Windows
NVD GitHub
CVSS 3.1
6.0
EPSS
0.0%
EPSS 0% CVSS 8.1
HIGH This Week

Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dell +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload The session resources are used by FW and driver when. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Dell Linux +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Data Protection Advisor +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell BIOS contains an Improper Input Validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Edge Gateway 5000 Firmware +49
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without limits or throttling vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerscale Onefs
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected data type vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Openmanage Enterprise Update Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dell Dm5500 Firmware
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Dell +1
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dell Openmanage Enterprise
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Openmanage Enterprise
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dell +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Dell Repository Manager
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Dell Repository Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Telemetry Dashboard
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Microsoft +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Dell BIOS contains an Out-of-Bounds Write vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Dell Denial Of Service +269
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Dell Alienware Command Center
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Alienware Command Center
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix qedr_create_user_qp error flow Avoid the following warning by making sure to free the allocated resources in case. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Dell Denial Of Service Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Poweredge R660 Firmware +92
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Dell +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell XXE +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Powermax Eem +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Powermax Eem +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerscale Onefs
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell InsightIQ, version 5.0, contains an improper access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Insightiq
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Dell +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Microsoft +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Microsoft +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Poweredge R730 Firmware +24
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Dell +25
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Poweredge R660 Firmware +123
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. Rated medium severity (CVSS 6.3). No vendor patch available.

Authentication Bypass Dell Poweredge R660 Firmware +57
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Dell Poweredge R660 Firmware +57
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Poweredge R660 Firmware +123
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Poweredge T360 Firmware +85
NVD
EPSS 0% CVSS 2.3
LOW Monitor

Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Buffer Overflow Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Dell Buffer Overflow +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Use After Free Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Use After Free Memory Corruption +3
NVD
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Dell +1
NVD
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Dell +1
NVD
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Dell +1
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

Authentication Bypass Dell Policy Manager For Secure Connect Gateway
NVD
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Dell +1
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Authentication Bypass Information Disclosure Dell +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dell Secure Connect Gateway
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Dell Secure Connect Gateway
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Elastic Cloud Storage
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell File Upload +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Recoverpoint For Virtual Machines
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell E Lab Navigator
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Dell Powerprotect Data Manager
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Command Injection Dell Powerprotect Data Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dell Unity Operating Environment
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dell Unity Operating Environment
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dell Unity Operating Environment
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Dell +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Emc Appsync
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Dell Data Protection Search
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Powerscale Onefs
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Denial Of Service +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Dell Unity Operating Environment +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Dell +1
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Microsoft +2
NVD GitHub
Prev Page 7 of 15 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy