Filtered by vendor Dell
Subscribe
Total
1010 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-28979 | 1 Dell | 1 Openmanage Enterprise | 2024-08-20 | N/A | 4.8 MEDIUM |
Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. | |||||
CVE-2023-28074 | 1 Dell | 2 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite | 2024-08-20 | N/A | 7.1 HIGH |
Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | |||||
CVE-2024-7922 | 1 Dell | 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more | 2024-08-20 | 6.5 MEDIUM | 9.8 CRITICAL |
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this issue is the function cgi_audio_search/cgi_create_playlist/cgi_get_album_all_tracks/cgi_get_alltracks_editlist/cgi_get_artist_all_album/cgi_get_genre_all_tracks/cgi_get_tracks_list/cgi_set_airplay_content/cgi_write_playlist of the file /cgi-bin/myMusic.cgi. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. | |||||
CVE-2024-0171 | 1 Dell | 12 Poweredge C6615, Poweredge C6615 Firmware, Poweredge R6615 and 9 more | 2024-08-20 | N/A | 5.3 MEDIUM |
Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources. | |||||
CVE-2024-28962 | 1 Dell | 3 Alienware Update, Command Update, Update | 2024-08-19 | N/A | 7.5 HIGH |
Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | |||||
CVE-2024-32860 | 1 Dell | 44 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R11 and 41 more | 2024-08-16 | N/A | 8.2 HIGH |
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | |||||
CVE-2024-28964 | 1 Dell | 1 Common Event Enabler | 2024-08-16 | N/A | 7.8 HIGH |
Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file. | |||||
CVE-2024-25949 | 1 Dell | 1 Networking Os10 | 2024-08-14 | N/A | 8.8 HIGH |
Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges. | |||||
CVE-2024-0169 | 1 Dell | 1 Unity Operating Environment | 2024-08-14 | N/A | 5.4 MEDIUM |
Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | |||||
CVE-2024-37129 | 1 Dell | 1 Inventory Collector | 2024-08-13 | N/A | 7.8 HIGH |
Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system. | |||||
CVE-2024-37142 | 1 Dell | 1 Peripheral Manager | 2024-08-08 | N/A | 7.8 HIGH |
Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | |||||
CVE-2024-32857 | 1 Dell | 1 Peripheral Manager | 2024-08-08 | N/A | 7.8 HIGH |
Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | |||||
CVE-2024-38301 | 1 Dell | 1 Alienware Command Center | 2024-08-08 | N/A | 7.8 HIGH |
Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure. | |||||
CVE-2024-28965 | 1 Dell | 1 Secure Connect Gateway | 2024-08-06 | N/A | 5.4 MEDIUM |
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. | |||||
CVE-2024-28966 | 1 Dell | 1 Secure Connect Gateway | 2024-08-06 | N/A | 5.4 MEDIUM |
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. | |||||
CVE-2024-28967 | 1 Dell | 1 Secure Connect Gateway | 2024-08-06 | N/A | 5.4 MEDIUM |
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. | |||||
CVE-2024-28968 | 1 Dell | 1 Secure Connect Gateway | 2024-08-06 | N/A | 5.4 MEDIUM |
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. | |||||
CVE-2024-29168 | 1 Dell | 1 Secure Connect Gateway | 2024-08-06 | N/A | 8.8 HIGH |
Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data. | |||||
CVE-2024-28969 | 1 Dell | 1 Secure Connect Gateway | 2024-08-06 | N/A | 4.3 MEDIUM |
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources. | |||||
CVE-2024-25948 | 1 Dell | 1 Emc Idrac Service Module | 2024-08-02 | N/A | 4.4 MEDIUM |
Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. |