Filtered by vendor Dell
Subscribe
Total
1013 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-32483 | 1 Dell | 580 Alienware Area 51m R1, Alienware Area 51m R1 Firmware, Alienware Area 51m R2 and 577 more | 2024-02-28 | N/A | 4.4 MEDIUM |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | |||||
CVE-2022-34375 | 1 Dell | 1 Container Storage Modules | 2024-02-28 | N/A | 6.5 MEDIUM |
Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory. | |||||
CVE-2022-33935 | 1 Dell | 1 Emc Data Protection Advisor | 2024-02-28 | N/A | 5.4 MEDIUM |
Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
CVE-2022-33924 | 1 Dell | 1 Wyse Management Suite | 2024-02-28 | N/A | 5.3 MEDIUM |
Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability with which an attacker with no access to create rules could potentially exploit this vulnerability and create rules. | |||||
CVE-2022-34373 | 1 Dell | 1 Command \| Integration Suite For System Center | 2024-02-28 | N/A | 7.8 HIGH |
Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system. | |||||
CVE-2022-34374 | 1 Dell | 1 Container Storage Modules | 2024-02-28 | N/A | 8.8 HIGH |
Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system. | |||||
CVE-2022-34424 | 1 Dell | 1 Smartfabric Os10 | 2024-02-28 | N/A | 7.5 HIGH |
Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans. | |||||
CVE-2022-34380 | 1 Dell | 1 Cloudlink | 2024-02-28 | N/A | 8.2 HIGH |
Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system. | |||||
CVE-2022-32498 | 1 Dell | 1 Powerstore Command Line Interface | 2024-02-28 | N/A | 7.8 HIGH |
Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure. | |||||
CVE-2022-29083 | 1 Dell | 216 Chengming 3980, Chengming 3980 Firmware, Chengming 3990 and 213 more | 2024-02-28 | N/A | 6.8 MEDIUM |
Prior Dell BIOS versions contain an Improper Authentication vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability by bypassing drive security mechanisms in order to gain access to the system. | |||||
CVE-2022-31238 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-28 | N/A | 5.5 MEDIUM |
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure. | |||||
CVE-2022-33921 | 1 Dell | 1 Geodrive | 2024-02-28 | N/A | 7.8 HIGH |
Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. | |||||
CVE-2022-32486 | 1 Dell | 4 Bios, Precision 5820 Tower, Precision 7820 Tower and 1 more | 2024-02-28 | N/A | 8.8 HIGH |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||||
CVE-2020-35164 | 2 Dell, Oracle | 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more | 2024-02-28 | 7.5 HIGH | 8.1 HIGH |
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. | |||||
CVE-2022-34390 | 1 Dell | 4 Alienware Area-51 R4, Alienware Area-51 R4 Firmware, Alienware Area-51 R5 and 1 more | 2024-02-28 | N/A | 7.8 HIGH |
Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||||
CVE-2020-29506 | 2 Dell, Oracle | 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. | |||||
CVE-2022-32481 | 1 Dell | 1 Powerprotect Cyber Recovery | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover. | |||||
CVE-2022-34434 | 1 Dell | 1 Cloud Mobility For Dell Emc Storage | 2024-02-28 | N/A | 6.7 MEDIUM |
Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application. | |||||
CVE-2022-33922 | 1 Dell | 1 Geodrive | 2024-02-28 | N/A | 7.8 HIGH |
Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earliest opportunity. | |||||
CVE-2022-33936 | 1 Dell | 1 Cloud Mobility For Dell Emc Storage | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity. |