Filtered by vendor Dell
Subscribe
Total
1013 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-22552 | 1 Dell | 1 Emc Appsync | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations. | |||||
CVE-2021-21561 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files. | |||||
CVE-2021-36286 | 1 Dell | 1 Supportassist Client Consumer | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin. | |||||
CVE-2021-36349 | 1 Dell | 1 Emc Data Protection Central | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts. | |||||
CVE-2021-36312 | 1 Dell | 1 Cloudlink | 2024-02-28 | 8.5 HIGH | 9.1 CRITICAL |
Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit this vulnerability to gain unauthorized access to the system. | |||||
CVE-2021-36346 | 1 Dell | 2 Integrated Dell Remote Access Controller 8, Integrated Dell Remote Access Controller 8 Firmware | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver. | |||||
CVE-2022-22553 | 1 Dell | 1 Emc Appsync | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users. | |||||
CVE-2021-36336 | 1 Dell | 1 Wyse Management Suite | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system. | |||||
CVE-2021-21569 | 1 Dell | 1 Emc Networker | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information. | |||||
CVE-2022-22551 | 1 Dell | 1 Emc Appsync | 2024-02-28 | 5.8 MEDIUM | 8.8 HIGH |
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session. | |||||
CVE-2021-36334 | 1 Dell | 1 Emc Cloud Link | 2024-02-28 | 6.0 MEDIUM | 6.8 MEDIUM |
Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine | |||||
CVE-2021-36299 | 1 Dell | 1 Emc Idrac9 Firmware | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application. | |||||
CVE-2021-36310 | 1 Dell | 1 Networking Os10 | 2024-02-28 | 6.8 MEDIUM | 4.9 MEDIUM |
Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service. | |||||
CVE-2021-36340 | 1 Dell | 1 Emc Secure Connect Gateway | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it. | |||||
CVE-2021-36328 | 1 Dell | 1 Emc Streaming Data Platform | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database. | |||||
CVE-2021-36311 | 1 Dell | 1 Emc Networker | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. | |||||
CVE-2021-36301 | 1 Dell | 2 Emc Idrac8 Firmware, Emc Idrac9 Firmware | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system. | |||||
CVE-2021-36343 | 1 Dell | 668 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 665 more | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||||
CVE-2021-36322 | 1 Dell | 18 X1008, X1008 Firmware, X1008p and 15 more | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections. | |||||
CVE-2021-36327 | 1 Dell | 1 Emc Streaming Data Platform | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice. |