Filtered by vendor Dell
Subscribe
Total
1013 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-21537 | 1 Dell | 1 Hybrid Client | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to view and exfiltrate sensitive information on the system. | |||||
CVE-2020-5351 | 1 Dell | 1 Emc Data Protection Advisor | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious user with the knowledge of the hard-coded password may login to the system and gain read-only privileges. | |||||
CVE-2021-21542 | 1 Dell | 1 Idrac9 Firmware | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | |||||
CVE-2021-36281 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges. | |||||
CVE-2021-21576 | 1 Dell | 1 Emc Idrac9 Firmware | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link. | |||||
CVE-2021-21572 | 1 Dell | 256 Alienware M15 R6, Alienware M15 R6 Firmware, Chengming 3990 and 253 more | 2024-02-28 | 6.9 MEDIUM | 7.5 HIGH |
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions. | |||||
CVE-2021-21577 | 1 Dell | 1 Emc Idrac9 Firmware | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link. | |||||
CVE-2021-21529 | 1 Dell | 1 System Update | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to cause the system to run out of memory by running multiple instances of the vulnerable application. | |||||
CVE-2021-21573 | 1 Dell | 256 Alienware M15 R6, Alienware M15 R6 Firmware, Chengming 3990 and 253 more | 2024-02-28 | 6.9 MEDIUM | 7.5 HIGH |
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions. | |||||
CVE-2021-21545 | 1 Dell | 1 Peripheral Manager | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user. | |||||
CVE-2021-21557 | 1 Dell | 62 Poweredge C4140, Poweredge C4140 Firmware, Poweredge C6420 and 59 more | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode. | |||||
CVE-2020-5341 | 1 Dell | 2 Emc Avamar Server, Emc Integrated Data Protection Appliance Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system. | |||||
CVE-2020-5353 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system. | |||||
CVE-2021-36276 | 1 Dell | 1 Dbutildrv2.sys Firmware | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. | |||||
CVE-2021-21579 | 1 Dell | 1 Emc Idrac9 Firmware | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. | |||||
CVE-2021-21580 | 1 Dell | 2 Emc Idrac8 Firmware, Emc Idrac9 Firmware | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message is legitimate. | |||||
CVE-2021-36279 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. | |||||
CVE-2021-21564 | 1 Dell | 1 Openmanage Enterprise | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data. | |||||
CVE-2020-26180 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols. | |||||
CVE-2021-21559 | 1 Dell | 1 Emc Networker | 2024-02-28 | 2.9 LOW | 5.3 MEDIUM |
Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which uses SSL encrypted connection in order to communicate with the application server. An unauthenticated attacker in the same network collision domain as the NetWorker Management Console client could potentially exploit this vulnerability to perform man-in-the-middle attacks to intercept and tamper the traffic between the client and the application server. |