Filtered by vendor Dell
Subscribe
Total
1046 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21527 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 7.2 HIGH | 6.0 MEDIUM |
| Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | |||||
| CVE-2021-21526 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 7.2 HIGH | 6.0 MEDIUM |
| Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root. | |||||
| CVE-2021-21524 | 1 Dell | 2 Storage Monitoring And Reporting, Storage Resource Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Critical as this may lead to system compromise by unauthenticated attackers. | |||||
| CVE-2021-21522 | 1 Dell | 56 Latitude 5285 2-in-1, Latitude 5285 2-in-1 Firmware, Latitude 5289 2-in-1 and 53 more | 2024-11-21 | 2.1 LOW | 8.2 HIGH |
| Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface. | |||||
| CVE-2021-21518 | 1 Dell | 3 Supportassist Client Promanage, Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges. | |||||
| CVE-2021-21517 | 1 Dell | 1 Emc Srs Policy Manager | 2024-11-21 | 6.4 MEDIUM | 7.2 HIGH |
| SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service. | |||||
| CVE-2021-21515 | 1 Dell | 1 Emc Sourceone | 2024-11-21 | 3.5 LOW | 9.0 CRITICAL |
| Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessions or to trick a victim application user to unknowingly send arbitrary requests to the server. | |||||
| CVE-2021-21514 | 1 Dell | 1 Openmanage Server Administrator | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request. | |||||
| CVE-2021-21513 | 1 Dell | 1 Openmanage Server Administrator | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system. | |||||
| CVE-2021-21512 | 1 Dell | 1 Emc Powerprotect Cyber Recovery | 2024-11-21 | 3.6 LOW | 7.9 HIGH |
| Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account. | |||||
| CVE-2021-21511 | 1 Dell | 2 Emc Avamar Server, Emc Integrated Data Protection Appliance | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data. | |||||
| CVE-2021-21510 | 1 Dell | 1 Idrac8 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections. | |||||
| CVE-2021-21507 | 1 Dell | 22 R1-2210, R1-2210 Firmware, R1-2401 and 19 more | 2024-11-21 | 5.0 MEDIUM | 8.8 HIGH |
| Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account. | |||||
| CVE-2021-21506 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISI_PRIV_SYS_SUPPORT and ISI_PRIV_LOGIN_PAPI privileges could potentially exploit this vulnerability, leading to potential privileges escalation. | |||||
| CVE-2021-21505 | 1 Dell | 2 Emc Integrated System For Microsoft Azure Stack Hub, Emc Integrated System For Microsoft Azure Stack Hub Firmware | 2024-11-21 | 10.0 HIGH | 8.0 HIGH |
| Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to the system to gain root privileges. | |||||
| CVE-2021-21503 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation. | |||||
| CVE-2021-21502 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity. | |||||
| CVE-2020-5389 | 1 Dell | 1 Emc Openmanage Integration For Microsoft System Center | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an information disclosure vulnerability. Authenticated low privileged OMIMSCC users may be able to retrieve sensitive information from the logs. | |||||
| CVE-2020-5388 | 1 Dell | 2 Inspiron 15 7579, Inspiron 15 7579 Firmware | 2024-11-21 | 4.4 MEDIUM | 6.9 MEDIUM |
| Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||||
| CVE-2020-5387 | 1 Dell | 2 Xps 13 9370, Xps 13 9370 Firmware | 2024-11-21 | 4.9 MEDIUM | 2.3 LOW |
| Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. A local attacker with physical access could exploit this vulnerability to prevent the system from booting until the exploited boot device is removed. | |||||