Filtered by vendor Dell
Subscribe
Total
1013 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5360 | 2 Dell, Oracle | 5 Bsafe Micro-edition-suite, Database, Http Server and 2 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems. | |||||
| CVE-2020-29500 | 1 Dell | 2 Emc Powerstore, Emc Powerstore Firmware | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2020-5388 | 1 Dell | 2 Inspiron 15 7579, Inspiron 15 7579 Firmware | 2024-02-28 | 4.4 MEDIUM | 6.9 MEDIUM |
| Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||||
| CVE-2020-5387 | 1 Dell | 2 Xps 13 9370, Xps 13 9370 Firmware | 2024-02-28 | 4.9 MEDIUM | 4.4 MEDIUM |
| Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. A local attacker with physical access could exploit this vulnerability to prevent the system from booting until the exploited boot device is removed. | |||||
| CVE-2020-26195 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system. | |||||
| CVE-2021-21512 | 1 Dell | 1 Emc Powerprotect Cyber Recovery | 2024-02-28 | 3.6 LOW | 6.0 MEDIUM |
| Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account. | |||||
| CVE-2020-29491 | 1 Dell | 8 Wyse 3040, Wyse 5010, Wyse 5040 and 5 more | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
| Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the sensitive information on the local network, leading to the potential compromise of impacted thin clients. | |||||
| CVE-2020-26193 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. | |||||
| CVE-2021-21502 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity. | |||||
| CVE-2020-26183 | 1 Dell | 1 Emc Networker | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform 'nsrmmdbd' operations in an unintended manner. | |||||
| CVE-2020-35170 | 1 Dell | 2 Powermax Os, Unisphere | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users’ sessions. | |||||
| CVE-2021-21513 | 1 Dell | 1 Openmanage Server Administrator | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system. | |||||
| CVE-2020-29496 | 1 Dell | 1 Wyse Management Suite | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
| Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with high privileges could exploit this vulnerability to store malicious HTML or JavaScript code while creating the Enduser. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | |||||
| CVE-2020-26181 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges. | |||||
| CVE-2020-29498 | 1 Dell | 1 Wyse Management Suite | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Dell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. | |||||
| CVE-2020-26182 | 1 Dell | 1 Emc Networker | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform 'saveset' related operations in an unintended manner. The vulnerability is not exploitable by users authenticated via LDAP. | |||||
| CVE-2020-26194 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to compromised cryptographic operations. Note: no non-admin users or roles have these privileges by default. | |||||
| CVE-2020-29497 | 1 Dell | 1 Wyse Management Suite | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code under the device tag. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | |||||
| CVE-2021-21514 | 1 Dell | 1 Openmanage Server Administrator | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request. | |||||
| CVE-2020-29493 | 1 Dell | 2 Emc Avamar Server, Emc Integrated Data Protection Appliance | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity. | |||||