Filtered by vendor Dell
Subscribe
Total
1013 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5362 | 1 Dell | 708 Chengming 3967, Chengming 3967 Firmware, Chengming 3977 and 705 more | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
| Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values. | |||||
| CVE-2020-5347 | 1 Dell | 1 Emc Isilon Onefs | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses. | |||||
| CVE-2019-3762 | 1 Dell | 2 Emc Data Protection Central, Emc Integrated Data Protection Appliance | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data. | |||||
| CVE-2020-5363 | 1 Dell | 36 Latitude 5300, Latitude 5300 2-in-1, Latitude 5300 2-in-1 Firmware and 33 more | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive. | |||||
| CVE-2020-5330 | 1 Dell | 10 Pc5500, Pc5500 Firmware, R1-2210 and 7 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints. | |||||
| CVE-2020-5358 | 1 Dell | 2 Encryption, Endpoint Security Suite Enterprise | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link. | |||||
| CVE-2019-18578 | 1 Dell | 1 Xtremio Management Server | 2024-02-28 | 6.0 MEDIUM | 9.0 CRITICAL |
| Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2020-5328 | 1 Dell | 1 Emc Isilon Onefs | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur. | |||||
| CVE-2019-3732 | 2 Dell, Emc | 3 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Rsa Bsafe Crypto-c | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. | |||||
| CVE-2019-3745 | 1 Dell | 2 Encryption, Endpoint Security Suite Enterprise | 2024-02-28 | 6.9 MEDIUM | 7.3 HIGH |
| The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator. | |||||
| CVE-2020-5324 | 1 Dell | 226 G3 15 3590, G3 15 3590 Firmware, G3 3579 and 223 more | 2024-02-28 | 2.6 LOW | 4.4 MEDIUM |
| Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers. | |||||
| CVE-2019-18579 | 1 Dell | 2 Xps 7390, Xps 7390 Firmware | 2024-02-28 | 7.2 HIGH | 6.8 MEDIUM |
| Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt (and PCIe behind TBT) pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's system can obtain read or write access to main memory via a DMA attack during platform boot. | |||||
| CVE-2020-5317 | 1 Dell | 1 Emc Elastic Cloud Storage | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2019-3730 | 1 Dell | 1 Bsafe Micro-edition-suite | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. | |||||
| CVE-2019-3766 | 1 Dell | 1 Emc Elastic Cloud Storage | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts. | |||||
| CVE-2019-3731 | 1 Dell | 2 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. | |||||
| CVE-2015-0949 | 2 Dell, Hp | 4 Latitude E6430, Latitude E6430 Firmware, Elitebook 850 G1 and 1 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory. | |||||
| CVE-2019-18575 | 1 Dell | 1 Command\|configure | 2024-02-28 | 6.6 MEDIUM | 7.1 HIGH |
| Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system. | |||||
| CVE-2019-3767 | 1 Dell | 1 Imageassist | 2024-02-28 | 1.9 LOW | 8.2 HIGH |
| Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems. | |||||
| CVE-2019-3736 | 1 Dell | 5 Emc Idpa Dp4400, Emc Idpa Dp5800, Emc Idpa Dp8300 and 2 more | 2024-02-28 | 4.0 MEDIUM | 7.2 HIGH |
| Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user. | |||||