Filtered by vendor Dell
Subscribe
Total
1013 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-11069 | 1 Dell | 1 Bsafe Ssl-j | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. | |||||
CVE-2018-11062 | 1 Dell | 1 Emc Integrated Data Protection Appliance | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files. | |||||
CVE-2018-15773 | 1 Dell | 1 Data Protection \| Encryption | 2024-02-28 | 4.9 MEDIUM | 4.3 MEDIUM |
Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of sensitive system files. | |||||
CVE-2018-11057 | 2 Dell, Oracle | 12 Bsafe, Application Testing Suite, Communications Analytics and 9 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. | |||||
CVE-2018-11048 | 1 Dell | 2 Emc Data Protection Advisor, Emc Integrated Data Protection Appliance | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request. | |||||
CVE-2018-11078 | 1 Dell | 1 Emc Vplex Geosynchrony | 2024-02-28 | 6.0 MEDIUM | 7.5 HIGH |
Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic. | |||||
CVE-2018-15767 | 1 Dell | 1 Openmanage Network Manager | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file. | |||||
CVE-2018-11054 | 2 Dell, Oracle | 12 Bsafe, Application Testing Suite, Communications Analytics and 9 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service. | |||||
CVE-2018-11055 | 2 Dell, Oracle | 12 Bsafe, Application Testing Suite, Communications Analytics and 9 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection. | |||||
CVE-2018-11076 | 2 Dell, Vmware | 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users. | |||||
CVE-2018-11066 | 2 Dell, Vmware | 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server. | |||||
CVE-2018-11077 | 2 Dell, Vmware | 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege. | |||||
CVE-2018-11064 | 1 Dell | 2 Emc Unity Operating Environment, Emc Unityvsa Operating Environment | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result in arbitrary code execution with elevated privileges. No user file systems are directly affected by this vulnerability. | |||||
CVE-2018-15766 | 1 Dell | 2 Encryption, Endpoint Security Suite Enterprise | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device. This value is defined during the installation of the "Encryption Management Agent" or "EMAgent" application. There are no other known values modified. | |||||
CVE-2018-11067 | 2 Dell, Vmware | 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. | |||||
CVE-2018-11068 | 1 Dell | 1 Bsafe Ssl-j | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. | |||||
CVE-2018-11056 | 2 Dell, Oracle | 13 Bsafe, Bsafe Crypto-c, Application Testing Suite and 10 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service. | |||||
CVE-2019-3704 | 1 Dell | 2 Emc Vnx2, Emc Vnx2 Firmware | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability. | |||||
CVE-2018-1251 | 1 Dell | 3 Emc Unity, Emc Unity Firmware, Emc Unityvsa | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted Unisphere URL. Attacker could potentially phish information, including Unisphere users' credentials, from the victim once they are redirected. | |||||
CVE-2018-15776 | 1 Dell | 2 Idrac7 Firmware, Idrac8 Firmware | 2024-02-28 | 4.6 MEDIUM | 6.8 MEDIUM |
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell. |