Filtered by vendor Dell
Subscriptions
Total
1057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32451 | 1 Dell | 1 Display Manager | 2024-11-07 | 7.3 High |
| Dell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation | ||||
| CVE-2023-28071 | 2 Dell, Microsoft | 4 Alienware Update, Command Update, Update and 1 more | 2024-11-07 | 6.3 Medium |
| Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS). | ||||
| CVE-2023-28064 | 1 Dell | 140 Alienware M15 R6, Alienware M15 R6 Firmware, Alienware M15 R7 and 137 more | 2024-11-07 | 3.5 Low |
| Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2023-44296 | 1 Dell | 1 E-lab Navigator | 2024-11-01 | 8.4 High |
| Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information. | ||||
| CVE-2024-47481 | 1 Dell | 1 Data Lakehouse | 2024-10-31 | 6.5 Medium |
| Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service. | ||||
| CVE-2024-47483 | 1 Dell | 1 Data Lakehouse | 2024-10-31 | 2.9 Low |
| Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | ||||
| CVE-2024-22455 | 1 Dell | 1 E-lab Navigator | 2024-10-30 | 4.4 Medium |
| Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks. | ||||
| CVE-2024-29176 | 1 Dell | 11 Apex Protection Storage, Data Domain Operating System, Dd3300 and 8 more | 2024-10-30 | 8.8 High |
| Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. | ||||
| CVE-2023-32475 | 1 Dell | 80 Alienware Aurora R10, Alienware Aurora R10 Firmware, Alienware Aurora R15 Amd and 77 more | 2024-10-29 | 7.6 High |
| Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system. | ||||
| CVE-2023-32476 | 1 Dell | 1 Hybrid Client | 2024-10-24 | 6.4 Medium |
| Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability. An unauthenticated malicious user on the device can access hard coded secrets in javascript files. | ||||
| CVE-2024-47240 | 1 Dell | 1 Secure Connect Gateway | 2024-10-22 | 5.5 Medium |
| Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update failure condition. | ||||
| CVE-2023-32468 | 1 Dell | 1 Ecs Streamer | 2024-10-21 | 5.8 Medium |
| Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure of this sensitive data. | ||||
| CVE-2023-32478 | 1 Dell | 1 Powerstoreos | 2024-10-21 | 9 Critical |
| Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure. | ||||
| CVE-2024-45766 | 1 Dell | 1 Openmanage Enterprise | 2024-10-18 | 8 High |
| Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. | ||||
| CVE-2024-45767 | 1 Dell | 1 Openmanage Enterprise | 2024-10-18 | 4.3 Medium |
| Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | ||||
| CVE-2023-44294 | 1 Dell | 1 Secure Connect Gateway | 2024-10-17 | 5.4 Medium |
| In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database. | ||||
| CVE-2023-44293 | 1 Dell | 1 Secure Connect Gateway | 2024-10-17 | 5.4 Medium |
| In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database. | ||||
| CVE-2024-39586 | 1 Dell | 1 Emc Appsync | 2024-10-17 | 2.9 Low |
| Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2023-44283 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-10-17 | 7.8 High |
| In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC. | ||||
| CVE-2023-39249 | 1 Dell | 1 Supportassist For Home Pcs | 2024-10-17 | 6.3 Medium |
| Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes. | ||||