Filtered by vendor Dell Subscriptions
Total 1056 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-43076 1 Dell 1 Powerscale Onefs 2024-09-05 6.5 Medium
Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. A low privilege remote attacker could potentially exploit this vulnerability to cause an out of memory (OOM) condition.
CVE-2024-38482 1 Dell 1 Cloudlink 2024-09-05 6.6 Medium
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database.
CVE-2024-39579 1 Dell 1 Powerscale Onefs 2024-09-03 6.7 Medium
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.
CVE-2024-39578 1 Dell 1 Powerscale Onefs 2024-09-03 6.3 Medium
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.
CVE-2024-28972 1 Dell 1 Insightiq 2024-09-03 5.9 Medium
Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure.
CVE-2023-44282 1 Dell 1 Repository Manager 2024-08-29 6.7 Medium
Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.
CVE-2024-22432 1 Dell 1 Networker 2024-08-29 7.8 High
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account.
CVE-2023-43078 1 Dell 322 Alienware M15 R6 Firmware, Alienware M15 R7 Firmware, Alienware M16 R1 Firmware and 319 more 2024-08-28 6.7 Medium
Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.
CVE-2024-39584 1 Dell 7 Alienware Area 51m R2 Firmware, Alienware Aurora R15 Amd Firmware, Alienware M15 R3 Firmware and 4 more 2024-08-28 8.2 High
Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution.
CVE-2024-37127 1 Dell 1 Peripheral Manager 2024-08-27 7.8 High
Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege
CVE-2024-22229 1 Dell 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment 2024-08-23 3.1 Low
Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities.
CVE-2023-22576 1 Dell 1 Repository Manager 2024-08-23 7 High
Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service.
CVE-2023-32479 2 Dell, Microsoft 4 Encryption, Endpoint Security Suite Enterprise, Security Management Server and 1 more 2024-08-22 6.7 Medium
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.
CVE-2023-28049 1 Dell 1 Command \| Monitor 2024-08-22 4.7 Medium
Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete.
CVE-2024-22445 1 Dell 1 Powerprotect Data Manager 2024-08-22 7.2 High
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
CVE-2024-39576 1 Dell 1 Power Manager 2024-08-22 8.8 High
Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.
CVE-2024-38305 1 Dell 1 Supportassist For Home Pcs 2024-08-21 7.3 High
Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with elevated privileges.
CVE-2024-28979 1 Dell 1 Openmanage Enterprise 2024-08-20 5.1 Medium
Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
CVE-2023-28074 1 Dell 2 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite 2024-08-20 6.2 Medium
Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
CVE-2024-7922 2 Dell, Dlink 60 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 57 more 2024-08-20 6.3 Medium
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this issue is the function cgi_audio_search/cgi_create_playlist/cgi_get_album_all_tracks/cgi_get_alltracks_editlist/cgi_get_artist_all_album/cgi_get_genre_all_tracks/cgi_get_tracks_list/cgi_set_airplay_content/cgi_write_playlist of the file /cgi-bin/myMusic.cgi. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.