Filtered by vendor Dell Subscriptions
Total 1058 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-5363 1 Dell 36 Latitude 5300, Latitude 5300 2-in-1, Latitude 5300 2-in-1 Firmware and 33 more 2024-11-21 8.6 High
Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.
CVE-2020-5362 1 Dell 708 Chengming 3967, Chengming 3967 Firmware, Chengming 3977 and 705 more 2024-11-21 7.1 High
Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.
CVE-2020-5361 1 Dell 1 Cpg Bios 2024-11-21 5.1 Medium
Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication.
CVE-2020-5360 2 Dell, Oracle 5 Bsafe Micro-edition-suite, Database, Http Server and 2 more 2024-11-21 7.5 High
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems.
CVE-2020-5359 2 Dell, Oracle 3 Bsafe Micro-edition-suite, Database, Weblogic Server Proxy Plug-in 2024-11-21 5.8 Medium
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data.
CVE-2020-5358 1 Dell 2 Encryption, Endpoint Security Suite Enterprise 2024-11-21 6.7 Medium
Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.
CVE-2020-5357 1 Dell 8 Dock Wd15, Dock Wd15 Firmware, Dock Wd19 and 5 more 2024-11-21 7.1 High
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.
CVE-2020-5356 1 Dell 3 Powerprotect Data Manager, Powerprotect X400, Powerprotect X400 Firmware 2024-11-21 7.7 High
Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.
CVE-2020-5355 1 Dell 1 Emc Isilon Onefs 2024-11-21 4.3 Medium
The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended.
CVE-2020-5353 1 Dell 2 Emc Isilon Onefs, Emc Powerscale Onefs 2024-11-21 8.8 High
The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system.
CVE-2020-5352 1 Dell 1 Emc Data Protection Advisor 2024-11-21 8.8 High
Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system.
CVE-2020-5351 1 Dell 1 Emc Data Protection Advisor 2024-11-21 7.5 High
Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious user with the knowledge of the hard-coded password may login to the system and gain read-only privileges.
CVE-2020-5350 1 Dell 1 Emc Integrated Data Protection Appliance 2024-11-21 7.9 High
Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.
CVE-2020-5349 1 Dell 13 Emc Powerswitch S4112f-on, Emc Powerswitch S4112t-on, Emc Powerswitch S4128f-on and 10 more 2024-11-21 9.8 Critical
Dell EMC Networking S4100 and S5200 Series Switches manufactured prior to February 2020 contain a hardcoded credential vulnerability. A remote unauthenticated malicious user could exploit this vulnerability and gain administrative privileges.
CVE-2020-5348 1 Dell 2 Latitude 7202, Latitude 7202 Firmware 2024-11-21 6.8 Medium
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.
CVE-2020-5347 1 Dell 1 Emc Isilon Onefs 2024-11-21 5.3 Medium
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.
CVE-2020-5345 1 Dell 3 Emc Unisphere For Powermax, Emc Unisphere For Powermax Virtual Appliance, Powermax Os 2024-11-21 6.4 Medium
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.
CVE-2020-5344 1 Dell 6 Idrac7, Idrac7 Firmware, Idrac8 and 3 more 2024-11-21 7 High
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
CVE-2020-5343 1 Dell 1 Os Recovery Image For Microsoft Windows 10 2024-11-21 7.3 High
Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder.
CVE-2020-5342 1 Dell 1 Digital Delivery 2024-11-21 7.8 High
Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system.