Filtered by vendor Dell
Subscriptions
Total
1056 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-22433 | 1 Dell | 1 Data Protection Search | 2024-08-19 | 8.8 High |
Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices. | ||||
CVE-2024-28962 | 1 Dell | 3 Alienware Update, Command Update, Update | 2024-08-19 | 6.5 Medium |
Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | ||||
CVE-2024-22230 | 1 Dell | 1 Unity Operating Environment | 2024-08-19 | 6.4 Medium |
Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control the victim's browser. | ||||
CVE-2024-0168 | 1 Dell | 1 Unity Operating Environment | 2024-08-19 | 7.8 High |
Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges. | ||||
CVE-2024-32860 | 1 Dell | 45 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R11 and 42 more | 2024-08-16 | 7.5 High |
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | ||||
CVE-2024-28964 | 1 Dell | 1 Common Event Enabler | 2024-08-16 | 7.8 High |
Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file. | ||||
CVE-2023-44292 | 1 Dell | 1 Repository Manager | 2024-08-14 | 6.7 Medium |
Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | ||||
CVE-2024-25949 | 1 Dell | 1 Networking Os10 | 2024-08-14 | 8.8 High |
Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges. | ||||
CVE-2024-0169 | 1 Dell | 1 Unity Operating Environment | 2024-08-14 | 5.7 Medium |
Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | ||||
CVE-2024-37129 | 1 Dell | 6 Alienware Update, Command Update, Inventory Collector and 3 more | 2024-08-13 | 6.7 Medium |
Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system. | ||||
CVE-2023-39259 | 1 Dell | 1 Os Recovery Tool | 2024-08-12 | 7.3 High |
Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system. | ||||
CVE-2024-37142 | 1 Dell | 1 Peripheral Manager | 2024-08-08 | 7.3 High |
Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | ||||
CVE-2024-32857 | 1 Dell | 1 Peripheral Manager | 2024-08-08 | 7.3 High |
Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | ||||
CVE-2024-38301 | 1 Dell | 1 Alienware Command Center | 2024-08-08 | 6.7 Medium |
Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure. | ||||
CVE-2001-1105 | 2 Cisco, Dell | 2 Icdn, Bsafe Ssl-j | 2024-08-08 | N/A |
RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure. | ||||
CVE-2004-2359 | 1 Dell | 1 Truemobile 1300 Wlan Mini-pci Card Util Trayapplet | 2024-08-08 | N/A |
Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does not properly drop SYSTEM privileges when started from the systray applet, which allows local users to gain privileges by accessing the Help functionality. | ||||
CVE-2004-0331 | 1 Dell | 1 Openmanage | 2024-08-08 | N/A |
Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable. | ||||
CVE-2004-0112 | 24 4d, Apple, Avaya and 21 more | 65 Webstar, Mac Os X, Mac Os X Server and 62 more | 2024-08-08 | N/A |
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. | ||||
CVE-2004-0079 | 23 4d, Apple, Avaya and 20 more | 67 Webstar, Mac Os X, Mac Os X Server and 64 more | 2024-08-08 | 7.5 High |
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | ||||
CVE-2004-0081 | 23 4d, Apple, Avaya and 20 more | 67 Webstar, Mac Os X, Mac Os X Server and 64 more | 2024-08-08 | N/A |
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. |