Filtered by vendor Dell Subscriptions
Total 1052 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-2112 2 Dell, Fuji Xerox 19 3000cn, 3010cn, 3100cn and 16 more 2024-08-07 N/A
Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted.
CVE-2007-6755 1 Dell 2 Bsafe Crypto-c-micro-edition, Bsafe Crypto-j 2024-08-07 N/A
The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
CVE-2007-4360 1 Dell 1 Remote Access Card 2024-08-07 N/A
Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with firmware 1.50 Build 02.16 allows remote attackers to cause a denial of service (SSH daemon crash) via certain network traffic, as demonstrated by an "nmap -O" scan with nmap 4.03, possibly related to a Mocana (Mocanada) SSH vulnerability.
CVE-2007-3351 3 Dell, Microsoft, Sj Labs 3 Axim X3, Windows Mobile, Sjphone 2024-08-07 N/A
The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service (device hang and traffic amplification) via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets.
CVE-2009-1120 1 Dell 1 Emc Replistor 2024-08-07 9.8 Critical
EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where the vulnerability is caused by an error when the rep_srv.exe handles a specially crafted packet sent by an unauthenticated attacker.
CVE-2011-5169 1 Dell 1 Sonicwall Viewpoint 2024-08-07 N/A
SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter.
CVE-2011-4048 1 Dell 1 Kace K2000 Systems Deployment Appliance 2024-08-06 N/A
The Dell KACE K2000 System Deployment Appliance has a default username and password for the read-only reporting account, which makes it easier for remote attackers to obtain sensitive information from the database by leveraging the default credentials.
CVE-2011-1672 1 Dell 1 Kace K2000 Systems Deployment Appliance 2024-08-06 N/A
The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and earlier contains a peinst CIFS share, which allows remote attackers to obtain sensitive information by reading the (1) unattend.xml or (2) sysprep.inf file, as demonstrated by reading a password.
CVE-2011-0330 1 Dell 1 Dellsystemlite.scanner Activex Control 2024-08-06 N/A
The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 does not properly restrict the values of the WMIAttributesOfInterest property, which allows remote attackers to execute arbitrary WMI Query Language (WQL) statements via a crafted value, as demonstrated by a value that triggers disclosure of information about installed software.
CVE-2011-0329 1 Dell 1 Dellsystemlite.scanner Activex Control 2024-08-06 N/A
Directory traversal vulnerability in the GetData method in the Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 allows remote attackers to read arbitrary files via directory traversal sequences in the fileID parameter.
CVE-2012-4955 1 Dell 1 Openmanage Server Administrator 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-3537 1 Dell 1 Crowbar 2024-08-06 N/A
The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names.
CVE-2012-1843 2 Dell, Quantum 7 Powervault Ml6000, Powervault Ml6000 Firmware, Powervault Ml6010 and 4 more 2024-08-06 N/A
Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability."
CVE-2012-1844 3 Dell, Ibm, Quantum 9 Powervault Ml6000, Powervault Ml6000 Firmware, Powervault Ml6010 and 6 more 2024-08-06 N/A
The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors.
CVE-2012-1841 2 Dell, Quantum 7 Powervault Ml6000, Powervault Ml6000 Firmware, Powervault Ml6010 and 4 more 2024-08-06 N/A
Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to read arbitrary files via a full pathname in the file parameter.
CVE-2012-1842 2 Dell, Quantum 7 Powervault Ml6000, Powervault Ml6000 Firmware, Powervault Ml6010 and 4 more 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4783 1 Dell 1 Idrac6 Bmc 2024-08-06 N/A
The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet."
CVE-2013-4785 1 Dell 1 Idrac6 Firmware 2024-08-06 N/A
The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet."
CVE-2013-3606 1 Dell 3 Powerconnect 3348, Powerconnect 3524p, Powerconnect 5324 2024-08-06 N/A
The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long username.
CVE-2013-3594 1 Dell 3 Powerconnect 3348, Powerconnect 3524p, Powerconnect 5324 2024-08-06 N/A
The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22.