Filtered by vendor Dell Subscriptions
Total 1058 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-15778 1 Dell 1 Networking Os10 2024-11-21 N/A
Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI).
CVE-2018-15776 1 Dell 2 Idrac7 Firmware, Idrac8 Firmware 2024-11-21 N/A
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell.
CVE-2018-15774 1 Dell 3 Idrac7 Firmware, Idrac8 Firmware, Idrac9 Firmware 2024-11-21 N/A
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.
CVE-2018-15773 1 Dell 1 Data Protection \| Encryption 2024-11-21 N/A
Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of sensitive system files.
CVE-2018-15772 1 Dell 2 Emc Recoverpoint, Emc Recoverpoint For Virtual Machines 2024-11-21 N/A
Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.
CVE-2018-15769 2 Dell, Oracle 12 Bsafe, Application Testing Suite, Communications Analytics and 9 more 2024-11-21 7.5 High
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.
CVE-2018-15768 1 Dell 1 Openmanage Network Manager 2024-11-21 N/A
Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database.
CVE-2018-15767 1 Dell 1 Openmanage Network Manager 2024-11-21 N/A
The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file.
CVE-2018-15766 1 Dell 2 Encryption, Endpoint Security Suite Enterprise 2024-11-21 N/A
On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device. This value is defined during the installation of the "Encryption Management Agent" or "EMAgent" application. There are no other known values modified.
CVE-2018-15765 1 Dell 1 Emc Secure Remote Services 2024-11-21 N/A
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks.
CVE-2018-15748 1 Dell 4 2335dn, 2335dn Engine Firmware, 2335dn Network Firmware and 1 more 2024-11-21 N/A
On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of the Email Settings webpage. In some cases, authentication can be achieved with the blank default password for the admin account. NOTE: the vendor indicates that this is an "End Of Support Life" product.
CVE-2018-11078 1 Dell 1 Emc Vplex Geosynchrony 2024-11-21 N/A
Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic.
CVE-2018-11077 2 Dell, Vmware 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection 2024-11-21 N/A
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
CVE-2018-11076 2 Dell, Vmware 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection 2024-11-21 N/A
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.
CVE-2018-11072 1 Dell 1 Digital Delivery 2024-11-21 N/A
Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges.
CVE-2018-11070 1 Dell 2 Bsafe Crypto-j, Rsa Bsafe Ssl-j 2024-11-21 5.9 Medium
RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.
CVE-2018-11069 1 Dell 1 Bsafe Ssl-j 2024-11-21 5.9 Medium
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.
CVE-2018-11068 1 Dell 1 Bsafe Ssl-j 2024-11-21 4.6 Medium
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.
CVE-2018-11067 2 Dell, Vmware 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection 2024-11-21 N/A
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
CVE-2018-11066 2 Dell, Vmware 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection 2024-11-21 N/A
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.