Filtered by vendor Dell
Subscribe
Total
960 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5364 | 1 Dell | 1 Emc Isilon Onefs | 2020-05-21 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access. | |||||
| CVE-2020-5343 | 1 Dell | 1 Os Recovery Image For Microsoft Windows 10 | 2020-05-08 | 7.2 HIGH | 7.8 HIGH |
| Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder. | |||||
| CVE-2020-5350 | 1 Dell | 1 Emc Integrated Data Protection Appliance | 2020-04-23 | 9.0 HIGH | 7.2 HIGH |
| Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component. | |||||
| CVE-2020-5348 | 1 Dell | 2 Latitude 7202, Latitude 7202 Firmware | 2020-04-06 | 7.2 HIGH | 7.8 HIGH |
| Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode. | |||||
| CVE-2020-5347 | 1 Dell | 1 Emc Isilon Onefs | 2020-04-06 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses. | |||||
| CVE-2020-5344 | 1 Dell | 6 Idrac7, Idrac7 Firmware, Idrac8 and 3 more | 2020-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data. | |||||
| CVE-2019-3762 | 1 Dell | 2 Emc Data Protection Central, Emc Integrated Data Protection Appliance | 2020-03-27 | 5.0 MEDIUM | 7.5 HIGH |
| Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data. | |||||
| CVE-2019-18581 | 1 Dell | 6 Emc Data Protection Advisor, Emc Idpa Dp4400, Emc Idpa Dp5800 and 3 more | 2020-03-24 | 9.0 HIGH | 7.2 HIGH |
| Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application’s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system. | |||||
| CVE-2019-18582 | 1 Dell | 6 Emc Data Protection Advisor, Emc Idpa Dp4400, Emc Idpa Dp5800 and 3 more | 2020-03-24 | 9.0 HIGH | 7.2 HIGH |
| Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to inject malicious report generation scripts in the server. This may lead to OS command execution as the regular user runs the DPA service on the affected system. | |||||
| CVE-2019-18576 | 1 Dell | 1 Xtremio Management Server | 2020-03-18 | 2.1 LOW | 6.7 MEDIUM |
| Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user. | |||||
| CVE-2019-18577 | 1 Dell | 1 Xtremio Management Server | 2020-03-18 | 7.2 HIGH | 6.7 MEDIUM |
| Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access. | |||||
| CVE-2019-18578 | 1 Dell | 1 Xtremio Management Server | 2020-03-18 | 6.0 MEDIUM | 9.0 CRITICAL |
| Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2019-3769 | 1 Dell | 1 Wyse Management Suite | 2020-03-18 | 3.5 LOW | 6.4 MEDIUM |
| Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | |||||
| CVE-2019-3770 | 1 Dell | 1 Wyse Management Suite | 2020-03-18 | 3.5 LOW | 6.4 MEDIUM |
| Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | |||||
| CVE-2020-5342 | 1 Dell | 1 Digital Delivery | 2020-03-10 | 7.2 HIGH | 7.8 HIGH |
| Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system. | |||||
| CVE-2020-5327 | 1 Dell | 1 Security Management Server | 2020-03-09 | 9.3 HIGH | 9.8 CRITICAL |
| Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host. | |||||
| CVE-2020-5328 | 1 Dell | 1 Emc Isilon Onefs | 2020-03-09 | 10.0 HIGH | 9.8 CRITICAL |
| Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur. | |||||
| CVE-2020-5326 | 1 Dell | 348 Chengming 3980, Chengming 3980 Firmware, Embedded Box Pc 5000 and 345 more | 2020-03-03 | 2.1 LOW | 5.3 MEDIUM |
| Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager. | |||||
| CVE-2020-5317 | 1 Dell | 1 Emc Elastic Cloud Storage | 2020-02-12 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2020-5319 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Xt Operating Environment, Emc Unityvsa Operating Environment | 2020-02-12 | 7.8 HIGH | 7.5 HIGH |
| Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP service on a NAS server. A remote unauthenticated attacker may potentially exploit this vulnerability and cause a Denial of Service (Storage Processor Panic) by sending an out of order SSH protocol sequence. | |||||