VYPR

Vendor CVEs

Dell

All CVEs

1,538 total · sorted by risk
  • CVE-2018-1207CriMar 23, 2018
    risk 0.74cvss 9.8epss 0.91

    Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code.

  • CVE-2018-1235CriMay 29, 2018
    risk 0.70cvss 9.8epss 0.43

    Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with…

  • CVE-2016-9682CriFeb 22, 2017
    risk 0.69cvss 9.8epss 0.23

    The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out…

  • CVE-2017-17420CriFeb 8, 2018
    risk 0.68cvss 9.8epss 0.49

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobCountHistory Get method…

  • CVE-2017-17417CriFeb 8, 2018
    risk 0.68cvss 9.8epss 0.10

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Acknowledge method…

  • CVE-2016-9683CriFeb 22, 2017
    risk 0.68cvss 9.8epss 0.12

    The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for…

  • CVE-2016-9684CriFeb 22, 2017
    risk 0.67cvss 9.8epss 0.07

    The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL…

  • CVE-2018-1216CriMar 8, 2018
    risk 0.65cvss 9.8epss 0.22

    A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance…

  • CVE-2017-8011CriJul 17, 2017
    risk 0.65cvss 9.8epss 0.14

    EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for…

  • CVE-2016-2396CriFeb 17, 2016
    risk 0.65cvss 9.9epss 0.05

    The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.

  • CVE-2026-40636CriMay 11, 2026
    risk 0.64cvss 9.8epss 0.00

    Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for…

  • CVE-2018-11052CriJul 3, 2018
    risk 0.64cvss 9.8epss 0.04

    Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying specially crafted S3 requests.

  • CVE-2018-1183CriApr 30, 2018
    risk 0.64cvss 9.8epss 0.02

    In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX…

  • CVE-2017-8013CriMar 16, 2018
    risk 0.64cvss 9.8epss 0.02

    EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with…

  • CVE-2017-17425CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSourceDeviceSet Get method…

  • CVE-2017-17424CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUScheduleSet Get method requests.…

  • CVE-2017-17423CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupSegment Get method…

  • CVE-2017-17422CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Get method requests. The…

  • CVE-2017-17421CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSelectionSet Get method…

  • CVE-2017-17419CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUTransferHistory Get method…

  • CVE-2017-17418CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPolicy Get method requests. The…

  • CVE-2017-17416CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus GetPlugins method…

  • CVE-2017-17415CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Count method…

  • CVE-2017-17414CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Get method requests.…

  • CVE-2017-14374CriDec 6, 2017
    risk 0.64cvss 9.8epss 0.01

    The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and…

  • CVE-2017-14375CriNov 1, 2017
    risk 0.64cvss 9.8epss 0.05

    EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including…

  • CVE-2017-8021CriOct 3, 2017
    risk 0.64cvss 9.8epss 0.02

    EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.

  • CVE-2017-4997CriJun 29, 2017
    risk 0.64cvss 9.8epss 0.04

    EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system.

  • CVE-2015-7273CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.01

    Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE.

  • CVE-2015-7272CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.03

    Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input.

  • CVE-2015-7271CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.03

    Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo.

  • CVE-2016-6646CriOct 5, 2016
    risk 0.64cvss 9.8epss 0.05

    The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler…

  • CVE-2016-0912CriJun 19, 2016
    risk 0.64cvss 9.8epss 0.03

    EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account's session at an unattended workstation.

  • CVE-2016-0889CriApr 15, 2016
    risk 0.64cvss 9.8epss 0.03

    An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname.

  • CVE-2016-2397CriFeb 17, 2016
    risk 0.64cvss 9.8epss 0.06

    The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.

  • CVE-2015-0537CriAug 20, 2015
    risk 0.64cvss 9.8epss 0.03

    Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to…

  • CVE-2018-1213HigMar 26, 2018
    risk 0.60cvss 8.8epss 0.02

    Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send…

  • CVE-2024-3411CriApr 30, 2024
    risk 0.59cvss 9.1epss 0.01

    Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC…

  • CVE-2018-1212HigJul 2, 2018
    risk 0.58cvss 8.8epss 0.04

    The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this…

  • CVE-2024-24909HigJun 16, 2026
    risk 0.57cvss 8.8epss 0.00

    Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit this vulnerability to escalate privileges. The malicious user may gain the ability to run…

  • CVE-2026-26944HigApr 20, 2026
    risk 0.57cvss 8.8epss 0.01

    Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access…

  • CVE-2025-36553HigNov 17, 2025
    risk 0.57cvss 8.8epss 0.00

    A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to memory corruption. An attacker can issue an api call to trigger…

  • CVE-2025-32089HigNov 17, 2025
    risk 0.57cvss 8.8epss 0.00

    A buffer overflow vulnerability exists in the CvManager_SBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to a arbitrary code execution. An attacker can issue an api call…

  • CVE-2025-31649HigNov 17, 2025
    risk 0.57cvss 8.7epss 0.00

    A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can…

  • CVE-2025-31361HigNov 17, 2025
    risk 0.57cvss 8.7epss 0.00

    A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to privilege escalation. An…

  • CVE-2025-25215HigJun 13, 2025
    risk 0.57cvss 8.8epss 0.02

    An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to …

  • CVE-2025-25050HigJun 13, 2025
    risk 0.57cvss 8.8epss 0.01

    An out-of-bounds write vulnerability exists in the cv_upgrade_sensor_firmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an out-of-bounds write. An attacker can…

  • CVE-2025-24922HigJun 13, 2025
    risk 0.57cvss 8.8epss 0.02

    A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cv_object can lead to a arbitrary code execution. An attacker…

  • CVE-2018-15748HigAug 23, 2018
    risk 0.57cvss 8.8epss 0.01

    On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the…

  • CVE-2018-1241HigMay 29, 2018
    risk 0.57cvss 8.8epss 0.02

    Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain…

Page 1 of 31