VYPR

Vendor CVEs

Dell

All CVEs

1,538 total · sorted by risk
  • CVE-2024-29177Jun 26, 2024
    risk 0.00cvss epss 0.00

    Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed…

  • CVE-2024-29176Jun 26, 2024
    risk 0.00cvss epss 0.01

    Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

  • CVE-2024-28973Jun 26, 2024
    risk 0.00cvss epss 0.00

    Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript…

  • CVE-2024-0171Jun 25, 2024
    risk 0.00cvss epss 0.00

    Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources.

  • CVE-2024-32855Jun 25, 2024
    risk 0.00cvss epss 0.00

    Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

  • CVE-2024-29169Jun 13, 2024
    risk 0.00cvss epss 0.00

    Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend…

  • CVE-2024-29168Jun 13, 2024
    risk 0.00cvss epss 0.00

    Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's…

  • CVE-2024-28969Jun 13, 2024
    risk 0.00cvss epss 0.00

    Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution…

  • CVE-2024-28968Jun 13, 2024
    risk 0.00cvss epss 0.00

    Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability,…

  • CVE-2024-28967Jun 13, 2024
    risk 0.00cvss epss 0.00

    Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the…

  • CVE-2024-28966Jun 13, 2024
    risk 0.00cvss epss 0.00

    Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution…

  • CVE-2024-28965Jun 13, 2024
    risk 0.00cvss epss 0.00

    Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution…

  • CVE-2024-37131Jun 13, 2024
    risk 0.00cvss epss 0.00

    SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of…

  • CVE-2024-32860Jun 13, 2024
    risk 0.00cvss epss 0.00

    Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

  • CVE-2024-32858Jun 13, 2024
    risk 0.00cvss epss 0.00

    Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

  • CVE-2024-32859Jun 13, 2024
    risk 0.00cvss epss 0.00

    Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

  • CVE-2024-32856Jun 13, 2024
    risk 0.00cvss epss 0.00

    Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

  • CVE-2024-30472Jun 13, 2024
    risk 0.00cvss epss 0.01

    Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure.

  • CVE-2024-28964Jun 12, 2024
    risk 0.00cvss epss 0.00

    Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user.…

  • CVE-2024-25949Jun 12, 2024
    risk 0.00cvss epss 0.00

    Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges.

  • CVE-2024-28970Jun 12, 2024
    risk 0.00cvss epss 0.00

    Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.

  • CVE-2024-0160Jun 12, 2024
    risk 0.00cvss epss 0.00

    Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS.

  • CVE-2024-37130Jun 11, 2024
    risk 0.00cvss epss 0.00

    Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain…

  • CVE-2023-32475Jun 7, 2024
    risk 0.00cvss epss 0.00

    Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.

  • CVE-2024-29170Jun 4, 2024
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure of network traffic and denial of service.

  • CVE-2024-28974May 29, 2024
    risk 0.00cvss epss 0.00

    Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

  • CVE-2020-35165May 22, 2024
    risk 0.00cvss epss 0.00

    Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

  • CVE-2024-22429May 17, 2024
    risk 0.00cvss epss 0.00

    Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.

  • CVE-2024-25969May 14, 2024
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without limits or throttling vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

  • CVE-2024-25965May 14, 2024
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service.

  • CVE-2024-25966May 14, 2024
    risk 0.00cvss epss 0.01

    Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected data type vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

  • CVE-2024-25970May 14, 2024
    risk 0.00cvss epss 0.01

    Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to loss of integrity.

  • CVE-2024-25967May 14, 2024
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

  • CVE-2024-25968May 14, 2024
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.

  • CVE-2024-22460May 8, 2024
    risk 0.00cvss epss 0.00

    Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.

  • CVE-2024-24908May 8, 2024
    risk 0.00cvss epss 0.01

    Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem.

  • CVE-2024-28971May 8, 2024
    risk 0.00cvss epss 0.00

    Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be…

  • CVE-2024-28979May 1, 2024
    risk 0.00cvss epss 0.00

    Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script…

  • CVE-2024-28978May 1, 2024
    risk 0.00cvss epss 0.00

    Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources.

  • CVE-2024-28961Apr 29, 2024
    risk 0.00cvss epss 0.00

    Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This…

  • CVE-2024-28977Apr 24, 2024
    risk 0.00cvss epss 0.00

    Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem with…

  • CVE-2024-28976Apr 24, 2024
    risk 0.00cvss epss 0.00

    Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the…

  • CVE-2024-28963Apr 24, 2024
    risk 0.00cvss epss 0.00

    Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information.

  • CVE-2024-0157Apr 12, 2024
    risk 0.00cvss epss 0.00

    Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.

  • CVE-2024-22448Apr 10, 2024
    risk 0.00cvss epss 0.00

    Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.

  • CVE-2024-22450Apr 10, 2024
    risk 0.00cvss epss 0.00

    Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise.

  • CVE-2024-0159Apr 10, 2024
    risk 0.00cvss epss 0.00

    Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system.

  • CVE-2024-0172Apr 3, 2024
    risk 0.00cvss epss 0.00

    Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

  • CVE-2024-25944Mar 29, 2024
    risk 0.00cvss epss 0.01

    Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running…

  • CVE-2024-25955Mar 28, 2024
    risk 0.00cvss epss 0.01

    Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.

Page 14 of 31