Vendor CVEs
Dell
All CVEs
1,538 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-29177 | 0.00 | — | 0.00 | Jun 26, 2024 | Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed… | |||
| CVE-2024-29176 | 0.00 | — | 0.01 | Jun 26, 2024 | Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. | |||
| CVE-2024-28973 | 0.00 | — | 0.00 | Jun 26, 2024 | Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript… | |||
| CVE-2024-0171 | 0.00 | — | 0.00 | Jun 25, 2024 | Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources. | |||
| CVE-2024-32855 | 0.00 | — | 0.00 | Jun 25, 2024 | Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering. | |||
| CVE-2024-29169 | 0.00 | — | 0.00 | Jun 13, 2024 | Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend… | |||
| CVE-2024-29168 | 0.00 | — | 0.00 | Jun 13, 2024 | Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's… | |||
| CVE-2024-28969 | 0.00 | — | 0.00 | Jun 13, 2024 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution… | |||
| CVE-2024-28968 | 0.00 | — | 0.00 | Jun 13, 2024 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability,… | |||
| CVE-2024-28967 | 0.00 | — | 0.00 | Jun 13, 2024 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the… | |||
| CVE-2024-28966 | 0.00 | — | 0.00 | Jun 13, 2024 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution… | |||
| CVE-2024-28965 | 0.00 | — | 0.00 | Jun 13, 2024 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution… | |||
| CVE-2024-37131 | 0.00 | — | 0.00 | Jun 13, 2024 | SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of… | |||
| CVE-2024-32860 | 0.00 | — | 0.00 | Jun 13, 2024 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | |||
| CVE-2024-32858 | 0.00 | — | 0.00 | Jun 13, 2024 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | |||
| CVE-2024-32859 | 0.00 | — | 0.00 | Jun 13, 2024 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | |||
| CVE-2024-32856 | 0.00 | — | 0.00 | Jun 13, 2024 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | |||
| CVE-2024-30472 | 0.00 | — | 0.01 | Jun 13, 2024 | Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure. | |||
| CVE-2024-28964 | 0.00 | — | 0.00 | Jun 12, 2024 | Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user.… | |||
| CVE-2024-25949 | 0.00 | — | 0.00 | Jun 12, 2024 | Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges. | |||
| CVE-2024-28970 | 0.00 | — | 0.00 | Jun 12, 2024 | Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service. | |||
| CVE-2024-0160 | 0.00 | — | 0.00 | Jun 12, 2024 | Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS. | |||
| CVE-2024-37130 | 0.00 | — | 0.00 | Jun 11, 2024 | Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain… | |||
| CVE-2023-32475 | 0.00 | — | 0.00 | Jun 7, 2024 | Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system. | |||
| CVE-2024-29170 | 0.00 | — | 0.00 | Jun 4, 2024 | Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure of network traffic and denial of service. | |||
| CVE-2024-28974 | 0.00 | — | 0.00 | May 29, 2024 | Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. | |||
| CVE-2020-35165 | 0.00 | — | 0.00 | May 22, 2024 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. | |||
| CVE-2024-22429 | 0.00 | — | 0.00 | May 17, 2024 | Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution. | |||
| CVE-2024-25969 | 0.00 | — | 0.00 | May 14, 2024 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without limits or throttling vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | |||
| CVE-2024-25965 | 0.00 | — | 0.00 | May 14, 2024 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service. | |||
| CVE-2024-25966 | 0.00 | — | 0.01 | May 14, 2024 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected data type vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | |||
| CVE-2024-25970 | 0.00 | — | 0.01 | May 14, 2024 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to loss of integrity. | |||
| CVE-2024-25967 | 0.00 | — | 0.00 | May 14, 2024 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. | |||
| CVE-2024-25968 | 0.00 | — | 0.00 | May 14, 2024 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. | |||
| CVE-2024-22460 | 0.00 | — | 0.00 | May 8, 2024 | Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application. | |||
| CVE-2024-24908 | 0.00 | — | 0.01 | May 8, 2024 | Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem. | |||
| CVE-2024-28971 | 0.00 | — | 0.00 | May 8, 2024 | Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be… | |||
| CVE-2024-28979 | 0.00 | — | 0.00 | May 1, 2024 | Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script… | |||
| CVE-2024-28978 | 0.00 | — | 0.00 | May 1, 2024 | Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources. | |||
| CVE-2024-28961 | 0.00 | — | 0.00 | Apr 29, 2024 | Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This… | |||
| CVE-2024-28977 | 0.00 | — | 0.00 | Apr 24, 2024 | Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem with… | |||
| CVE-2024-28976 | 0.00 | — | 0.00 | Apr 24, 2024 | Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the… | |||
| CVE-2024-28963 | 0.00 | — | 0.00 | Apr 24, 2024 | Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information. | |||
| CVE-2024-0157 | 0.00 | — | 0.00 | Apr 12, 2024 | Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session. | |||
| CVE-2024-22448 | 0.00 | — | 0.00 | Apr 10, 2024 | Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service. | |||
| CVE-2024-22450 | 0.00 | — | 0.00 | Apr 10, 2024 | Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise. | |||
| CVE-2024-0159 | 0.00 | — | 0.00 | Apr 10, 2024 | Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system. | |||
| CVE-2024-0172 | 0.00 | — | 0.00 | Apr 3, 2024 | Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation. | |||
| CVE-2024-25944 | 0.00 | — | 0.01 | Mar 29, 2024 | Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running… | |||
| CVE-2024-25955 | 0.00 | — | 0.01 | Mar 28, 2024 | Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity. |
- CVE-2024-29177Jun 26, 2024risk 0.00cvss —epss 0.00
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed…
- CVE-2024-29176Jun 26, 2024risk 0.00cvss —epss 0.01
Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
- CVE-2024-28973Jun 26, 2024risk 0.00cvss —epss 0.00
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript…
- CVE-2024-0171Jun 25, 2024risk 0.00cvss —epss 0.00
Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources.
- CVE-2024-32855Jun 25, 2024risk 0.00cvss —epss 0.00
Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.
- CVE-2024-29169Jun 13, 2024risk 0.00cvss —epss 0.00
Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend…
- CVE-2024-29168Jun 13, 2024risk 0.00cvss —epss 0.00
Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's…
- CVE-2024-28969Jun 13, 2024risk 0.00cvss —epss 0.00
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution…
- CVE-2024-28968Jun 13, 2024risk 0.00cvss —epss 0.00
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability,…
- CVE-2024-28967Jun 13, 2024risk 0.00cvss —epss 0.00
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the…
- CVE-2024-28966Jun 13, 2024risk 0.00cvss —epss 0.00
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution…
- CVE-2024-28965Jun 13, 2024risk 0.00cvss —epss 0.00
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution…
- CVE-2024-37131Jun 13, 2024risk 0.00cvss —epss 0.00
SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of…
- CVE-2024-32860Jun 13, 2024risk 0.00cvss —epss 0.00
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
- CVE-2024-32858Jun 13, 2024risk 0.00cvss —epss 0.00
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
- CVE-2024-32859Jun 13, 2024risk 0.00cvss —epss 0.00
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
- CVE-2024-32856Jun 13, 2024risk 0.00cvss —epss 0.00
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
- CVE-2024-30472Jun 13, 2024risk 0.00cvss —epss 0.01
Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure.
- CVE-2024-28964Jun 12, 2024risk 0.00cvss —epss 0.00
Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user.…
- CVE-2024-25949Jun 12, 2024risk 0.00cvss —epss 0.00
Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges.
- CVE-2024-28970Jun 12, 2024risk 0.00cvss —epss 0.00
Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.
- CVE-2024-0160Jun 12, 2024risk 0.00cvss —epss 0.00
Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS.
- CVE-2024-37130Jun 11, 2024risk 0.00cvss —epss 0.00
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain…
- CVE-2023-32475Jun 7, 2024risk 0.00cvss —epss 0.00
Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.
- CVE-2024-29170Jun 4, 2024risk 0.00cvss —epss 0.00
Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure of network traffic and denial of service.
- CVE-2024-28974May 29, 2024risk 0.00cvss —epss 0.00
Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
- CVE-2020-35165May 22, 2024risk 0.00cvss —epss 0.00
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
- CVE-2024-22429May 17, 2024risk 0.00cvss —epss 0.00
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.
- CVE-2024-25969May 14, 2024risk 0.00cvss —epss 0.00
Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without limits or throttling vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.
- CVE-2024-25965May 14, 2024risk 0.00cvss —epss 0.00
Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service.
- CVE-2024-25966May 14, 2024risk 0.00cvss —epss 0.01
Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected data type vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.
- CVE-2024-25970May 14, 2024risk 0.00cvss —epss 0.01
Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to loss of integrity.
- CVE-2024-25967May 14, 2024risk 0.00cvss —epss 0.00
Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.
- CVE-2024-25968May 14, 2024risk 0.00cvss —epss 0.00
Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.
- CVE-2024-22460May 8, 2024risk 0.00cvss —epss 0.00
Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.
- CVE-2024-24908May 8, 2024risk 0.00cvss —epss 0.01
Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem.
- CVE-2024-28971May 8, 2024risk 0.00cvss —epss 0.00
Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be…
- CVE-2024-28979May 1, 2024risk 0.00cvss —epss 0.00
Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script…
- CVE-2024-28978May 1, 2024risk 0.00cvss —epss 0.00
Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources.
- CVE-2024-28961Apr 29, 2024risk 0.00cvss —epss 0.00
Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This…
- CVE-2024-28977Apr 24, 2024risk 0.00cvss —epss 0.00
Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem with…
- CVE-2024-28976Apr 24, 2024risk 0.00cvss —epss 0.00
Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the…
- CVE-2024-28963Apr 24, 2024risk 0.00cvss —epss 0.00
Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information.
- CVE-2024-0157Apr 12, 2024risk 0.00cvss —epss 0.00
Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.
- CVE-2024-22448Apr 10, 2024risk 0.00cvss —epss 0.00
Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.
- CVE-2024-22450Apr 10, 2024risk 0.00cvss —epss 0.00
Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise.
- CVE-2024-0159Apr 10, 2024risk 0.00cvss —epss 0.00
Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system.
- CVE-2024-0172Apr 3, 2024risk 0.00cvss —epss 0.00
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.
- CVE-2024-25944Mar 29, 2024risk 0.00cvss —epss 0.01
Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running…
- CVE-2024-25955Mar 28, 2024risk 0.00cvss —epss 0.01
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.
Page 14 of 31