VYPR

Vendor CVEs

Dell

All CVEs

1,538 total · sorted by risk
  • CVE-2024-25946Mar 28, 2024
    risk 0.00cvss epss 0.01

    Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.

  • CVE-2024-25971Mar 28, 2024
    risk 0.00cvss epss 0.01

    Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.

  • CVE-2024-25954Mar 28, 2024
    risk 0.00cvss epss 0.01

    Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

  • CVE-2024-25963Mar 28, 2024
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.

  • CVE-2024-25953Mar 28, 2024
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.

  • CVE-2024-25952Mar 28, 2024
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.

  • CVE-2024-25960Mar 28, 2024
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

  • CVE-2024-25961Mar 28, 2024
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

  • CVE-2024-25959Mar 28, 2024
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges.

  • CVE-2024-25962Mar 27, 2024
    risk 0.00cvss epss 0.00

    Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data.

  • CVE-2024-25956Mar 26, 2024
    risk 0.00cvss epss 0.00

    Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system information.

  • CVE-2024-25957Mar 26, 2024
    risk 0.00cvss epss 0.00

    Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure that could be used to…

  • CVE-2024-25958Mar 26, 2024
    risk 0.00cvss epss 0.00

    Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data,…

  • CVE-2024-25964Mar 25, 2024
    risk 0.00cvss epss 0.01

    Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

  • CVE-2024-25942Mar 19, 2024
    risk 0.00cvss epss 0.00

    Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.

  • CVE-2024-22453Mar 19, 2024
    risk 0.00cvss epss 0.00

    Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory.

  • CVE-2024-0173Mar 13, 2024
    risk 0.00cvss epss 0.00

    Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.

  • CVE-2024-0154Mar 13, 2024
    risk 0.00cvss epss 0.00

    Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.

  • CVE-2024-0163Mar 13, 2024
    risk 0.00cvss epss 0.00

    Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources.

  • CVE-2024-0162Mar 13, 2024
    risk 0.00cvss epss 0.00

    Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.

  • CVE-2024-0161Mar 13, 2024
    risk 0.00cvss epss 0.00

    Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.

  • CVE-2024-25951Mar 9, 2024
    risk 0.00cvss epss 0.01

    A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.

  • CVE-2024-24901Mar 4, 2024
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period.

  • CVE-2024-22463Mar 4, 2024
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to compromise of confidentiality and integrity of sensitive information

  • CVE-2024-22452Mar 4, 2024
    risk 0.00cvss epss 0.00

    Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitrary code, leading to privilege…

  • CVE-2024-0155Mar 4, 2024
    risk 0.00cvss epss 0.00

    Dell Digital Delivery, versions prior to 5.2.0.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to application crash or execution of arbitrary code.

  • CVE-2024-0156Mar 4, 2024
    risk 0.00cvss epss 0.00

    Dell Digital Delivery, versions prior to 5.2.0.0, contain a Buffer Overflow Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation.

  • CVE-2024-24903Mar 1, 2024
    risk 0.00cvss epss 0.00

    Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with…

  • CVE-2024-24904Mar 1, 2024
    risk 0.00cvss epss 0.00

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a…

  • CVE-2024-24905Mar 1, 2024
    risk 0.00cvss epss 0.00

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a…

  • CVE-2024-24907Mar 1, 2024
    risk 0.00cvss epss 0.00

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or…

  • CVE-2024-24906Mar 1, 2024
    risk 0.00cvss epss 0.00

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or…

  • CVE-2024-24900Mar 1, 2024
    risk 0.00cvss epss 0.00

    Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to…

  • CVE-2023-39254Mar 1, 2024
    risk 0.00cvss epss 0.00

    Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin.

  • CVE-2023-48674Mar 1, 2024
    risk 0.00cvss epss 0.00

    Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function.

  • CVE-2024-22457Mar 1, 2024
    risk 0.00cvss epss 0.00

    Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed…

  • CVE-2024-22458Mar 1, 2024
    risk 0.00cvss epss 0.00

    Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.

  • CVE-2024-22459Feb 28, 2024
    risk 0.00cvss epss 0.00

    Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and…

  • CVE-2024-22426Feb 16, 2024
    risk 0.00cvss epss 0.01

    Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context…

  • CVE-2024-22425Feb 16, 2024
    risk 0.00cvss epss 0.00

    Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint…

  • CVE-2023-39245Feb 15, 2024
    risk 0.00cvss epss 0.00

    DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level…

  • CVE-2023-39244Feb 15, 2024
    risk 0.00cvss epss 0.00

    DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level…

  • CVE-2023-32484Feb 15, 2024
    risk 0.00cvss epss 0.01

    Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level.…

  • CVE-2023-32462Feb 15, 2024
    risk 0.00cvss epss 0.02

    Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and…

  • CVE-2023-28078Feb 15, 2024
    risk 0.00cvss epss 0.01

    Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge…

  • CVE-2023-44294Feb 14, 2024
    risk 0.00cvss epss 0.00

    In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This…

  • CVE-2023-44293Feb 14, 2024
    risk 0.00cvss epss 0.00

    In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This…

  • CVE-2023-44283Feb 14, 2024
    risk 0.00cvss epss 0.00

    In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege…

  • CVE-2023-39249Feb 14, 2024
    risk 0.00cvss epss 0.00

    Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary…

  • CVE-2023-25535Feb 14, 2024
    risk 0.00cvss epss 0.00

    Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 2023…

Page 15 of 31