VYPR

Vendor CVEs

Dell

All CVEs

1,538 total · sorted by risk
  • CVE-2017-8007HigSep 22, 2017
    risk 0.57cvss 8.8epss 0.03

    In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access…

  • CVE-2015-7274HigApr 10, 2017
    risk 0.57cvss 8.8epss 0.02

    Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands.

  • CVE-2016-5685HigNov 29, 2016
    risk 0.57cvss 8.8epss 0.02

    Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection.

  • CVE-2016-6645HigOct 5, 2016
    risk 0.57cvss 8.8epss 0.04

    The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2)…

  • CVE-2026-23853HigApr 17, 2026
    risk 0.55cvss 8.4epss 0.00

    Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An…

  • CVE-2025-24311HigJun 13, 2025
    risk 0.55cvss 8.4epss 0.01

    An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an API…

  • CVE-2017-8001HigNov 28, 2017
    risk 0.55cvss 8.4epss 0.00

    An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with…

  • CVE-2018-1251HigSep 28, 2018
    risk 0.54cvss 8.3epss 0.02

    Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a…

  • CVE-2026-35071HigMay 12, 2026
    risk 0.53cvss 8.2epss 0.00

    Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to…

  • CVE-2026-26354HigApr 22, 2026
    risk 0.53cvss 8.1epss 0.01

    Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An…

  • CVE-2025-24919HigJun 13, 2025
    risk 0.53cvss 8.1epss 0.02

    A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An…

  • CVE-2018-11048HigAug 10, 2018
    risk 0.53cvss 8.1epss 0.02

    Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit…

  • CVE-2018-1218HigMar 19, 2018
    risk 0.53cvss 7.5epss 0.14

    In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. A remote unauthenticated attacker could potentially exploit this vulnerability…

  • CVE-2016-0911HigJun 19, 2016
    risk 0.53cvss 8.2epss 0.01

    EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root privileges.

  • CVE-2026-32658HigMay 11, 2026
    risk 0.52cvss 8.0epss 0.00

    Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

  • CVE-2026-40715HigJun 2, 2026
    risk 0.51cvss 7.8epss 0.00

    Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation.

  • CVE-2025-36568HigApr 17, 2026
    risk 0.51cvss 7.8epss 0.00

    Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low…

  • CVE-2026-28261HigApr 8, 2026
    risk 0.51cvss 7.8epss 0.00

    Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this…

  • CVE-2026-23862HigMar 16, 2026
    risk 0.51cvss 7.8epss 0.00

    Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of…

  • CVE-2026-23856HigFeb 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this…

  • CVE-2018-11064HigOct 5, 2018
    risk 0.51cvss 7.8epss 0.00

    Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools…

  • CVE-2018-11072HigOct 2, 2018
    risk 0.51cvss 7.8epss 0.00

    Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges.

  • CVE-2018-11063HigAug 10, 2018
    risk 0.51cvss 7.8epss 0.00

    Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to…

  • CVE-2018-1206HigMar 12, 2018
    risk 0.51cvss 7.8epss 0.00

    Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is "apollosuperuser." An attacker with local access to…

  • CVE-2015-7270HigApr 10, 2017
    risk 0.51cvss 7.8epss 0.01

    Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.

  • CVE-2015-6856HigJan 8, 2016
    risk 0.51cvss 7.8epss 0.01

    Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call.

  • CVE-2004-0079HigNov 23, 2004
    risk 0.50cvss 7.5epss 0.10

    The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

  • CVE-2025-46638HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Dell BSAFE SSL-J contains an allocation of resources without limits or throttling vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to a Denial of Service (DoS).

  • CVE-2025-32750HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

  • CVE-2026-23775HigApr 17, 2026
    risk 0.49cvss 7.6epss 0.00

    Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker…

  • CVE-2023-7046HigApr 9, 2024
    risk 0.49cvss 7.5epss 0.00

    The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for…

  • CVE-2018-11071HigSep 18, 2018
    risk 0.49cvss 7.5epss 0.02

    Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may…

  • CVE-2018-1243HigJul 2, 2018
    risk 0.49cvss 7.5epss 0.02

    Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for…

  • CVE-2018-1211HigMar 23, 2018
    risk 0.49cvss 7.5epss 0.03

    Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings…

  • CVE-2017-10949HigAug 4, 2017
    risk 0.49cvss 7.5epss 0.05

    Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459.

  • CVE-2017-4981HigJun 14, 2017
    risk 0.49cvss 7.5epss 0.02

    EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability.

  • CVE-2015-4057HigFeb 21, 2017
    risk 0.49cvss 7.5epss 0.01

    The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network.

  • CVE-2016-8212HigFeb 3, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the…

  • CVE-2016-8211HigFeb 3, 2017
    risk 0.49cvss 7.5epss 0.03

    EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users…

  • CVE-2016-0923HigSep 18, 2016
    risk 0.49cvss 7.5epss 0.02

    The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by…

  • CVE-2015-6312HigApr 6, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348.

  • CVE-2015-0536HigAug 20, 2015
    risk 0.49cvss 7.5epss 0.02

    EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allow remote attackers to cause a denial of service (daemon crash) via a…

  • CVE-2015-0535HigAug 20, 2015
    risk 0.49cvss 7.5epss 0.01

    EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via…

  • CVE-2015-0534HigAug 20, 2015
    risk 0.49cvss 7.5epss 0.01

    EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a…

  • CVE-2015-0533HigAug 20, 2015
    risk 0.49cvss 7.5epss 0.01

    EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar…

  • CVE-2024-39575HigJun 16, 2026
    risk 0.48cvss 7.4epss 0.00

    update_disk_psu_baseline.sh requires password in plain text

  • CVE-2017-8012HigSep 22, 2017
    risk 0.48cvss 7.4epss 0.02

    In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition.…

  • CVE-2026-26943HigApr 20, 2026
    risk 0.47cvss 7.2epss 0.01

    Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially…

  • CVE-2026-24506HigApr 20, 2026
    risk 0.47cvss 7.2epss 0.01

    Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially…

  • CVE-2026-24505HigApr 20, 2026
    risk 0.47cvss 7.2epss 0.00

    Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

Page 2 of 31