VYPR

Vendor CVEs

Dell

All CVEs

1,538 total · sorted by risk
  • CVE-2023-22572Feb 1, 2023
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover.

  • CVE-2023-23692Feb 1, 2023
    risk 0.00cvss epss 0.02

    Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of…

  • CVE-2022-46756Feb 1, 2023
    risk 0.00cvss epss 0.00

    Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system…

  • CVE-2022-46679Feb 1, 2023
    risk 0.00cvss epss 0.01

    Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

  • CVE-2022-34398Feb 1, 2023
    risk 0.00cvss epss 0.00

    Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system.

  • CVE-2022-34396Feb 1, 2023
    risk 0.00cvss epss 0.00

    Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system…

  • CVE-2022-34403Feb 1, 2023
    risk 0.00cvss epss 0.00

    Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.

  • CVE-2022-32482Feb 1, 2023
    risk 0.00cvss epss 0.00

    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

  • CVE-2022-45102Feb 1, 2023
    risk 0.00cvss epss 0.00

    Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web cache or trigger…

  • CVE-2022-45100Feb 1, 2023
    risk 0.00cvss epss 0.01

    Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system.

  • CVE-2022-45099Feb 1, 2023
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise

  • CVE-2022-45098Feb 1, 2023
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure.

  • CVE-2022-45096Feb 1, 2023
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information.

  • CVE-2022-45097Feb 1, 2023
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.

  • CVE-2022-45095Feb 1, 2023
    risk 0.00cvss epss 0.01

    Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of…

  • CVE-2022-45101Feb 1, 2023
    risk 0.00cvss epss 0.01

    Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution.

  • CVE-2022-34458Feb 1, 2023
    risk 0.00cvss epss 0.00

    Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability…

  • CVE-2022-34459Feb 1, 2023
    risk 0.00cvss epss 0.00

    Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload…

  • CVE-2022-34400Feb 1, 2023
    risk 0.00cvss epss 0.00

    Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.

  • CVE-2022-34443Feb 1, 2023
    risk 0.00cvss epss 0.00

    Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint. A Local Low Privilege attacker could potentially exploit this vulnerability, leading to an Escalation of privileges.

  • CVE-2023-23691Jan 20, 2023
    risk 0.00cvss epss 0.00

    Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS…

  • CVE-2023-23690Jan 19, 2023
    risk 0.00cvss epss 0.00

    Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle…

  • CVE-2022-45103Jan 18, 2023
    risk 0.00cvss epss 0.01

    Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file…

  • CVE-2022-34457Jan 18, 2023
    risk 0.00cvss epss 0.00

    Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside…

  • CVE-2022-34399Jan 18, 2023
    risk 0.00cvss epss 0.00

    Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM.

  • CVE-2022-34436Jan 18, 2023
    risk 0.00cvss epss 0.00

    Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform…

  • CVE-2022-34435Jan 18, 2023
    risk 0.00cvss epss 0.01

    Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform…

  • CVE-2022-34442Jan 18, 2023
    risk 0.00cvss epss 0.00

    Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP…

  • CVE-2022-34462Jan 18, 2023
    risk 0.00cvss epss 0.00

    Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges.

  • CVE-2022-32490Jan 18, 2023
    risk 0.00cvss epss 0.00

    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  • CVE-2022-34401Jan 18, 2023
    risk 0.00cvss epss 0.00

    Dell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM.

  • CVE-2022-34460Jan 18, 2023
    risk 0.00cvss epss 0.00

    Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  • CVE-2022-34393Jan 18, 2023
    risk 0.00cvss epss 0.00

    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  • CVE-2022-34456Jan 18, 2023
    risk 0.00cvss epss 0.01

    Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application.

  • CVE-2022-34441Jan 11, 2023
    risk 0.00cvss epss 0.00

    Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin…

  • CVE-2022-34440Jan 11, 2023
    risk 0.00cvss epss 0.00

    Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin…

  • CVE-2022-34439Oct 21, 2022
    risk 0.00cvss epss 0.01

    Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node.

  • CVE-2022-34438Oct 21, 2022
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters.

  • CVE-2022-34437Oct 21, 2022
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters.

  • CVE-2022-31239Oct 21, 2022
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data.

  • CVE-2022-26870Oct 21, 2022
    risk 0.00cvss epss 0.01

    Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit.

  • CVE-2020-5355Oct 21, 2022
    risk 0.00cvss epss 0.00

    The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended.

  • CVE-2022-34391Oct 12, 2022
    risk 0.00cvss epss 0.00

    Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  • CVE-2022-34390Oct 12, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  • CVE-2022-33937Oct 12, 2022
    risk 0.00cvss epss 0.00

    Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server filesystem, with the…

  • CVE-2022-33922Oct 12, 2022
    risk 0.00cvss epss 0.00

    Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to…

  • CVE-2022-33921Oct 12, 2022
    risk 0.00cvss epss 0.00

    Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.

  • CVE-2022-33920Oct 12, 2022
    risk 0.00cvss epss 0.00

    Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.

  • CVE-2022-33919Oct 12, 2022
    risk 0.00cvss epss 0.00

    Dell GeoDrive, versions 2.1 - 2.2, contains an information disclosure vulnerability in GUI. An authenticated non-admin user could potentially exploit this vulnerability and view sensitive information.

  • CVE-2022-33918Oct 12, 2022
    risk 0.00cvss epss 0.00

    Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure vulnerability. An authenticated non-admin user could potentially exploit this vulnerability and gain access to sensitive information.

Page 21 of 31