Vendor CVEs
Dell
All CVEs
1,538 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-32493 | 0.00 | — | 0.00 | Oct 12, 2022 | Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||
| CVE-2022-32491 | 0.00 | — | 0.00 | Oct 12, 2022 | Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM. | |||
| CVE-2022-32489 | 0.00 | — | 0.00 | Oct 12, 2022 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||
| CVE-2022-32488 | 0.00 | — | 0.00 | Oct 12, 2022 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||
| CVE-2022-32487 | 0.00 | — | 0.00 | Oct 12, 2022 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||
| CVE-2022-32485 | 0.00 | — | 0.00 | Oct 12, 2022 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||
| CVE-2022-32484 | 0.00 | — | 0.00 | Oct 12, 2022 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | |||
| CVE-2022-32483 | 0.00 | — | 0.00 | Oct 12, 2022 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | |||
| CVE-2022-31228 | 0.00 | — | 0.01 | Oct 12, 2022 | Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account. | |||
| CVE-2022-34434 | 0.00 | — | 0.00 | Oct 11, 2022 | Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this… | |||
| CVE-2022-34432 | 0.00 | — | 0.00 | Oct 11, 2022 | Dell Hybrid Client below 1.8 version contains a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders. | |||
| CVE-2022-34431 | 0.00 | — | 0.01 | Oct 11, 2022 | Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible. | |||
| CVE-2022-34430 | 0.00 | — | 0.00 | Oct 11, 2022 | Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. | |||
| CVE-2022-34427 | 0.00 | — | 0.02 | Oct 11, 2022 | Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command execution. | |||
| CVE-2022-34426 | 0.00 | — | 0.02 | Oct 11, 2022 | Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional… | |||
| CVE-2022-32492 | 0.00 | — | 0.00 | Oct 11, 2022 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||
| CVE-2022-32486 | 0.00 | — | 0.00 | Oct 11, 2022 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||
| CVE-2022-34425 | 0.00 | — | 0.01 | Oct 10, 2022 | Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. | |||
| CVE-2022-34402 | 0.00 | — | 0.01 | Oct 10, 2022 | Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service. | |||
| CVE-2022-34429 | 0.00 | — | 0.00 | Sep 30, 2022 | Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. | |||
| CVE-2022-34428 | 0.00 | — | 0.01 | Sep 30, 2022 | Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service. | |||
| CVE-2022-34424 | 0.00 | — | 0.01 | Sep 28, 2022 | Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans. | |||
| CVE-2022-34394 | 0.00 | — | 0.00 | Sep 28, 2022 | Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could… | |||
| CVE-2022-29089 | 0.00 | — | 0.00 | Sep 28, 2022 | Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and… | |||
| CVE-2022-31226 | 0.00 | — | 0.00 | Sep 12, 2022 | Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system. | |||
| CVE-2022-31225 | 0.00 | — | 0.00 | Sep 12, 2022 | Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures. | |||
| CVE-2022-31224 | 0.00 | — | 0.00 | Sep 12, 2022 | Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior of the system. | |||
| CVE-2022-31223 | 0.00 | — | 0.00 | Sep 12, 2022 | Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system. | |||
| CVE-2022-31222 | 0.00 | — | 0.00 | Sep 12, 2022 | Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order to cause the application to crash. | |||
| CVE-2022-31221 | 0.00 | — | 0.00 | Sep 12, 2022 | Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the system. | |||
| CVE-2022-31220 | 0.00 | — | 0.00 | Sep 12, 2022 | Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures. | |||
| CVE-2022-26861 | 0.00 | — | 0.00 | Sep 6, 2022 | Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM. | |||
| CVE-2022-26860 | 0.00 | — | 0.00 | Sep 6, 2022 | Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in SMM. | |||
| CVE-2022-26859 | 0.00 | — | 0.00 | Sep 6, 2022 | Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI in order to bypass security checks during SMM. | |||
| CVE-2022-26858 | 0.00 | — | 0.00 | Sep 6, 2022 | Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls. | |||
| CVE-2022-34382 | 0.00 | — | 0.00 | Sep 2, 2022 | Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges. | |||
| CVE-2022-34378 | 0.00 | — | 0.00 | Sep 2, 2022 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. | |||
| CVE-2022-34371 | 0.00 | — | 0.01 | Sep 2, 2022 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system… | |||
| CVE-2022-34369 | 0.00 | — | 0.01 | Sep 2, 2022 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this… | |||
| CVE-2022-34380 | 0.00 | — | 0.00 | Sep 1, 2022 | Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console.… | |||
| CVE-2022-34379 | 0.00 | — | 0.01 | Sep 1, 2022 | Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system. | |||
| CVE-2022-34372 | 0.00 | — | 0.01 | Sep 1, 2022 | Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter… | |||
| CVE-2022-34383 | 0.00 | — | 0.00 | Aug 31, 2022 | Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM. | |||
| CVE-2022-34373 | 0.00 | — | 0.00 | Aug 31, 2022 | Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system. | |||
| CVE-2022-31233 | 0.00 | — | 0.00 | Aug 31, 2022 | Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. | |||
| CVE-2022-34375 | 0.00 | — | 0.01 | Aug 30, 2022 | Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory. | |||
| CVE-2022-34374 | 0.00 | — | 0.01 | Aug 30, 2022 | Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system. | |||
| CVE-2022-34368 | 0.00 | — | 0.00 | Aug 30, 2022 | Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources. | |||
| CVE-2022-33935 | 0.00 | — | 0.00 | Aug 30, 2022 | Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user… | |||
| CVE-2022-31232 | 0.00 | — | 0.01 | Aug 30, 2022 | SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system. |
- CVE-2022-32493Oct 12, 2022risk 0.00cvss —epss 0.00
Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
- CVE-2022-32491Oct 12, 2022risk 0.00cvss —epss 0.00
Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM.
- CVE-2022-32489Oct 12, 2022risk 0.00cvss —epss 0.00
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
- CVE-2022-32488Oct 12, 2022risk 0.00cvss —epss 0.00
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
- CVE-2022-32487Oct 12, 2022risk 0.00cvss —epss 0.00
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
- CVE-2022-32485Oct 12, 2022risk 0.00cvss —epss 0.00
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
- CVE-2022-32484Oct 12, 2022risk 0.00cvss —epss 0.00
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
- CVE-2022-32483Oct 12, 2022risk 0.00cvss —epss 0.00
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
- CVE-2022-31228Oct 12, 2022risk 0.00cvss —epss 0.01
Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account.
- CVE-2022-34434Oct 11, 2022risk 0.00cvss —epss 0.00
Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this…
- CVE-2022-34432Oct 11, 2022risk 0.00cvss —epss 0.00
Dell Hybrid Client below 1.8 version contains a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders.
- CVE-2022-34431Oct 11, 2022risk 0.00cvss —epss 0.01
Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible.
- CVE-2022-34430Oct 11, 2022risk 0.00cvss —epss 0.00
Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.
- CVE-2022-34427Oct 11, 2022risk 0.00cvss —epss 0.02
Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command execution.
- CVE-2022-34426Oct 11, 2022risk 0.00cvss —epss 0.02
Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional…
- CVE-2022-32492Oct 11, 2022risk 0.00cvss —epss 0.00
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
- CVE-2022-32486Oct 11, 2022risk 0.00cvss —epss 0.00
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
- CVE-2022-34425Oct 10, 2022risk 0.00cvss —epss 0.01
Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.
- CVE-2022-34402Oct 10, 2022risk 0.00cvss —epss 0.01
Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service.
- CVE-2022-34429Sep 30, 2022risk 0.00cvss —epss 0.00
Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.
- CVE-2022-34428Sep 30, 2022risk 0.00cvss —epss 0.01
Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.
- CVE-2022-34424Sep 28, 2022risk 0.00cvss —epss 0.01
Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans.
- CVE-2022-34394Sep 28, 2022risk 0.00cvss —epss 0.00
Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could…
- CVE-2022-29089Sep 28, 2022risk 0.00cvss —epss 0.00
Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and…
- CVE-2022-31226Sep 12, 2022risk 0.00cvss —epss 0.00
Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.
- CVE-2022-31225Sep 12, 2022risk 0.00cvss —epss 0.00
Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.
- CVE-2022-31224Sep 12, 2022risk 0.00cvss —epss 0.00
Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior of the system.
- CVE-2022-31223Sep 12, 2022risk 0.00cvss —epss 0.00
Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system.
- CVE-2022-31222Sep 12, 2022risk 0.00cvss —epss 0.00
Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order to cause the application to crash.
- CVE-2022-31221Sep 12, 2022risk 0.00cvss —epss 0.00
Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the system.
- CVE-2022-31220Sep 12, 2022risk 0.00cvss —epss 0.00
Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.
- CVE-2022-26861Sep 6, 2022risk 0.00cvss —epss 0.00
Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM.
- CVE-2022-26860Sep 6, 2022risk 0.00cvss —epss 0.00
Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in SMM.
- CVE-2022-26859Sep 6, 2022risk 0.00cvss —epss 0.00
Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI in order to bypass security checks during SMM.
- CVE-2022-26858Sep 6, 2022risk 0.00cvss —epss 0.00
Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls.
- CVE-2022-34382Sep 2, 2022risk 0.00cvss —epss 0.00
Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges.
- CVE-2022-34378Sep 2, 2022risk 0.00cvss —epss 0.00
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service.
- CVE-2022-34371Sep 2, 2022risk 0.00cvss —epss 0.01
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system…
- CVE-2022-34369Sep 2, 2022risk 0.00cvss —epss 0.01
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this…
- CVE-2022-34380Sep 1, 2022risk 0.00cvss —epss 0.00
Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console.…
- CVE-2022-34379Sep 1, 2022risk 0.00cvss —epss 0.01
Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system.
- CVE-2022-34372Sep 1, 2022risk 0.00cvss —epss 0.01
Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter…
- CVE-2022-34383Aug 31, 2022risk 0.00cvss —epss 0.00
Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM.
- CVE-2022-34373Aug 31, 2022risk 0.00cvss —epss 0.00
Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system.
- CVE-2022-31233Aug 31, 2022risk 0.00cvss —epss 0.00
Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.
- CVE-2022-34375Aug 30, 2022risk 0.00cvss —epss 0.01
Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory.
- CVE-2022-34374Aug 30, 2022risk 0.00cvss —epss 0.01
Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system.
- CVE-2022-34368Aug 30, 2022risk 0.00cvss —epss 0.00
Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources.
- CVE-2022-33935Aug 30, 2022risk 0.00cvss —epss 0.00
Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user…
- CVE-2022-31232Aug 30, 2022risk 0.00cvss —epss 0.01
SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.
Page 22 of 31