VYPR

Vendor CVEs

Dell

All CVEs

1,538 total · sorted by risk
  • CVE-2022-32493Oct 12, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  • CVE-2022-32491Oct 12, 2022
    risk 0.00cvss epss 0.00

    Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM.

  • CVE-2022-32489Oct 12, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  • CVE-2022-32488Oct 12, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  • CVE-2022-32487Oct 12, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  • CVE-2022-32485Oct 12, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  • CVE-2022-32484Oct 12, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

  • CVE-2022-32483Oct 12, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

  • CVE-2022-31228Oct 12, 2022
    risk 0.00cvss epss 0.01

    Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account.

  • CVE-2022-34434Oct 11, 2022
    risk 0.00cvss epss 0.00

    Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this…

  • CVE-2022-34432Oct 11, 2022
    risk 0.00cvss epss 0.00

    Dell Hybrid Client below 1.8 version contains a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders.

  • CVE-2022-34431Oct 11, 2022
    risk 0.00cvss epss 0.01

    Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible.

  • CVE-2022-34430Oct 11, 2022
    risk 0.00cvss epss 0.00

    Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.

  • CVE-2022-34427Oct 11, 2022
    risk 0.00cvss epss 0.02

    Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command execution.

  • CVE-2022-34426Oct 11, 2022
    risk 0.00cvss epss 0.02

    Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional…

  • CVE-2022-32492Oct 11, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  • CVE-2022-32486Oct 11, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  • CVE-2022-34425Oct 10, 2022
    risk 0.00cvss epss 0.01

    Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.

  • CVE-2022-34402Oct 10, 2022
    risk 0.00cvss epss 0.01

    Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service.

  • CVE-2022-34429Sep 30, 2022
    risk 0.00cvss epss 0.00

    Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.

  • CVE-2022-34428Sep 30, 2022
    risk 0.00cvss epss 0.01

    Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.

  • CVE-2022-34424Sep 28, 2022
    risk 0.00cvss epss 0.01

    Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans.

  • CVE-2022-34394Sep 28, 2022
    risk 0.00cvss epss 0.00

    Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could…

  • CVE-2022-29089Sep 28, 2022
    risk 0.00cvss epss 0.00

    Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and…

  • CVE-2022-31226Sep 12, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.

  • CVE-2022-31225Sep 12, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.

  • CVE-2022-31224Sep 12, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior of the system.

  • CVE-2022-31223Sep 12, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system.

  • CVE-2022-31222Sep 12, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order to cause the application to crash.

  • CVE-2022-31221Sep 12, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the system.

  • CVE-2022-31220Sep 12, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.

  • CVE-2022-26861Sep 6, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM.

  • CVE-2022-26860Sep 6, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in SMM.

  • CVE-2022-26859Sep 6, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI in order to bypass security checks during SMM.

  • CVE-2022-26858Sep 6, 2022
    risk 0.00cvss epss 0.00

    Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls.

  • CVE-2022-34382Sep 2, 2022
    risk 0.00cvss epss 0.00

    Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges.

  • CVE-2022-34378Sep 2, 2022
    risk 0.00cvss epss 0.00

    Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service.

  • CVE-2022-34371Sep 2, 2022
    risk 0.00cvss epss 0.01

    Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system…

  • CVE-2022-34369Sep 2, 2022
    risk 0.00cvss epss 0.01

    Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this…

  • CVE-2022-34380Sep 1, 2022
    risk 0.00cvss epss 0.00

    Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console.…

  • CVE-2022-34379Sep 1, 2022
    risk 0.00cvss epss 0.01

    Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system.

  • CVE-2022-34372Sep 1, 2022
    risk 0.00cvss epss 0.01

    Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter…

  • CVE-2022-34383Aug 31, 2022
    risk 0.00cvss epss 0.00

    Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM.

  • CVE-2022-34373Aug 31, 2022
    risk 0.00cvss epss 0.00

    Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system.

  • CVE-2022-31233Aug 31, 2022
    risk 0.00cvss epss 0.00

    Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.

  • CVE-2022-34375Aug 30, 2022
    risk 0.00cvss epss 0.01

    Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory.

  • CVE-2022-34374Aug 30, 2022
    risk 0.00cvss epss 0.01

    Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system.

  • CVE-2022-34368Aug 30, 2022
    risk 0.00cvss epss 0.00

    Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources.

  • CVE-2022-33935Aug 30, 2022
    risk 0.00cvss epss 0.00

    Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user…

  • CVE-2022-31232Aug 30, 2022
    risk 0.00cvss epss 0.01

    SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.

Page 22 of 31