VYPR

Vendor CVEs

Dell

All CVEs

1,538 total · sorted by risk
  • CVE-2026-24504HigApr 20, 2026
    risk 0.47cvss 7.2epss 0.00

    Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially…

  • CVE-2026-23774HigApr 20, 2026
    risk 0.47cvss 7.2epss 0.01

    Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high…

  • CVE-2026-23776HigApr 17, 2026
    risk 0.47cvss 7.2epss 0.00

    Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain(s) an Improper Certificate Validation…

  • CVE-2026-23778HigApr 17, 2026
    risk 0.47cvss 7.2epss 0.01

    Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high…

  • CVE-2026-23772HigApr 16, 2026
    risk 0.47cvss 7.3epss 0.00

    Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

  • CVE-2026-22768HigApr 1, 2026
    risk 0.47cvss 7.3epss 0.00

    Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

  • CVE-2026-22767HigApr 1, 2026
    risk 0.47cvss 7.3epss 0.00

    Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

  • CVE-2025-36463HigNov 17, 2025
    risk 0.47cvss 7.3epss 0.00

    Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to…

  • CVE-2025-36462HigNov 17, 2025
    risk 0.47cvss 7.3epss 0.00

    Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to…

  • CVE-2025-36461HigNov 17, 2025
    risk 0.47cvss 7.3epss 0.00

    Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to…

  • CVE-2025-36460HigNov 17, 2025
    risk 0.47cvss 7.3epss 0.00

    Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to…

  • CVE-2018-1239HigMay 8, 2018
    risk 0.47cvss 7.2epss 0.03

    Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system…

  • CVE-2018-1204MedMar 26, 2018
    risk 0.47cvss 6.7epss 0.02

    Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability…

  • CVE-2018-1203MedMar 26, 2018
    risk 0.47cvss 6.7epss 0.02

    In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code…

  • CVE-2026-35155HigApr 29, 2026
    risk 0.46cvss 7.1epss 0.00

    Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access.

  • CVE-2017-6005HigJul 26, 2017
    risk 0.46cvss 7.0epss 0.00

    Waves MaxxAudio, as installed on Dell laptops, adds a "WavesSysSvc" Windows service with File Version 1.1.6.0. This service has a vulnerability known as Unquoted Service Path. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with…

  • CVE-2024-22451MedJun 16, 2026
    risk 0.44cvss 6.7epss 0.00

    Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution.

  • CVE-2024-22447MedJun 16, 2026
    risk 0.44cvss 6.7epss 0.00

    Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious dll., leading to arbitrary code execution.

  • CVE-2021-21508MedMay 22, 2026
    risk 0.44cvss 6.7epss 0.00

    Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access…

  • CVE-2026-41119MedMay 18, 2026
    risk 0.44cvss 6.8epss 0.00

    Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to loss of confidentiality and integrity.

  • CVE-2026-40638MedMay 12, 2026
    risk 0.44cvss 6.7epss 0.00

    Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

  • CVE-2026-26946MedMay 11, 2026
    risk 0.44cvss 6.7epss 0.00

    Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of…

  • CVE-2026-25908MedApr 27, 2026
    risk 0.44cvss 6.7epss 0.00

    Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

  • CVE-2026-26951MedApr 20, 2026
    risk 0.44cvss 6.7epss 0.00

    Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow vulnerability. A high privileged attacker with local access could potentially…

  • CVE-2026-26942MedApr 20, 2026
    risk 0.44cvss 6.7epss 0.01

    Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to…

  • CVE-2026-22761MedApr 20, 2026
    risk 0.44cvss 6.7epss 0.01

    Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

  • CVE-2026-35153MedApr 17, 2026
    risk 0.44cvss 6.7epss 0.00

    Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of argument delimiters in a command ('argument injection') vulnerability. A…

  • CVE-2026-35074MedApr 17, 2026
    risk 0.44cvss 6.7epss 0.01

    Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS Command Injection vulnerability. A high…

  • CVE-2026-35073MedApr 17, 2026
    risk 0.44cvss 6.7epss 0.01

    Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command injection vulnerability. A high…

  • CVE-2026-35072MedApr 17, 2026
    risk 0.44cvss 6.7epss 0.01

    Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command ('OS command injection')…

  • CVE-2026-23779MedApr 17, 2026
    risk 0.44cvss 6.7epss 0.01

    Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high…

  • CVE-2017-4983MedMay 4, 2017
    risk 0.44cvss 6.7epss 0.00

    EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system.

  • CVE-2015-4056MedFeb 21, 2017
    risk 0.44cvss 6.7epss 0.00

    The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access.

  • CVE-2016-8216MedFeb 3, 2017
    risk 0.44cvss 6.7epss 0.01

    EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection…

  • CVE-2016-2268MedFeb 8, 2016
    risk 0.44cvss 6.8epss 0.01

    Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2025-46641MedApr 17, 2026
    risk 0.43cvss 6.6epss 0.00

    Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to…

  • CVE-2025-46607MedApr 17, 2026
    risk 0.43cvss 6.6epss 0.00

    Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to…

  • CVE-2025-43937MedApr 16, 2026
    risk 0.43cvss 6.6epss 0.00

    Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The…

  • CVE-2026-27102MedApr 8, 2026
    risk 0.43cvss 6.6epss 0.00

    Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of…

  • CVE-2026-21419MedFeb 9, 2026
    risk 0.43cvss 6.6epss 0.00

    Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Access ('Link Following') vulnerability in the Installer and Service. A low privileged attacker with local access could potentially exploit this vulnerability,…

  • CVE-2022-34363MedMay 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the  Unisphere for VMAX application running in vApp

  • CVE-2026-35070MedMay 20, 2026
    risk 0.42cvss 6.4epss 0.00

    Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to…

  • CVE-2018-1250MedSep 28, 2018
    risk 0.42cvss 6.5epss 0.02

    Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. A remote authenticated user could potentially exploit this vulnerability to read files in NAS server by directly interacting with certain APIs of Unity OE, bypassing…

  • CVE-2018-1249MedJul 2, 2018
    risk 0.42cvss 6.5epss 0.01

    Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. A man-in-the-middle attacker could use this vulnerability to strip the SSL/TLS protection from a connection between a client and a server.

  • CVE-2018-11053MedJun 26, 2018
    risk 0.42cvss 6.5epss 0.00

    Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating…

  • CVE-2018-1242MedMay 29, 2018
    risk 0.42cvss 6.5epss 0.03

    Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files.…

  • CVE-2017-14384MedMar 16, 2018
    risk 0.42cvss 6.5epss 0.02

    In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in…

  • CVE-2016-6257MedAug 2, 2016
    risk 0.42cvss 6.5epss 0.01

    The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input…

  • CVE-2026-44275MedJun 9, 2026
    risk 0.41cvss 6.3epss 0.00

    Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write

  • CVE-2026-41116MedJun 9, 2026
    risk 0.41cvss 6.3epss 0.00

    Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write.

Page 3 of 31