Filtered by vendor Dell
Subscribe
Total
1275 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8216 | 1 Dell | 1 Emc Data Domain Os | 2020-01-23 | 7.2 HIGH | 6.7 MEDIUM |
| EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2016-8211 | 1 Dell | 1 Emc Data Protection Advisor | 2020-01-23 | 5.0 MEDIUM | 7.5 HIGH |
| EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2019-18588 | 1 Dell | 2 Emc Powermax, Emc Unisphere For Powermax | 2020-01-22 | 3.5 LOW | 5.4 MEDIUM |
| Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions. | |||||
| CVE-2019-18579 | 1 Dell | 2 Xps 7390, Xps 7390 Firmware | 2019-12-30 | 7.2 HIGH | 6.8 MEDIUM |
| Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt (and PCIe behind TBT) pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's system can obtain read or write access to main memory via a DMA attack during platform boot. | |||||
| CVE-2019-18580 | 1 Dell | 1 Emc Storage Monitoring And Reporting | 2019-12-16 | 10.0 HIGH | 10.0 CRITICAL |
| Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host. | |||||
| CVE-2019-3749 | 1 Dell | 1 Command Update | 2019-12-10 | 3.6 LOW | 5.5 MEDIUM |
| Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly. | |||||
| CVE-2019-3750 | 1 Dell | 1 Command Update | 2019-12-10 | 3.6 LOW | 5.5 MEDIUM |
| Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly. | |||||
| CVE-2017-8001 | 2 Dell, Linux | 2 Emc Scaleio, Linux Kernel | 2019-11-14 | 2.1 LOW | 8.4 HIGH |
| An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials. | |||||
| CVE-2019-3765 | 1 Dell | 2 Emc Avamar Server, Emc Integrated Data Protection Appliance | 2019-10-17 | 5.5 MEDIUM | 8.1 HIGH |
| Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place. | |||||
| CVE-2019-3745 | 1 Dell | 2 Encryption, Endpoint Security Suite Enterprise | 2019-10-11 | 6.9 MEDIUM | 7.3 HIGH |
| The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator. | |||||
| CVE-2019-3704 | 1 Dell | 2 Emc Vnx2, Emc Vnx2 Firmware | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability. | |||||
| CVE-2019-3754 | 1 Dell | 4 Emc Unity Operating Environment, Emc Unityvsa Operating Environment, Emc Vnxe3200 and 1 more | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser. | |||||
| CVE-2019-3712 | 1 Dell | 2 Windows Embedded Standard Wyse Device Agent, Wyse Thinlinux Hagent | 2019-10-09 | 8.3 HIGH | 8.8 HIGH |
| Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on the system with privileges of the FTP client by sending specially crafted input data to the affected system. The FTP code that contained the vulnerability has been removed. | |||||
| CVE-2019-3709 | 1 Dell | 1 Emc Isilonsd Management Server | 2019-10-09 | 9.3 HIGH | 9.6 CRITICAL |
| IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user. | |||||
| CVE-2019-3723 | 1 Dell | 1 Emc Openmanage Server Administrator | 2019-10-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation | |||||
| CVE-2019-3746 | 1 Dell | 5 Emc Idpa Dp4400, Emc Idpa Dp5800, Emc Idpa Dp8300 and 2 more | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system. | |||||
| CVE-2019-3726 | 1 Dell | 3 Client Platforms, Emc Servers, Update Package Framework | 2019-10-09 | 6.2 MEDIUM | 6.7 MEDIUM |
| An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. Dell Update Package (DUP) Framework file versions prior to 3.8.3.67 used in Dell Client Platforms. The vulnerability is limited to the DUP framework during the time window when a DUP is being executed by an administrator. During this time window, a locally authenticated low privilege malicious user potentially could exploit this vulnerability by tricking an administrator into running a trusted binary, causing it to load a malicious DLL and allowing the attacker to execute arbitrary code on the victim system. The vulnerability does not affect the actual binary payload that the DUP delivers. | |||||
| CVE-2019-3722 | 1 Dell | 1 Emc Openmanage Server Administrator | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request. | |||||
| CVE-2019-3708 | 1 Dell | 1 Emc Isilonsd Management Server | 2019-10-09 | 9.3 HIGH | 9.6 CRITICAL |
| IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user. | |||||
| CVE-2019-3747 | 1 Dell | 5 Emc Idpa Dp4400, Emc Idpa Dp5800, Emc Idpa Dp8300 and 2 more | 2019-10-09 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. | |||||