| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-31229 |
209 |
|
|
2022-06-28 |
2022-07-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources. |
|
2 |
CVE-2022-29097 |
22 |
|
+Priv Dir. Trav. |
2022-06-24 |
2022-07-06 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. |
|
3 |
CVE-2022-29091 |
79 |
|
Exec Code XSS |
2022-05-26 |
2022-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. |
|
4 |
CVE-2022-29085 |
522 |
|
+Priv |
2022-06-02 |
2022-06-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. |
|
5 |
CVE-2022-29082 |
295 |
|
|
2022-05-26 |
2022-06-08 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates. |
|
6 |
CVE-2022-24414 |
200 |
|
+Info |
2022-05-26 |
2022-06-07 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks. |
|
7 |
CVE-2022-24411 |
668 |
|
|
2022-04-12 |
2022-04-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees. |
|
8 |
CVE-2022-23160 |
269 |
|
|
2022-04-12 |
2022-04-20 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files. |
|
9 |
CVE-2022-23159 |
401 |
|
|
2022-04-12 |
2022-04-20 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity. |
|
10 |
CVE-2022-23156 |
287 |
|
|
2022-04-01 |
2022-04-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server. |
|
11 |
CVE-2022-22560 |
798 |
|
|
2022-04-12 |
2022-04-20 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline. |
|
12 |
CVE-2022-22550 |
522 |
|
|
2022-04-12 |
2022-04-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over. |
|
13 |
CVE-2021-36349 |
918 |
|
|
2022-01-24 |
2022-01-28 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts. |
|
14 |
CVE-2021-36339 |
269 |
|
|
2022-01-21 |
2022-01-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance. |
|
15 |
CVE-2021-36332 |
601 |
|
|
2021-11-23 |
2021-11-27 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites. |
|
16 |
CVE-2021-36329 |
639 |
|
|
2021-11-30 |
2021-12-02 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information. |
|
17 |
CVE-2021-36326 |
757 |
|
|
2021-11-30 |
2021-12-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format. |
|
18 |
CVE-2021-36318 |
522 |
|
|
2021-12-21 |
2022-01-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage. |
|
19 |
CVE-2021-36311 |
|
|
|
2021-11-23 |
2022-04-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. |
|
20 |
CVE-2021-36309 |
200 |
|
+Info |
2021-10-01 |
2021-10-08 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks. |
|
21 |
CVE-2021-36305 |
863 |
|
DoS |
2021-11-12 |
2021-11-17 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB. |
|
22 |
CVE-2021-36297 |
426 |
|
|
2021-09-28 |
2021-10-07 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll's, |
|
23 |
CVE-2021-36276 |
|
|
DoS |
2021-08-09 |
2022-04-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. |
|
24 |
CVE-2021-21600 |
772 |
|
DoS |
2021-08-10 |
2021-08-18 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. An authorized API user could potentially exploit this vulnerability via the web and desktop user interfaces, leading to denial of service in the manageability path. |
|
25 |
CVE-2021-21599 |
78 |
|
|
2021-08-16 |
2021-08-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. |
|
26 |
CVE-2021-21595 |
77 |
|
|
2021-08-16 |
2021-08-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. |
|
27 |
CVE-2021-21592 |
755 |
|
|
2021-08-16 |
2021-08-25 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure. |
|
28 |
CVE-2021-21591 |
200 |
|
+Priv +Info |
2021-07-12 |
2021-07-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. |
|
29 |
CVE-2021-21590 |
200 |
|
+Priv +Info |
2021-07-12 |
2021-07-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. |
|
30 |
CVE-2021-21589 |
|
|
|
2021-07-12 |
2021-07-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user could potentially exploit this vulnerability to escalate privileges. |
|
31 |
CVE-2021-21588 |
345 |
|
|
2021-07-12 |
2021-07-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead to configuration changes. |
|
32 |
CVE-2021-21584 |
200 |
|
+Info |
2021-08-09 |
2021-08-13 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials. |
|
33 |
CVE-2021-21581 |
79 |
|
XSS |
2021-08-03 |
2021-08-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link. |
|
34 |
CVE-2021-21580 |
74 |
|
|
2021-08-03 |
2021-08-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message is legitimate. |
|
35 |
CVE-2021-21577 |
79 |
|
XSS |
2021-08-03 |
2021-08-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link. |
|
36 |
CVE-2021-21576 |
79 |
|
XSS |
2021-08-03 |
2021-08-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link. |
|
37 |
CVE-2021-21570 |
78 |
|
|
2021-09-28 |
2021-10-01 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information. |
|
38 |
CVE-2021-21569 |
22 |
|
Dir. Trav. |
2021-09-28 |
2021-10-01 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information. |
|
39 |
CVE-2021-21568 |
|
|
|
2021-08-16 |
2022-05-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISI_PRIV_LOGIN_PAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change. |
|
40 |
CVE-2021-21567 |
269 |
|
|
2021-08-10 |
2022-04-26 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege. |
|
41 |
CVE-2021-21563 |
754 |
|
DoS |
2021-08-03 |
2021-08-11 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper Check for Unusual or Exceptional Conditions in its auditing component.This can lead to an authenticated user with low-privileges to trigger a denial of service event. |
|
42 |
CVE-2021-21551 |
|
|
DoS |
2021-05-04 |
2022-07-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. |
|
43 |
CVE-2021-21544 |
669 |
|
|
2021-04-30 |
2021-05-10 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user. |
|
44 |
CVE-2021-21541 |
79 |
|
Exec Code XSS |
2021-04-30 |
2021-05-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application. |
|
45 |
CVE-2021-21539 |
367 |
|
+Priv |
2021-04-30 |
2021-05-10 |
4.6 |
None |
Remote |
High |
??? |
Partial |
Partial |
Partial |
|
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface. |
|
46 |
CVE-2021-21533 |
20 |
|
DoS |
2021-04-02 |
2021-04-08 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job details |
|
47 |
CVE-2021-21531 |
669 |
|
Bypass |
2021-04-30 |
2021-05-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions. |
|
48 |
CVE-2021-21529 |
400 |
|
DoS |
2021-04-02 |
2021-04-08 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to cause the system to run out of memory by running multiple instances of the vulnerable application. |
|
49 |
CVE-2021-21514 |
22 |
|
Dir. Trav. |
2021-03-02 |
2021-03-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request. |
|
50 |
CVE-2021-21503 |
78 |
|
|
2021-03-08 |
2021-03-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation. |
