| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-29098 |
521 |
|
|
2022-06-01 |
2022-06-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise. |
|
2 |
CVE-2022-24424 |
22 |
|
+Priv Dir. Trav. |
2022-04-21 |
2022-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. |
|
3 |
CVE-2022-24412 |
|
|
|
2022-04-12 |
2022-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service. |
|
4 |
CVE-2022-23161 |
|
|
|
2022-04-12 |
2022-05-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker may potentially exploit this vulnerability, leading to denial-of-service. |
|
5 |
CVE-2022-22565 |
|
|
|
2022-04-12 |
2022-04-20 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerability, leading to disclosure or modification of sensitive data. |
|
6 |
CVE-2022-22562 |
|
|
|
2022-04-12 |
2022-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. An unauthenticated network attacker could potentially exploit this denial-of-service vulnerability. |
|
7 |
CVE-2022-22559 |
327 |
|
|
2022-04-12 |
2022-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for information disclosure. |
|
8 |
CVE-2022-22552 |
1021 |
|
|
2022-01-21 |
2022-01-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations. |
|
9 |
CVE-2022-22551 |
384 |
|
|
2022-01-21 |
2022-01-27 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session. |
|
10 |
CVE-2021-43588 |
20 |
|
DoS |
2022-01-24 |
2022-01-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. |
|
11 |
CVE-2021-36350 |
287 |
|
Bypass |
2021-12-21 |
2022-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication. |
|
12 |
CVE-2021-36338 |
669 |
|
|
2022-01-21 |
2022-01-28 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
|
Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. |
|
13 |
CVE-2021-36337 |
326 |
|
|
2021-12-21 |
2021-12-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. |
|
14 |
CVE-2021-36327 |
918 |
|
|
2021-11-30 |
2021-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice. |
|
15 |
CVE-2021-36299 |
89 |
|
DoS Sql |
2021-11-23 |
2021-11-27 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application. |
|
16 |
CVE-2021-21596 |
200 |
|
Exec Code +Info |
2021-08-09 |
2021-08-13 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability leading to information disclosure and a possible elevation of privileges. |
|
17 |
CVE-2021-21594 |
598 |
|
|
2021-08-16 |
2021-08-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity. |
|
18 |
CVE-2021-21579 |
601 |
|
|
2021-08-03 |
2021-08-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. |
|
19 |
CVE-2021-21578 |
601 |
|
|
2021-08-03 |
2021-08-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. |
|
20 |
CVE-2021-21565 |
400 |
|
DoS |
2021-08-03 |
2021-08-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses. |
|
21 |
CVE-2021-21540 |
787 |
|
Overflow |
2021-04-30 |
2021-05-10 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload. |
|
22 |
CVE-2021-21532 |
20 |
|
|
2021-04-02 |
2021-04-13 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file. |
|
23 |
CVE-2021-21528 |
|
|
|
2021-11-12 |
2021-11-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions. |
|
24 |
CVE-2021-21511 |
|
|
+Priv |
2021-02-15 |
2022-04-26 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data. |
|
25 |
CVE-2021-21510 |
74 |
|
|
2021-03-08 |
2021-03-12 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections. |
|
26 |
CVE-2020-29505 |
331 |
|
|
2022-07-11 |
2022-07-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability. |
|
27 |
CVE-2020-29498 |
601 |
|
|
2021-01-04 |
2021-01-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Dell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. |
|
28 |
CVE-2020-29494 |
22 |
|
Dir. Trav. |
2021-01-14 |
2021-01-21 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files. |
|
29 |
CVE-2020-26195 |
755 |
|
|
2021-02-09 |
2021-02-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system. |
|
30 |
CVE-2020-26185 |
125 |
|
|
2022-06-01 |
2022-07-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability. |
|
31 |
CVE-2020-26184 |
295 |
|
|
2022-06-01 |
2022-07-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability. |
|
32 |
CVE-2020-5386 |
668 |
|
|
2020-09-02 |
2020-09-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system. |
|
33 |
CVE-2020-5383 |
119 |
|
Overflow |
2020-08-27 |
2020-09-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart. |
|
34 |
CVE-2020-5374 |
798 |
|
|
2020-07-14 |
2020-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker may exploit this vulnerability to gain access to the appliance data for remotely managed devices. |
|
35 |
CVE-2020-5373 |
306 |
|
|
2020-07-14 |
2020-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device. |
|
36 |
CVE-2020-5365 |
330 |
|
|
2020-05-20 |
2020-05-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable. |
|
37 |
CVE-2020-5364 |
200 |
|
+Info |
2020-05-20 |
2020-05-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access. |
|
38 |
CVE-2020-5360 |
125 |
|
|
2020-12-16 |
2021-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems. |
|
39 |
CVE-2020-5359 |
252 |
|
|
2020-12-16 |
2021-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data. |
|
40 |
CVE-2020-5351 |
798 |
|
+Priv |
2021-07-28 |
2021-08-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious user with the knowledge of the hard-coded password may login to the system and gain read-only privileges. |
|
41 |
CVE-2020-5347 |
400 |
|
DoS |
2020-04-04 |
2020-04-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses. |
|
42 |
CVE-2020-5345 |
862 |
|
Exec Code Bypass |
2020-06-23 |
2020-07-02 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics. |
|
43 |
CVE-2020-5329 |
601 |
|
|
2021-07-29 |
2021-08-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. |
|
44 |
CVE-2020-5323 |
74 |
|
+Priv |
2021-07-19 |
2022-07-15 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an injection vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to gain access to sensitive information or cause denial-of-service. |
|
45 |
CVE-2020-5321 |
20 |
|
|
2021-07-19 |
2021-07-29 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an improper input validation vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to spawn tasks with elevated privileges. |
|
46 |
CVE-2020-5318 |
863 |
|
|
2020-02-06 |
2020-02-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication. |
|
47 |
CVE-2019-3765 |
732 |
|
|
2019-10-09 |
2019-10-17 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place. |
|
48 |
CVE-2019-3762 |
295 |
|
|
2020-03-18 |
2020-03-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data. |
|
49 |
CVE-2019-3759 |
94 |
|
|
2019-09-11 |
2020-08-31 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system. |
|
50 |
CVE-2019-3751 |
295 |
|
|
2019-09-03 |
2020-02-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit. |
