CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Dell : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-29098 521 2022-06-01 2022-06-08
5.0
None Remote Low Not required Partial None None
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise.
2 CVE-2022-24424 22 +Priv Dir. Trav. 2022-04-21 2022-05-03
5.0
None Remote Low Not required Partial None None
Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.
3 CVE-2022-24412 2022-04-12 2022-04-20
5.0
None Remote Low Not required None None Partial
Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service.
4 CVE-2022-23161 2022-04-12 2022-05-11
5.0
None Remote Low Not required None None Partial
Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker may potentially exploit this vulnerability, leading to denial-of-service.
5 CVE-2022-22565 2022-04-12 2022-04-20
5.5
None Remote Low ??? Partial Partial None
Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerability, leading to disclosure or modification of sensitive data.
6 CVE-2022-22562 2022-04-12 2022-04-20
5.0
None Remote Low Not required None None Partial
Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. An unauthenticated network attacker could potentially exploit this denial-of-service vulnerability.
7 CVE-2022-22559 327 2022-04-12 2022-04-20
5.0
None Remote Low Not required Partial None None
Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for information disclosure.
8 CVE-2022-22552 1021 2022-01-21 2022-01-27
5.8
None Remote Medium Not required Partial Partial None
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations.
9 CVE-2022-22551 384 2022-01-21 2022-01-27
5.8
None Local Network Low Not required Partial Partial Partial
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session.
10 CVE-2021-43588 20 DoS 2022-01-24 2022-01-28
5.0
None Remote Low Not required None None Partial
Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.
11 CVE-2021-36350 287 Bypass 2021-12-21 2022-01-05
5.0
None Remote Low Not required None Partial None
Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication.
12 CVE-2021-36338 669 2022-01-21 2022-01-28
5.2
None Local Network Low ??? Partial Partial Partial
Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.
13 CVE-2021-36337 326 2021-12-21 2021-12-27
5.8
None Remote Medium Not required Partial Partial None
Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data.
14 CVE-2021-36327 918 2021-11-30 2021-12-01
5.0
None Remote Low Not required Partial None None
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice.
15 CVE-2021-36299 89 DoS Sql 2021-11-23 2021-11-27
5.5
None Remote Low ??? Partial None Partial
Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application.
16 CVE-2021-21596 200 Exec Code +Info 2021-08-09 2021-08-13
5.8
None Local Network Low Not required Partial Partial Partial
Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability leading to information disclosure and a possible elevation of privileges.
17 CVE-2021-21594 598 2021-08-16 2021-08-25
5.0
None Remote Low Not required Partial None None
Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity.
18 CVE-2021-21579 601 2021-08-03 2021-08-09
5.8
None Remote Medium Not required Partial Partial None
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
19 CVE-2021-21578 601 2021-08-03 2021-08-09
5.8
None Remote Medium Not required Partial Partial None
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
20 CVE-2021-21565 400 DoS 2021-08-03 2021-08-11
5.0
None Remote Low Not required None None Partial
Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.
21 CVE-2021-21540 787 Overflow 2021-04-30 2021-05-10
5.5
None Remote Low ??? None Partial Partial
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload.
22 CVE-2021-21532 20 2021-04-02 2021-04-13
5.8
None Local Network Low Not required Partial Partial Partial
Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file.
23 CVE-2021-21528 2021-11-12 2021-11-17
5.0
None Remote Low Not required Partial None None
Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions.
24 CVE-2021-21511 +Priv 2021-02-15 2022-04-26
5.5
None Remote Low ??? Partial Partial None
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data.
25 CVE-2021-21510 74 2021-03-08 2021-03-12
5.8
None Remote Medium Not required Partial Partial None
Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.
26 CVE-2020-29505 331 2022-07-11 2022-07-25
5.0
None Remote Low Not required Partial None None
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability.
27 CVE-2020-29498 601 2021-01-04 2021-01-06
5.8
None Remote Medium Not required Partial Partial None
Dell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
28 CVE-2020-29494 22 Dir. Trav. 2021-01-14 2021-01-21
5.5
None Remote Low ??? None Partial Partial
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.
29 CVE-2020-26195 755 2021-02-09 2021-02-12
5.0
None Remote Low Not required None None Partial
Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system.
30 CVE-2020-26185 125 2022-06-01 2022-07-25
5.0
None Remote Low Not required None None Partial
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.
31 CVE-2020-26184 295 2022-06-01 2022-07-25
5.0
None Remote Low Not required Partial None None
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability.
32 CVE-2020-5386 668 2020-09-02 2020-09-11
5.0
None Remote Low Not required Partial None None
Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system.
33 CVE-2020-5383 119 Overflow 2020-08-27 2020-09-04
5.0
None Remote Low Not required None None Partial
Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart.
34 CVE-2020-5374 798 2020-07-14 2020-07-21
5.0
None Remote Low Not required Partial None None
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker may exploit this vulnerability to gain access to the appliance data for remotely managed devices.
35 CVE-2020-5373 306 2020-07-14 2020-07-21
5.0
None Remote Low Not required Partial None None
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device.
36 CVE-2020-5365 330 2020-05-20 2020-05-21
5.0
None Remote Low Not required Partial None None
Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable.
37 CVE-2020-5364 200 +Info 2020-05-20 2020-05-21
5.0
None Remote Low Not required Partial None None
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access.
38 CVE-2020-5360 125 2020-12-16 2021-12-09
5.0
None Remote Low Not required None None Partial
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems.
39 CVE-2020-5359 252 2020-12-16 2021-12-09
5.0
None Remote Low Not required None Partial None
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data.
40 CVE-2020-5351 798 +Priv 2021-07-28 2021-08-06
5.0
None Remote Low Not required Partial None None
Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious user with the knowledge of the hard-coded password may login to the system and gain read-only privileges.
41 CVE-2020-5347 400 DoS 2020-04-04 2020-04-06
5.0
None Remote Low Not required None None Partial
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.
42 CVE-2020-5345 862 Exec Code Bypass 2020-06-23 2020-07-02
5.5
None Remote Low ??? None Partial Partial
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.
43 CVE-2020-5329 601 2021-07-29 2021-08-06
5.8
None Remote Medium Not required Partial Partial None
Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
44 CVE-2020-5323 74 +Priv 2021-07-19 2022-07-15
5.5
None Remote Low ??? Partial None Partial
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an injection vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to gain access to sensitive information or cause denial-of-service.
45 CVE-2020-5321 20 2021-07-19 2021-07-29
5.5
None Remote Low ??? None Partial Partial
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an improper input validation vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to spawn tasks with elevated privileges.
46 CVE-2020-5318 863 2020-02-06 2020-02-11
5.0
None Remote Low Not required Partial None None
Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication.
47 CVE-2019-3765 732 2019-10-09 2019-10-17
5.5
None Remote Low ??? Partial Partial None
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.
48 CVE-2019-3762 295 2020-03-18 2020-03-27
5.0
None Remote Low Not required None Partial None
Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data.
49 CVE-2019-3759 94 2019-09-11 2020-08-31
5.5
None Remote Low ??? Partial Partial None
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system.
50 CVE-2019-3751 295 2019-09-03 2020-02-10
5.8
None Remote Medium Not required Partial Partial None
Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.
Total number of vulnerabilities : 102   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.