| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-33936 |
|
|
|
2022-07-07 |
2022-07-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity. |
|
2 |
CVE-2022-31230 |
327 |
|
|
2022-06-28 |
2022-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access. |
|
3 |
CVE-2022-29084 |
307 |
|
|
2022-06-02 |
2022-06-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users. |
|
4 |
CVE-2022-26854 |
327 |
|
|
2022-04-08 |
2022-04-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access |
|
5 |
CVE-2022-24422 |
287 |
|
|
2022-05-26 |
2022-06-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console. |
|
6 |
CVE-2022-23155 |
434 |
|
Exec Code |
2022-04-01 |
2022-04-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system. |
|
7 |
CVE-2021-36313 |
78 |
|
Exec Code |
2021-11-23 |
2021-11-24 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it may be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity. |
|
8 |
CVE-2021-36308 |
287 |
|
Bypass |
2021-11-20 |
2022-04-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system. |
|
9 |
CVE-2021-36306 |
287 |
|
Bypass |
2021-11-20 |
2021-11-23 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system. |
|
10 |
CVE-2021-21585 |
78 |
|
Exec Code |
2021-08-09 |
2021-08-13 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands. |
|
11 |
CVE-2021-21524 |
502 |
|
Exec Code |
2021-04-12 |
2021-04-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Critical as this may lead to system compromise by unauthenticated attackers. |
|
12 |
CVE-2020-29495 |
78 |
|
Exec Code |
2021-01-14 |
2021-01-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity. |
|
13 |
CVE-2020-5353 |
276 |
|
|
2021-07-29 |
2021-08-06 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system. |
|
14 |
CVE-2020-5352 |
78 |
|
Exec Code |
2020-07-06 |
2020-07-13 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system. |
|
15 |
CVE-2020-5350 |
78 |
|
Exec Code |
2020-04-15 |
2020-04-23 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component. |
|
16 |
CVE-2020-5349 |
798 |
|
+Priv |
2021-07-19 |
2021-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Dell EMC Networking S4100 and S5200 Series Switches manufactured prior to February 2020 contain a hardcoded credential vulnerability. A remote unauthenticated malicious user could exploit this vulnerability and gain administrative privileges. |
|
17 |
CVE-2020-5341 |
502 |
|
Exec Code |
2021-07-28 |
2021-08-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system. |
|
18 |
CVE-2020-5328 |
306 |
|
|
2020-03-06 |
2020-03-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur. |
|
19 |
CVE-2020-5327 |
502 |
|
Exec Code |
2020-03-06 |
2020-03-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host. |
|
20 |
CVE-2020-5322 |
78 |
|
Exec Code |
2021-07-19 |
2021-07-29 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Dell EMC OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a command injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit the vulnerability to execute arbitrary shell commands on the affected system. |
|
21 |
CVE-2019-18582 |
94 |
|
Exec Code |
2020-03-18 |
2020-03-24 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to inject malicious report generation scripts in the server. This may lead to OS command execution as the regular user runs the DPA service on the affected system. |
|
22 |
CVE-2019-18581 |
862 |
|
Exec Code |
2020-03-18 |
2020-03-24 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application’s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system. |
|
23 |
CVE-2019-18580 |
502 |
|
Exec Code |
2019-11-26 |
2019-12-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host. |
|
24 |
CVE-2019-3709 |
79 |
|
Exec Code XSS |
2019-04-17 |
2019-10-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user. |
|
25 |
CVE-2019-3708 |
79 |
|
Exec Code XSS |
2019-04-17 |
2019-10-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user. |
|
26 |
CVE-2019-3707 |
|
|
Bypass |
2019-04-26 |
2020-08-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted input data to the WS-MAN interface. |
|
27 |
CVE-2019-3706 |
|
|
Bypass |
2019-04-26 |
2020-08-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface. |
|
28 |
CVE-2019-3705 |
787 |
|
Exec Code Overflow |
2019-04-26 |
2020-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system. |
|
29 |
CVE-2018-15767 |
863 |
|
|
2018-11-30 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file. |
|
30 |
CVE-2018-11066 |
|
|
Exec Code |
2018-11-26 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server. |
|
31 |
CVE-2018-11062 |
798 |
|
+Priv |
2018-11-02 |
2019-01-30 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files. |
|
32 |
CVE-2018-1239 |
78 |
|
Exec Code |
2018-05-08 |
2019-01-07 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed. |
|
33 |
CVE-2018-1216 |
798 |
|
|
2018-03-08 |
2018-03-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). They contain an undocumented default account (smc) with a hard-coded password that may be used with certain web servlets. A remote attacker with the knowledge of the hard-coded password and the message format may use vulnerable servlets to gain unauthorized access to the system. Note: This account cannot be used to log in via the web user interface. |
|
34 |
CVE-2018-1215 |
434 |
|
|
2018-03-08 |
2018-03-29 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). A remote authenticated malicious user may potentially upload arbitrary maliciously crafted files in any location on the web server. By chaining this vulnerability with CVE-2018-1216, the attacker may use the default account to exploit this vulnerability. |
|
35 |
CVE-2018-1212 |
77 |
|
Exec Code |
2018-07-02 |
2019-10-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system. |
|
36 |
CVE-2017-14375 |
290 |
|
Bypass |
2017-11-01 |
2021-08-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system. |
|
37 |
CVE-2017-8023 |
287 |
|
Exec Code |
2019-04-01 |
2019-04-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges. |
|
38 |
CVE-2017-8021 |
1188 |
|
|
2017-10-03 |
2020-08-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. |
|
39 |
CVE-2017-8011 |
798 |
|
|
2017-07-17 |
2021-09-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system. |
|
40 |
CVE-2017-4997 |
20 |
|
Exec Code |
2017-06-29 |
2021-09-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
|
41 |
CVE-2016-9684 |
77 |
|
|
2017-02-22 |
2018-10-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL certificate information. The CGI application doesn't properly escape the information it's passed in the 'CERT' variable before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. |
|
42 |
CVE-2016-9683 |
77 |
|
|
2017-02-22 |
2018-10-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doesn't properly escape the information it's passed when processing a particular multi-part form request involving scripts. The filename of the 'scriptname' variable is read in unsanitized before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. This is SonicWall Issue ID 181195. |
|
43 |
CVE-2016-9682 |
77 |
|
|
2017-02-22 |
2018-10-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out information about the state of the system. The application doesn't properly escape the information passed in the 'tsrDeleteRestartedFile' or 'currentTSREmailTo' variables before making a call to system(), allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. |
|
44 |
CVE-2016-6646 |
20 |
|
Exec Code |
2016-10-05 |
2021-08-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class. |
|
45 |
CVE-2016-6645 |
20 |
|
Exec Code |
2016-10-05 |
2021-08-05 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class. |
|
46 |
CVE-2016-0912 |
264 |
|
Bypass |
2016-06-19 |
2020-12-07 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account's session at an unattended workstation. |
|
47 |
CVE-2016-0889 |
20 |
|
|
2016-04-15 |
2021-08-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname. |
|
48 |
CVE-2015-4067 |
189 |
|
Exec Code Overflow |
2015-05-29 |
2016-12-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which triggers a heap-based buffer overflow. |
|
49 |
CVE-2013-4785 |
|
|
|
2013-07-08 |
2013-09-27 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet." |
|
50 |
CVE-2013-4783 |
287 |
1
|
Exec Code Bypass |
2013-07-08 |
2013-09-27 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet." |
