Dell : Security Vulnerabilities CVSS score >= 9
Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution.
Max Base Score | 9.8 |
Published | 2023-08-16 |
Updated | 2023-08-22 |
EPSS | 0.20% |
Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.
Max Base Score | 9.0 |
Published | 2023-07-21 |
Updated | 2023-07-31 |
EPSS | 0.05% |
Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity.
Max Base Score | 9.8 |
Published | 2023-05-31 |
Updated | 2023-06-07 |
EPSS | 0.18% |
EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker Client execution service (nsrexecd) irrespective of any auth used.
Max Base Score | 9.8 |
Published | 2023-02-03 |
Updated | 2023-02-24 |
EPSS | 0.27% |
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution.
Max Base Score | 9.8 |
Published | 2023-02-01 |
Updated | 2023-02-08 |
EPSS | 0.20% |
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system.
Max Base Score | 9.8 |
Published | 2023-02-01 |
Updated | 2023-02-08 |
EPSS | 0.12% |
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges.
Max Base Score | 9.8 |
Published | 2023-01-18 |
Updated | 2023-01-25 |
EPSS | 0.09% |
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges.
Max Base Score | 9.8 |
Published | 2023-01-11 |
Updated | 2023-01-19 |
EPSS | 0.09% |
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges.
Max Base Score | 9.8 |
Published | 2023-01-11 |
Updated | 2023-01-19 |
EPSS | 0.09% |
Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system.
Max Base Score | 9.3 |
Published | 2022-09-01 |
Updated | 2022-09-07 |
EPSS | 0.04% |
Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system.
Max Base Score | 9.8 |
Published | 2022-09-01 |
Updated | 2022-09-07 |
EPSS | 0.34% |
Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality
Max Base Score | 9.8 |
Published | 2022-09-01 |
Updated | 2022-09-07 |
EPSS | 0.16% |
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise.
Max Base Score | 9.8 |
Published | 2022-09-02 |
Updated | 2022-09-08 |
EPSS | 0.17% |
Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity.
Max Base Score | 10.0 |
Published | 2022-07-07 |
Updated | 2022-07-15 |
EPSS | 0.17% |
Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts Vulnerability in PowerStore Manager GUI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users.
Max Base Score | 9.8 |
Published | 2022-07-21 |
Updated | 2022-07-30 |
EPSS | 0.26% |
SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.
Max Base Score | 9.8 |
Published | 2022-08-30 |
Updated | 2022-09-08 |
EPSS | 0.23% |
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.
Max Base Score | 10.0 |
Published | 2022-06-28 |
Updated | 2022-07-11 |
EPSS | 0.17% |
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.
Max Base Score | 9.6 |
Published | 2022-06-28 |
Updated | 2022-07-09 |
EPSS | 0.06% |
Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account.
Max Base Score | 9.8 |
Published | 2022-10-12 |
Updated | 2022-10-14 |
EPSS | 0.16% |
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system.
Max Base Score | 9.6 |
Published | 2022-06-10 |
Updated | 2022-06-17 |
EPSS | 0.25% |
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users.
Max Base Score | 10.0 |
Published | 2022-06-02 |
Updated | 2022-06-13 |
EPSS | 0.26% |
Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit.
Max Base Score | 9.8 |
Published | 2022-10-21 |
Updated | 2022-10-24 |
EPSS | 0.21% |
Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution.
Max Base Score | 9.8 |
Published | 2022-06-02 |
Updated | 2022-06-13 |
EPSS | 0.31% |
Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions.
Max Base Score | 9.0 |
Published | 2022-05-26 |
Updated | 2023-06-28 |
EPSS | 0.16% |
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access
Max Base Score | 10.0 |
Published | 2022-04-08 |
Updated | 2022-04-14 |
EPSS | 0.19% |