ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.
Max CVSS
6.1
EPSS Score
0.05%
Published
2024-01-12
Updated
2024-01-22
RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message.
Source: Dell
Max CVSS
6.5
EPSS Score
0.09%
Published
2020-01-03
Updated
2020-01-14
RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to the browser DOM, which code is then executed by the web browser in the context of the vulnerable web application.
Source: Dell
Max CVSS
6.1
EPSS Score
0.14%
Published
2018-09-28
Updated
2020-03-27
RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.
Source: Dell
Max CVSS
6.5
EPSS Score
0.09%
Published
2018-09-28
Updated
2020-03-27
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.
Source: Dell
Max CVSS
6.1
EPSS Score
0.07%
Published
2018-07-13
Updated
2019-10-09
RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.
Source: Dell
Max CVSS
6.1
EPSS Score
0.12%
Published
2018-06-21
Updated
2020-03-27
RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.
Source: Dell
Max CVSS
6.5
EPSS Score
0.14%
Published
2018-06-21
Updated
2020-03-27
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read.
Source: Dell
Max CVSS
6.5
EPSS Score
0.08%
Published
2018-05-29
Updated
2020-08-24
EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature. A remote attacker may potentially exploit this vulnerability to redirect genuine users to phishing websites with the intent of obtaining sensitive information from the users.
Source: Dell
Max CVSS
6.1
EPSS Score
0.13%
Published
2018-03-08
Updated
2018-03-26
The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an "NFS Export Security Setting Fallback Vulnerability."
Source: Dell
Max CVSS
6.5
EPSS Score
0.07%
Published
2017-12-20
Updated
2019-10-03
EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Source: Dell
Max CVSS
6.1
EPSS Score
0.14%
Published
2017-10-31
Updated
2017-11-21
EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system.
Source: Dell
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-10-18
Updated
2017-11-07
EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Source: Dell
Max CVSS
6.1
EPSS Score
0.14%
Published
2017-10-11
Updated
2017-11-03
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application.
Source: Dell
Max CVSS
6.8
EPSS Score
0.35%
Published
2017-07-09
Updated
2017-07-17
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.
Source: Dell
Max CVSS
6.1
EPSS Score
0.13%
Published
2017-06-09
Updated
2022-04-29
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred.
Source: Dell
Max CVSS
6.1
EPSS Score
0.15%
Published
2017-07-07
Updated
2017-07-17
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users' discussion forum messages.
Source: Dell
Max CVSS
6.5
EPSS Score
0.13%
Published
2017-07-07
Updated
2017-07-11
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application.
Source: Dell
Max CVSS
6.5
EPSS Score
0.18%
Published
2017-02-03
Updated
2017-07-25
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
Source: Dell
Max CVSS
6.1
EPSS Score
0.12%
Published
2017-02-03
Updated
2017-07-25
EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Source: Dell
Max CVSS
6.1
EPSS Score
0.14%
Published
2017-01-25
Updated
2017-02-11
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers.
Source: Dell
Max CVSS
6.7
EPSS Score
0.05%
Published
2017-01-25
Updated
2017-02-11
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Source: Dell
Max CVSS
6.1
EPSS Score
0.13%
Published
2017-01-23
Updated
2017-02-11
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Source: Dell
Max CVSS
6.1
EPSS Score
0.13%
Published
2016-09-18
Updated
2016-11-28
Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files.
Source: Dell
Max CVSS
6.1
EPSS Score
0.08%
Published
2016-09-18
Updated
2016-11-28
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program.
Source: Dell
Max CVSS
6.9
EPSS Score
0.04%
Published
2016-09-21
Updated
2017-07-30
70 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!