Dell Dell

  1. Vendors
  2. Dell

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Dell product.

RSS Feeds for Dell security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Dell products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Dell Sorted by Most Security Vulnerabilities since 2018

Dell Emc Powerscale Onefs75 vulnerabilities

Dell Powerscale Onefs61 vulnerabilities

Dell Wyse Management Suite36 vulnerabilities

Dell Bsafe Micro Edition Suite27 vulnerabilities

Dell Unity Operating Environment26 vulnerabilities

Dell Secure Connect Gateway25 vulnerabilities

Dell Supportassist For Home Pcs23 vulnerabilities

Dell Bsafe Crypto C Micro Edition19 vulnerabilities

Dell Bsafe Ssl J18 vulnerabilities

Dell Emc Networker17 vulnerabilities

Dell Supportassist For Business Pcs16 vulnerabilities

Dell Emc Unity Operating Environment16 vulnerabilities

Dell Smartfabric Os1016 vulnerabilities

Dell Solutions Enabler Virtual Appliance15 vulnerabilities

Dell Unisphere Powermax Virtual Appliance15 vulnerabilities

Dell Data Domain Operating System15 vulnerabilities

Dell Powermax Os14 vulnerabilities

Dell Policy Manager Secure Connect Gateway12 vulnerabilities

Dell Emc Unityvsa Operating Environment12 vulnerabilities

Dell Openmanage Enterprise11 vulnerabilities

Dell Unityvsa Operating Environment10 vulnerabilities

Dell Unity Xt Operating Environment10 vulnerabilities

Dell Command Update10 vulnerabilities

Dell Recoverpoint Virtual Machines10 vulnerabilities

Dell Hybrid Client10 vulnerabilities

Dell Bsafe Crypto J9 vulnerabilities

Dell Emc Unity Xt Operating Environment9 vulnerabilities

Dell Smartfabric Storage Software9 vulnerabilities

Dell Networking Os109 vulnerabilities

Dell Cloudlink8 vulnerabilities

Dell Powerpath Management Appliance8 vulnerabilities

Dell Enterprise Sonic Distribution7 vulnerabilities

Dell Alienware Update7 vulnerabilities

Dell Powerprotect Data Manager7 vulnerabilities

Dell Digital Delivery7 vulnerabilities

Dell Elastic Cloud Storage7 vulnerabilities

Dell Insightiq7 vulnerabilities

Dell Alienware Command Center6 vulnerabilities

Dell Endpoint Security Suite Enterprise6 vulnerabilities

Dell Openmanage Server Administrator6 vulnerabilities

Dell Display Manager6 vulnerabilities

Dell Emc Appsync6 vulnerabilities

Dell Emc Idrac Service Module6 vulnerabilities

Dell Emc Openmanage Server Administrator6 vulnerabilities

Dell Update6 vulnerabilities

Dell Power Manager5 vulnerabilities

Dell Thinos5 vulnerabilities

Dell Emc Unisphere For Powermax5 vulnerabilities

Dell Powerstoreos5 vulnerabilities

Dell Encryption5 vulnerabilities

Dell Emc Data Protection Central5 vulnerabilities

Dell Repository Manager5 vulnerabilities

Dell Networker5 vulnerabilities

Dell Solutions Enabler5 vulnerabilities

Dell Avamar Server4 vulnerabilities

Dell Unisphere 3604 vulnerabilities

Dell Rugged Control Center4 vulnerabilities

Dell Commandconfigure4 vulnerabilities

Dell Storage Manager4 vulnerabilities

Dell Peripheral Manager4 vulnerabilities

Dell Enterprise Sonic Os4 vulnerabilities

Dell Emc Solutions Enabler Virtual Appliance4 vulnerabilities

Dell Emc Secure Connect Gateway Policy Manager4 vulnerabilities

Dell Command Monitor3 vulnerabilities

Dell Data Lakehouse3 vulnerabilities

Dell Os Recovery Tool3 vulnerabilities

Dell Supportassist3 vulnerabilities

Dell Evasa Provider Virtual Appliance3 vulnerabilities

Dell Grab3 vulnerabilities

Known Exploited Dell Vulnerabilities

The following Dell vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Dell dbutil Driver Insufficient Access Control Vulnerability Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service, or information disclosure.
CVE-2021-21551 Exploit Probability: 60.5% 		March 31, 2022

The vulnerability CVE-2021-21551: Dell dbutil Driver Insufficient Access Control Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.

By the Year

In 2025 there have been 33 vulnerabilities in Dell with an average score of 6.4 out of ten. Last year, in 2024 Dell had 218 security vulnerabilities published. Right now, Dell is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.64




Year Vulnerabilities Average Score
2025 33 6.44
2024 218 7.08
2023 163 6.95
2022 124 7.21
2021 139 6.93
2020 34 7.38
2019 52 7.34
2018 57 7.21

It may take a day or so for new Dell vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Dell Security Vulnerabilities

Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability

CVE-2025-32752 4.6 - Medium - May 29, 2025

Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.

Cleartext Storage of Sensitive Information

Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file

CVE-2025-36572 - May 28, 2025

Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based on the hardcoded account's privileges.

Use of Hard-coded Credentials

Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check time-of-use (TOCTOU) race condition vulnerability

CVE-2025-30101 6.3 - Medium - May 08, 2025

Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check time-of-use (TOCTOU) race condition vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to denial of service and information tampering.

TOCTTOU

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability

CVE-2025-30102 5.5 - Medium - May 08, 2025

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to denial of service.

Memory Corruption

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability

CVE-2025-22477 8.8 - High - May 06, 2025

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges.

authentification

Dell Storage Center - Dell Storage Manager

CVE-2025-22478 8.1 - High - May 06, 2025

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.

XXE

Dell Storage Center - Dell Storage Manager

CVE-2025-22479 4.3 - Medium - May 06, 2025

Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.

Directory traversal

Dell Storage Center - Dell Storage Manager

CVE-2025-23379 5.2 - Medium - May 06, 2025

Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.

XSS

Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability

CVE-2025-23375 7.8 - High - April 28, 2025

Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Incorrect Use of Privileged APIs

Dell PowerProtect Data Manager Reporting

CVE-2025-23376 4.4 - Medium - April 28, 2025

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.

Code Injection

Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability

CVE-2025-23377 3.4 - Low - April 28, 2025

Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs.

Output Sanitization

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting

CVE-2025-26475 5.5 - Medium - March 19, 2025

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack exposure, preventing accidental misconfigurations, and ensuring security controls remain active.

authentification

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS

CVE-2025-23382 5.8 - Medium - March 19, 2025

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.c

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Dell ThinOS 2408 and prior, contains an improper permissions vulnerability

CVE-2025-27688 - March 18, 2025

Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Incorrect Permission Assignment for Critical Resource

Dell SmartFabric OS10 Software

CVE-2024-49561 7.8 - High - March 17, 2025

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Incorrect Privilege Assignment

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Use of Default Password vulnerability

CVE-2024-49559 8.8 - High - March 17, 2025

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Use of Default Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

1393

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability

CVE-2025-26331 - March 07, 2025

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Command Injection

Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability

CVE-2025-22480 7.8 - High - February 13, 2025

Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges.

insecure temporary file

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains an Improper certificate verification vulnerability

CVE-2024-29171 7.5 - High - February 12, 2025

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains an Improper certificate verification vulnerability. A remote attacker could potentially exploit this vulnerability, leading to information disclosure.

Improper Certificate Validation

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability

CVE-2024-29172 7.5 - High - February 12, 2025

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability. A remote attacker could potentially exploit this vulnerability, leading to a Denial of Service.

Improper Locking

Dell Update Manager Plugin

CVE-2025-22402 5.4 - Medium - February 07, 2025

Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Basic XSS

Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI

CVE-2025-21117 5.5 - Medium - February 05, 2025

Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the user.

Operation on a Resource after Expiration or Release

Dell PowerProtect DD

CVE-2025-22475 7.5 - High - February 04, 2025

Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.

Use of a Broken or Risky Cryptographic Algorithm

Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability

CVE-2024-53295 7.8 - High - February 01, 2025

Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.

Insufficient Granularity of Access Control

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability

CVE-2024-51534 7.1 - High - February 01, 2025

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service.

Directory traversal

Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI

CVE-2024-53296 4.9 - Medium - February 01, 2025

Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

Memory Corruption

Dell NetWorker

CVE-2025-21107 7.8 - High - January 30, 2025

Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Unquoted Search Path or Element

Dell Networking Switches running Enterprise SONiC OS

CVE-2025-23374 4.9 - Medium - January 30, 2025

Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Insertion of Sensitive Information into Log File

Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

CVE-2025-22394 7 - High - January 15, 2025

Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and possibly privilege escalation.

TOCTTOU

Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability

CVE-2025-21101 6.3 - Medium - January 15, 2025

Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. A local malicious user could potentially exploit this vulnerability during installation, leading to arbitrary folder or file deletion.

Race Condition

Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability

CVE-2024-47239 6.5 - Medium - January 08, 2025

Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service.

Resource Exhaustion

Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability

CVE-2025-22395 7.8 - High - January 07, 2025

Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker.

Improper Handling of Insufficient Permissions or Privileges

Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability

CVE-2024-47475 5.5 - Medium - January 06, 2025

Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service.

Incorrect Permission Assignment for Critical Resource

Dell ECS Arithmetic Overflow Vulnerability in Retention Period Handling

CVE-2024-51540 6.5 - Medium - December 26, 2024

Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete objects.

Integer Overflow or Wraparound

Dell ECS Authentication Bypass by Capture-replay Vulnerability

CVE-2024-52534 5.4 - Medium - December 25, 2024

Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft.

Authentication Bypass by Capture-replay

Dell NativeEdge Insecure Temporary File Creation Vulnerability

CVE-2024-52543 4.4 - Medium - December 25, 2024

Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure Permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Exposure of Resource to Wrong Sphere

Dell SupportAssist Symlink Attack Vulnerability in Software Remediation Component

CVE-2024-52535 8.8 - High - December 25, 2024

Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system.

insecure temporary file

Dell NativeEdge Exposure of Sensitive Information Through Metadata Vulnerability

CVE-2024-53291 7.5 - High - December 25, 2024

Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadata vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Exposure of Sensitive Information Through Metadata

Dell NativeEdge Privilege Escalation Vulnerability

CVE-2024-47978 7.8 - High - December 25, 2024

Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Execution with Unnecessary Privileges

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability

CVE-2024-51532 7.1 - High - December 19, 2024

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.

Argument Injection

Dell Inventory Collector Client Improper Link Resolution Vulnerability

CVE-2024-47480 7.8 - High - December 18, 2024

Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access.

insecure temporary file

Dell AppSync Symbolic Link Following Vulnerability

CVE-2024-52542 5.5 - Medium - December 17, 2024

Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering.

insecure temporary file

Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability

CVE-2024-24902 5.5 - Medium - December 13, 2024

Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. A low privileged local attacker could potentially exploit this vulnerability leading to gaining access to unauthorized data for a limited time.

Authorization

Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH

CVE-2024-28980 9.8 - Critical - December 13, 2024

Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

Use of a Broken or Risky Cryptographic Algorithm

Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability

CVE-2024-47984 6.5 - Medium - December 13, 2024

Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after reboot, resulting in need of technical support intervention in getting system back to stable state.

Improper Filtering of Special Elements

Dell RecoverPoint for Virtual Machines Hard-Coded Credentials Vulnerability

CVE-2024-48007 9.8 - Critical - December 13, 2024

Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data.

Use of Hard-coded Credentials

Dell RecoverPoint for Virtual Machines OS Command Injection Vulnerability

CVE-2024-22461 8.8 - High - December 13, 2024

Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system.

Shell injection

Dell RecoverPoint for Virtual Machines OS Command Injection Vulnerability

CVE-2024-48008 6.5 - Medium - December 13, 2024

Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. An Low privileged remote attacker could potentially exploit this vulnerability leading to information disclosure ,allowing of unintended actions like reading files that may contain sensitive information

Shell injection

Dell RecoverPoint for VMs Authentication Bypass Vulnerability

CVE-2024-38488 9.8 - Critical - December 13, 2024

Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Excessive Authentication vulnerability where a Network attacker could potentially exploit this vulnerability, leading to a brute force attack or a dictionary attack against the RecoverPoint login form and a complete system compromise. This allows attackers to brute-force the password of valid users in an automated manner.

Improper Restriction of Excessive Authentication Attempts

Dell ThinOS TOCTOU Race Condition Vulnerability

CVE-2024-53289 7 - High - December 11, 2024

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

TOCTTOU

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.