Dell
Products by Dell Sorted by Most Security Vulnerabilities since 2018
Known Exploited Dell Vulnerabilities
The following Dell vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Dell dbutil Driver Insufficient Access Control Vulnerability | Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service, or information disclosure. CVE-2021-21551 | March 31, 2022 |
By the Year
In 2023 there have been 150 vulnerabilities in Dell with an average score of 6.9 out of ten. Last year Dell had 124 security vulnerabilities published. That is, 26 more vulnerabilities have already been reported in 2023 as compared to last year. Last year, the average CVE base score was greater by 0.27
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 150 | 6.95 |
2022 | 124 | 7.21 |
2021 | 139 | 6.93 |
2020 | 34 | 7.38 |
2019 | 52 | 7.34 |
2018 | 57 | 7.21 |
It may take a day or so for new Dell vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Dell Security Vulnerabilities
Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability
CVE-2023-39256
7.8 - High
- December 02, 2023
Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product installation and upgrade, leading to privilege escalation on the system.
Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability
CVE-2023-39257
7.8 - High
- December 02, 2023
Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product installation repair is performed, leading to privilege escalation on the system.
Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder
CVE-2023-43089
3.3 - Low
- December 01, 2023
Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources.
Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability
CVE-2023-39253
7.8 - High
- November 23, 2023
Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.
Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability
CVE-2023-43086
7.8 - High
- November 23, 2023
Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.
Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability
CVE-2023-44289
7.8 - High
- November 23, 2023
Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.
Dell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability
CVE-2023-44290
7.8 - High
- November 23, 2023
Dell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.
Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component
CVE-2023-43082
5.9 - Medium
- November 22, 2023
Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate.
Improper Certificate Validation
PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component
CVE-2023-43081
3.3 - Low
- November 22, 2023
PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, leading to overwriting of log files.
Incorrect Default Permissions
Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module
CVE-2023-44282
7.8 - High
- November 16, 2023
Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.
Improper Privilege Management
Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module
CVE-2023-44292
7.8 - High
- November 16, 2023
Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.
Improper Privilege Management
Dell Encryption
CVE-2023-39246
7.3 - High
- November 16, 2023
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation
insecure temporary file
Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability
CVE-2023-39259
7.8 - High
- November 16, 2023
Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.
Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability
CVE-2023-44296
5.5 - Medium
- November 16, 2023
Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information.
Use of Hard-coded Credentials
Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability
CVE-2023-43076
6.5 - Medium
- November 02, 2023
Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. A low privilege remote attacker could potentially exploit this vulnerability to cause an out of memory (OOM) condition.
Memory Leak
Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions
CVE-2023-43087
6.5 - Medium
- November 02, 2023
Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure.
Improper Handling of Exceptional Conditions
Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability
CVE-2023-43066
7.8 - High
- October 23, 2023
Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands.
Shell injection
Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability
CVE-2023-43067
6.5 - Medium
- October 23, 2023
Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system.
XXE
Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability
CVE-2023-43065
5.4 - Medium
- October 23, 2023
Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges.
XSS
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability
CVE-2023-43074
7.5 - High
- October 23, 2023
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.
Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability
CVE-2023-43079
7.8 - High
- October 13, 2023
Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system. Exploitation may lead to a complete system compromise.
Authorization
Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability
CVE-2023-32485
9.8 - Critical
- October 05, 2023
Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity.
Improper Input Validation
Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the more command
CVE-2023-4401
8.8 - High
- October 05, 2023
Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the more command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.
Shell injection
Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration
CVE-2023-43073
6.5 - Medium
- October 05, 2023
Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data.
Improper Input Validation
Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI
CVE-2023-43072
7.8 - High
- October 05, 2023
Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.
Authorization
Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection
CVE-2023-43071
5.4 - Medium
- October 05, 2023
Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks.
CSV Injection
Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface
CVE-2023-43070
6.5 - Medium
- October 05, 2023
Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container.
Directory traversal
Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI
CVE-2023-43069
7.8 - High
- October 05, 2023
Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker.
Shell injection
Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH
CVE-2023-43068
8.8 - High
- October 05, 2023
Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands.
Shell injection
Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability
CVE-2023-32477
7.8 - High
- September 29, 2023
Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. A local low-privileged malicious user may potentially exploit this vulnerability to gain elevated privileges.
Authorization
Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability
CVE-2023-4129
7.5 - High
- September 27, 2023
Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.
Inadequate Encryption Strength
Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client
CVE-2023-28055
8.8 - High
- September 27, 2023
Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.
AuthZ
Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability
CVE-2023-39252
5.9 - Medium
- September 21, 2023
Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.
Use of a Broken or Risky Cryptographic Algorithm
SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability
CVE-2023-3039
7.8 - High
- September 12, 2023
SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.
Authorization
Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability
CVE-2023-32470
5.5 - Medium
- September 08, 2023
Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).
1386
Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability
CVE-2023-28072
7.8 - High
- September 04, 2023
Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. A local malicious user could potentially send specially crafted requests to the .NET Remoting server to run arbitrary code on the system.
Marshaling, Unmarshaling
Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability
CVE-2023-32457
8.8 - High
- August 29, 2023
Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentially exploit this vulnerability, leading to escalation of privileges.
Improper Privilege Management
Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability
CVE-2023-39250
5.5 - Medium
- August 16, 2023
Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.
Inclusion of Sensitive Information in Source Code
Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability
CVE-2023-32486
7.8 - High
- August 16, 2023
Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. A low privilege local attacker could potentially exploit this vulnerability, leading to escalation of privileges.
Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability
CVE-2023-32495
7.8 - High
- August 16, 2023
Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability. An authorized local attacker could potentially exploit this vulnerability, leading to escalation of privileges.
Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability
CVE-2023-32493
9.8 - Critical
- August 16, 2023
Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution.
Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability
CVE-2023-32492
7.1 - High
- August 16, 2023
Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files.
Incorrect Default Permissions
Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3
CVE-2023-32491
6.5 - Medium
- August 16, 2023
Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure.
Insertion of Sensitive Information into Log File
Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability
CVE-2023-32490
6.7 - Medium
- August 16, 2023
Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability. A high privilege local attacker could potentially exploit this vulnerability, leading to system takeover.
Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability
CVE-2023-32489
6.7 - Medium
- August 16, 2023
Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain elevated privileges.
Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS
CVE-2023-32488
4.3 - Medium
- August 16, 2023
Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.
Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability
CVE-2023-32487
7.8 - High
- August 16, 2023
Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service, code execution and information disclosure.
Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability
CVE-2023-32494
6.7 - Medium
- August 16, 2023
Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.
Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability
CVE-2023-32450
7.8 - High
- July 27, 2023
Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.
Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability
CVE-2023-32468
4.9 - Medium
- July 26, 2023
Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure of this sensitive data.
Insertion of Sensitive Information into Log File
Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability
CVE-2023-32478
4.9 - Medium
- July 21, 2023
Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.
Insertion of Sensitive Information into Log File
Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability
CVE-2023-32476
5.5 - Medium
- July 20, 2023
Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability. An unauthenticated malicious user on the device can access hard coded secrets in javascript files.
Information Disclosure
Wyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability
CVE-2023-32483
4.4 - Medium
- July 20, 2023
Wyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability. An authenticated malicious user having local access to the system running the application could exploit this vulnerability to read sensitive information written to log files.
Cleartext Storage of Sensitive Information
Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability
CVE-2023-32482
4.9 - Medium
- July 20, 2023
Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group.
AuthZ
Wyse Management Suite versions prior to 4.0 contain a denial-of-service vulnerability
CVE-2023-32481
6.5 - Medium
- July 20, 2023
Wyse Management Suite versions prior to 4.0 contain a denial-of-service vulnerability. An authenticated malicious user can flood the configured SMTP server with numerous requests in order to deny access to the system.
Allocation of Resources Without Limits or Throttling
Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability
CVE-2023-32465
8.8 - High
- June 14, 2023
Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker.
Improper Neutralization of HTTP Headers for Scripting Syntax
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path
CVE-2023-28043
6.5 - Medium
- June 01, 2023
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
Use of a Broken or Risky Cryptographic Algorithm
Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability
CVE-2023-28066
7.8 - High
- June 01, 2023
Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system.
Authorization
Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could dis
CVE-2023-24568
4.3 - Medium
- May 30, 2023
Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates.
Improper Validation of Certificate with Host Mismatch
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability
CVE-2023-28079
7.8 - High
- May 30, 2023
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.
Incorrect Default Permissions
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities
CVE-2023-28080
7.3 - High
- May 30, 2023
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.
DLL preloading
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability
CVE-2023-32448
5.5 - Medium
- May 30, 2023
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems.
Cleartext Storage of Sensitive Information
Dell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility
CVE-2023-23693
8.2 - High
- May 23, 2023
Dell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
Shell injection
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager
CVE-2023-23694
7.8 - High
- May 23, 2023
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
Shell injection
Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability
CVE-2023-28045
7.1 - High
- May 19, 2023
Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data.
Missing Encryption of Sensitive Data
CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability
CVE-2023-28076
7.5 - High
- May 16, 2023
CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure.
Use of a Broken or Risky Cryptographic Algorithm
Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability
CVE-2023-28068
7.8 - High
- May 05, 2023
Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path
Incorrect Permission Assignment for Critical Resource
DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability
CVE-2023-25934
7.5 - High
- May 04, 2023
DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.
Improper Verification of Cryptographic Signature
Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability
CVE-2023-28070
7.8 - High
- May 03, 2023
Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation.
Authorization
Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation
CVE-2023-28047
7.8 - High
- April 20, 2023
Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges.
Least Privilege Violation
Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability
CVE-2023-28062
8.8 - High
- April 11, 2023
Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions.
Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability
CVE-2023-28051
7.8 - High
- April 07, 2023
Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system.
Dell Display Manager
CVE-2023-28046
7.1 - High
- April 06, 2023
Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges.
Least Privilege Violation
Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability
CVE-2023-25542
7.8 - High
- April 06, 2023
Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges.
Incorrect Default Permissions
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability
CVE-2023-28069
5.4 - Medium
- April 05, 2023
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Open Redirect
Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info
CVE-2023-25940
7.8 - High
- April 04, 2023
Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.
insecure temporary file
Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability
CVE-2023-25941
7.8 - High
- April 04, 2023
Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee.
Incorrect Default Permissions
Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability
CVE-2023-25942
6.5 - Medium
- April 04, 2023
Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.
Improper Control of a Resource Through its Lifetime
Dell EMC Unisphere for PowerMax versions before 9.1.0.27
CVE-2021-21548
7.4 - High
- March 17, 2023
Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victims data in transit.
Improper Certificate Validation
Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor
CVE-2023-25536
6.7 - Medium
- March 02, 2023
Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to a potential system takeover.
Exposure of Resource to Wrong Sphere
Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability
CVE-2023-25544
6.5 - Medium
- March 01, 2023
Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.
Exposure of Resource to Wrong Sphere
Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability
CVE-2023-24567
6.5 - Medium
- March 01, 2023
Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.
Exposure of Resource to Wrong Sphere
Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability
CVE-2023-25540
7.1 - High
- February 28, 2023
Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service.
Incorrect Default Permissions
Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability
CVE-2023-24575
7.8 - High
- February 21, 2023
Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system
Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability
CVE-2023-23695
5.9 - Medium
- February 17, 2023
Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.
Use of a Broken or Risky Cryptographic Algorithm
Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm
CVE-2022-22564
5.9 - Medium
- February 14, 2023
Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.
Use of a Broken or Risky Cryptographic Algorithm
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability
CVE-2022-34397
5.7 - Medium
- February 13, 2023
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.
Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation
CVE-2023-23697
3.3 - Low
- February 13, 2023
Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.
insecure temporary file
Dell Command | Integration Suite for System Center
CVE-2023-24572
3.3 - Low
- February 13, 2023
Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.
insecure temporary file
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability
CVE-2022-34447
7.2 - High
- February 11, 2023
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user.
Shell injection
PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability
CVE-2022-34446
8.1 - High
- February 11, 2023
PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration.
Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability
CVE-2022-46675
5.3 - Medium
- February 11, 2023
Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability. A unauthenticated attacker could potentially discover the internal structure of the application and its components and use this information for further vulnerability research.
Generation of Error Message Containing Sensitive Information
Wyse Management Suite 3.8 and below contain an improper access control vulnerability
CVE-2022-46676
4.9 - Medium
- February 11, 2023
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group admin is not authorized.
Wyse Management Suite 3.8 and below contain an improper access control vulnerability with
CVE-2022-46677
4.9 - Medium
- February 11, 2023
Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not authorized.
Wyse Management Suite 3.8 and below contain an improper access control vulnerability
CVE-2022-46678
4.9 - Medium
- February 11, 2023
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized.
Wyse Management Suite 3.8 and below contain an improper access control vulnerability
CVE-2022-46754
6.5 - Medium
- February 11, 2023
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities.
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability
CVE-2022-34451
4.8 - Medium
- February 11, 2023
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server.
XSS
PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability
CVE-2022-34449
6 - Medium
- February 11, 2023
PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application.
Use of Hard-coded Credentials
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability
CVE-2022-34448
8.8 - High
- February 11, 2023
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions.
Session Riding
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability
CVE-2022-45104
8.8 - High
- February 11, 2023
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system.
Shell injection