Dell
Products by Dell Sorted by Most Security Vulnerabilities since 2018
@dell Tweets

Fri Mar 17 20:45:00 +0000 2023

Fri Mar 17 19:59:58 +0000 2023
By the Year
In 2023 there have been 71 vulnerabilities in Dell with an average score of 6.8 out of ten. Last year Dell had 124 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Dell in 2023 could surpass last years number. Last year, the average CVE base score was greater by 0.37
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 71 | 6.84 |
2022 | 124 | 7.21 |
2021 | 139 | 6.93 |
2020 | 34 | 7.38 |
2019 | 52 | 7.34 |
2018 | 57 | 7.21 |
It may take a day or so for new Dell vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Dell Security Vulnerabilities
Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor
CVE-2023-25536
6.7 - Medium
- March 02, 2023
Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to a potential system takeover.
Exposure of Resource to Wrong Sphere
Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability
CVE-2023-24567
6.5 - Medium
- March 01, 2023
Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.
Exposure of Resource to Wrong Sphere
Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability
CVE-2023-25544
6.5 - Medium
- March 01, 2023
Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.
Exposure of Resource to Wrong Sphere
Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability
CVE-2023-25540
7.1 - High
- February 28, 2023
Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service.
Incorrect Default Permissions
Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability
CVE-2023-24575
7.8 - High
- February 21, 2023
Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system
Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability
CVE-2023-23695
5.9 - Medium
- February 17, 2023
Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.
Use of a Broken or Risky Cryptographic Algorithm
Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm
CVE-2022-22564
5.9 - Medium
- February 14, 2023
Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.
Use of a Broken or Risky Cryptographic Algorithm
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability
CVE-2022-34397
5.7 - Medium
- February 13, 2023
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.
AuthZ
Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation
CVE-2023-23697
3.3 - Low
- February 13, 2023
Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.
insecure temporary file
Dell Command | Integration Suite for System Center
CVE-2023-24572
3.3 - Low
- February 13, 2023
Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.
insecure temporary file
Dell SupportAssist Client Consumer (version 3.11.1 and prior)
CVE-2022-34384
7.8 - High
- February 11, 2023
Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.
Improper Privilege Management
SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability
CVE-2022-34385
5.5 - Medium
- February 11, 2023
SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.
Inadequate Encryption Strength
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability
CVE-2022-34386
5.5 - Medium
- February 11, 2023
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.
Use of Hard-coded Credentials
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability
CVE-2022-34387
7.8 - High
- February 11, 2023
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system.
Exposure of Resource to Wrong Sphere
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability
CVE-2022-34388
7.1 - High
- February 11, 2023
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application.
Cleartext Storage of Sensitive Information
Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component
CVE-2022-34389
5.3 - Medium
- February 11, 2023
Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician.
Improper Restriction of Excessive Authentication Attempts
SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability
CVE-2022-34392
5.5 - Medium
- February 11, 2023
SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information.
Insufficient Session Expiration
Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module
CVE-2022-34404
6 - Medium
- February 11, 2023
Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service.
Improper Certificate Validation
Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability
CVE-2022-34444
7.5 - High
- February 11, 2023
Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak.
Use of a Broken or Risky Cryptographic Algorithm
Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password
CVE-2022-34445
4.4 - Medium
- February 11, 2023
Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.
Inadequate Encryption Strength
PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability
CVE-2022-34446
8.1 - High
- February 11, 2023
PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration.
authentification
Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability
CVE-2022-46675
5.3 - Medium
- February 11, 2023
Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability. A unauthenticated attacker could potentially discover the internal structure of the application and its components and use this information for further vulnerability research.
Generation of Error Message Containing Sensitive Information
Wyse Management Suite 3.8 and below contain an improper access control vulnerability
CVE-2022-46676
4.9 - Medium
- February 11, 2023
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group admin is not authorized.
Wyse Management Suite 3.8 and below contain an improper access control vulnerability with
CVE-2022-46677
4.9 - Medium
- February 11, 2023
Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not authorized.
Wyse Management Suite 3.8 and below contain an improper access control vulnerability
CVE-2022-46678
4.9 - Medium
- February 11, 2023
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized.
Wyse Management Suite 3.8 and below contain an improper access control vulnerability
CVE-2022-46754
6.5 - Medium
- February 11, 2023
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities.
Wyse Management Suite 3.8 and below contain an improper access control vulnerability
CVE-2022-46755
4.9 - Medium
- February 11, 2023
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized.
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability
CVE-2022-34447
7.2 - High
- February 11, 2023
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user.
Shell injection
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability
CVE-2022-34448
8.8 - High
- February 11, 2023
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions.
Session Riding
PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability
CVE-2022-34449
6 - Medium
- February 11, 2023
PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application.
Use of Hard-coded Credentials
PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability
CVE-2022-34450
6.7 - Medium
- February 11, 2023
PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root.
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability
CVE-2022-34451
4.8 - Medium
- February 11, 2023
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server.
XSS
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability
CVE-2022-45104
8.8 - High
- February 11, 2023
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system.
Shell injection
Dell BSAFE SSL-J when used in debug mode can reveal unnecessary information
CVE-2022-34364
4.4 - Medium
- February 10, 2023
Dell BSAFE SSL-J when used in debug mode can reveal unnecessary information. An attacker could potentially exploit this vulnerability and have access to private information.
Exposure of Resource to Wrong Sphere
Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability
CVE-2022-34366
6.5 - Medium
- February 10, 2023
Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.
Incorrect Comparison
Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities
CVE-2022-33934
4.8 - Medium
- February 10, 2023
Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields.
XSS
Dell Command | Update
CVE-2023-23698
7.1 - High
- February 10, 2023
Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete.
Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability
CVE-2023-24569
7.8 - High
- February 10, 2023
Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.
Improper Input Validation
Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation
CVE-2023-24573
7.1 - High
- February 10, 2023
Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability
CVE-2022-34452
2.7 - Low
- February 10, 2023
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs.
Exposure of Resource to Wrong Sphere
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow
CVE-2022-34454
6.7 - Medium
- February 10, 2023
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters.
Memory Corruption
Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability
CVE-2023-23696
7.8 - High
- February 07, 2023
Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system.
AuthZ
EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker Client execution service (nsrexecd) irrespective of any auth used.
CVE-2023-24576
9.8 - Critical
- February 03, 2023
EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker Client execution service (nsrexecd) irrespective of any auth used.
Code Injection
Dell Enterprise SONiC OS
CVE-2023-24574
7.5 - High
- February 02, 2023
Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users.
Resource Exhaustion
Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool
CVE-2023-22573
5.5 - Medium
- February 01, 2023
Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure.
Insertion of Sensitive Information into Log File
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module
CVE-2023-22574
8.1 - High
- February 01, 2023
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service.
Insertion of Sensitive Information into Log File
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog
CVE-2023-22575
8.8 - High
- February 01, 2023
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges.
Insertion of Sensitive Information into Log File
Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability
CVE-2023-23692
8.8 - High
- February 01, 2023
Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.
Shell injection
Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api
CVE-2023-22572
7.8 - High
- February 01, 2023
Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover.
Insertion of Sensitive Information into Log File
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability
CVE-2022-46756
6.7 - Medium
- February 01, 2023
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Exposure of Resource to Wrong Sphere
Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability
CVE-2022-34396
7.8 - High
- February 01, 2023
Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise.
DLL preloading
Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability
CVE-2022-45102
6.1 - Medium
- February 01, 2023
Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web cache or trigger redirections.
Output Sanitization
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability
CVE-2022-45100
9.8 - Critical
- February 01, 2023
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system.
Improper Certificate Validation
Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password
CVE-2022-45099
7.8 - High
- February 01, 2023
Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise
Incorrect Default Permissions
Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability
CVE-2022-46679
7.5 - High
- February 01, 2023
Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.
Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component
CVE-2022-45098
5.5 - Medium
- February 01, 2023
Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure.
Cleartext Storage of Sensitive Information
Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue
CVE-2022-45096
6.5 - Medium
- February 01, 2023
Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information.
Clickjacking
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS
CVE-2022-45101
9.8 - Critical
- February 01, 2023
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution.
Improper Privilege Management
Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability
CVE-2022-45097
8.8 - High
- February 01, 2023
Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.
Incorrect Default Permissions
Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability
CVE-2022-45095
6.7 - Medium
- February 01, 2023
Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion.
Command Injection
Dell Command | Update
CVE-2022-34459
7.8 - High
- February 01, 2023
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.
Improper Verification of Cryptographic Signature
Dell Command | Update
CVE-2022-34458
5.5 - Medium
- February 01, 2023
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data.
Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint
CVE-2022-34443
7.8 - High
- February 01, 2023
Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint. A Local Low Privilege attacker could potentially exploit this vulnerability, leading to an Escalation of privileges.
Improper Input Validation
Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability
CVE-2023-23690
7 - High
- January 19, 2023
Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.
Improper Certificate Validation
Dell Unisphere for PowerMax vApp
CVE-2022-45103
6.5 - Medium
- January 18, 2023
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.
Information Disclosure
Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path
CVE-2022-34457
7.8 - High
- January 18, 2023
Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.
Exposure of Resource to Wrong Sphere
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability
CVE-2022-34442
9.8 - Critical
- January 18, 2023
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges.
Use of Hard-coded Credentials
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability
CVE-2022-34462
7.8 - High
- January 18, 2023
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges.
Use of Hard-coded Credentials
Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability
CVE-2022-34456
8.8 - High
- January 18, 2023
Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application.
Code Injection
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability
CVE-2022-34441
9.8 - Critical
- January 11, 2023
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges.
Use of Hard-coded Credentials
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability
CVE-2022-34440
9.8 - Critical
- January 11, 2023
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges.
Use of Hard-coded Credentials
The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding
CVE-2020-5355
4.3 - Medium
- October 21, 2022
The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended.
Incorrect Default Permissions
Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability
CVE-2022-26870
9.8 - Critical
- October 21, 2022
Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit.
authentification
Dell PowerScale OneFS
CVE-2022-31239
4.4 - Medium
- October 21, 2022
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data.
Insertion of Sensitive Information into Log File
Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability
CVE-2022-34437
6.7 - Medium
- October 21, 2022
Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters.
Shell injection
Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error
CVE-2022-34438
6.7 - Medium
- October 21, 2022
Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters.
Improper Privilege Management
Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability
CVE-2022-34439
7.5 - High
- October 21, 2022
Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node.
Allocation of Resources Without Limits or Throttling
Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerability in the reporting function
CVE-2022-33937
7.1 - High
- October 12, 2022
Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server filesystem, with the privileges of the GeoDrive service: NT AUTHORITY\SYSTEM.
Directory traversal
Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities
CVE-2022-33922
7.8 - High
- October 12, 2022
Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earliest opportunity.
Incorrect Default Permissions
Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities
CVE-2022-33921
7.8 - High
- October 12, 2022
Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.
DLL preloading
Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability
CVE-2022-33920
7.8 - High
- October 12, 2022
Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.
Unquoted Search Path or Element
Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure vulnerability
CVE-2022-33918
5.5 - Medium
- October 12, 2022
Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure vulnerability. An authenticated non-admin user could potentially exploit this vulnerability and gain access to sensitive information.
Cleartext Storage of Sensitive Information
Dell GeoDrive, versions 2.1 - 2.2, contains an information disclosure vulnerability in GUI
CVE-2022-33919
7.8 - High
- October 12, 2022
Dell GeoDrive, versions 2.1 - 2.2, contains an information disclosure vulnerability in GUI. An authenticated non-admin user could potentially exploit this vulnerability and view sensitive information.
Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries
CVE-2022-34426
8.8 - High
- October 11, 2022
Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional access to path outside of restricted directory.
Directory traversal
Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database
CVE-2022-34434
6.7 - Medium
- October 11, 2022
Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application.
AuthZ
Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries
CVE-2022-34427
8.8 - High
- October 11, 2022
Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command execution.
Shell injection
Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI
CVE-2022-34430
7.5 - High
- October 11, 2022
Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.
XEE
Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability
CVE-2022-34431
6.5 - Medium
- October 11, 2022
Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible.
Dell Hybrid Client below 1.8 version contains a gedit vulnerability
CVE-2022-34432
8.2 - High
- October 11, 2022
Dell Hybrid Client below 1.8 version contains a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders.
Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH
CVE-2022-34425
7.5 - High
- October 10, 2022
Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.
Use of Hard-coded Credentials
Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI
CVE-2022-34428
2.7 - Low
- September 30, 2022
Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.
Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI
CVE-2022-34429
7.1 - High
- September 30, 2022
Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.
Directory traversal
Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability
CVE-2022-34424
7.5 - High
- September 28, 2022
Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans.
Memory Corruption
Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist
CVE-2022-34394
3.7 - Low
- September 28, 2022
Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could be leveraged by attackers to conduct man-in-the-middle attacks to gain access to the Support Assist information.
Improper Certificate Validation
Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability
CVE-2022-29089
4.9 - Medium
- September 28, 2022
Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.
Insufficiently Protected Credentials
Dell Command Update
CVE-2022-34382
7.8 - High
- September 02, 2022
Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges.
Improper Privilege Management
Dell PowerScale OneFS
CVE-2022-34378
5.5 - Medium
- September 02, 2022
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service.
Directory traversal
Dell PowerScale OneFS
CVE-2022-34371
9.8 - Critical
- September 02, 2022
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise.
Cleartext Transmission of Sensitive Information
Dell PowerScale OneFS
CVE-2022-34369
7.5 - High
- September 02, 2022
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data.
Insertion of Sensitive Information into Log File
Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability
CVE-2022-34379
9.8 - Critical
- September 01, 2022
Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system.
authentification