Dell Dell

Do you want an email whenever new security vulnerabilities are reported in any Dell product?

Products by Dell Sorted by Most Security Vulnerabilities since 2018

Dell Emc Powerscale Onefs75 vulnerabilities

Dell Powerscale Onefs37 vulnerabilities

Dell Wyse Management Suite33 vulnerabilities

Dell Bsafe Micro Edition Suite26 vulnerabilities

Dell Bsafe23 vulnerabilities

Dell Emc Networker17 vulnerabilities

Dell Bsafe Ssl J16 vulnerabilities

Dell Idrac9 Firmware15 vulnerabilities

Dell Powermax Os14 vulnerabilities

Dell Emc Isilon Onefs13 vulnerabilities

Dell Emc Avamar Server11 vulnerabilities

Dell Secure Connect Gateway11 vulnerabilities

Dell Command Update10 vulnerabilities

Dell Hybrid Client10 vulnerabilities

Dell Bsafe Crypto C9 vulnerabilities

Dell Bsafe Crypto J9 vulnerabilities

Dell Emc Idrac9 Firmware9 vulnerabilities

Dell Networking Os109 vulnerabilities

Dell Idrac8 Firmware7 vulnerabilities

Dell Alienware Update7 vulnerabilities

Dell Cloudlink7 vulnerabilities

Dell Openmanage Enterprise7 vulnerabilities

Dell Bsafe Ssl C6 vulnerabilities

Dell Update6 vulnerabilities

Dell Insightiq6 vulnerabilities

Dell Emc Appsync6 vulnerabilities

Dell Emc Isilon6 vulnerabilities

Dell Geodrive6 vulnerabilities

Dell Emc Unisphere6 vulnerabilities

Dell Encryption5 vulnerabilities

Dell Digital Delivery5 vulnerabilities

Dell Emc Avamar5 vulnerabilities

Dell Emc Cloud Link5 vulnerabilities

Dell Smartfabric Os105 vulnerabilities

Dell Solutions Enabler5 vulnerabilities

Dell Idrac7 Firmware5 vulnerabilities

Dell Unisphere For Powermax4 vulnerabilities

Dell Unisphere 3604 vulnerabilities

Dell Commandconfigure4 vulnerabilities

Dell Emc Vipr Srm4 vulnerabilities

Dell Peripheral Manager4 vulnerabilities

Dell Display Manager4 vulnerabilities

Dell Wyse Device Agent4 vulnerabilities

Dell Rugged Control Center4 vulnerabilities

Dell Emc Recoverpoint4 vulnerabilities

Dell Bsafe Cert J3 vulnerabilities

Dell Bsafe Share3 vulnerabilities

Dell Command Monitor3 vulnerabilities

Dell Repository Manager3 vulnerabilities

Dell Powerstoreos3 vulnerabilities

Dell Vasa3 vulnerabilities

Dell Emc Mr3 vulnerabilities

Dell Networker3 vulnerabilities

Dell Os Recovery Tool3 vulnerabilities

Dell Emc Scaleio3 vulnerabilities

Dell Powerpath3 vulnerabilities

Known Exploited Dell Vulnerabilities

The following Dell vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Dell dbutil Driver Insufficient Access Control Vulnerability Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service, or information disclosure. CVE-2021-21551 March 31, 2022

By the Year

In 2024 there have been 97 vulnerabilities in Dell with an average score of 6.8 out of ten. Last year Dell had 163 security vulnerabilities published. Right now, Dell is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 0.16

Year Vulnerabilities Average Score
2024 97 6.80
2023 163 6.95
2022 124 7.21
2021 139 6.93
2020 34 7.38
2019 52 7.34
2018 57 7.21

It may take a day or so for new Dell vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Dell Security Vulnerabilities

Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0

CVE-2024-47481 6.5 - Medium - October 25, 2024

Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service.

Authorization

Dell Data Lakehouse

CVE-2024-47483 5.5 - Medium - October 25, 2024

Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

SQL Injection

Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability

CVE-2024-47240 6.3 - Medium - October 18, 2024

Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update failure condition.

Incorrect Default Permissions

Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability

CVE-2024-39586 4.3 - Medium - October 09, 2024

Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure.

XXE

Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability

CVE-2024-39574 4.4 - Medium - September 10, 2024

Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.

Improper Privilege Management

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control vulnerability

CVE-2024-39580 6.7 - Medium - September 10, 2024

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Authorization

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability

CVE-2024-39581 9.8 - Critical - September 10, 2024

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to read, modify, and delete arbitrary files.

Files or Directories Accessible to External Parties

Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability

CVE-2024-39582 4.4 - Medium - September 10, 2024

Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Use of Hard-coded Credentials

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability

CVE-2024-39583 9.8 - Critical - September 10, 2024

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

Use of a Broken or Risky Cryptographic Algorithm

Dell SmartFabric OS10 Software

CVE-2024-38486 8.8 - High - September 06, 2024

Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Command Injection

Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability

CVE-2024-39585 8.1 - High - September 06, 2024

Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side request forgery and Information disclosure.

Use of Hard-coded Credentials

Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability

CVE-2024-37136 4.9 - Medium - September 03, 2024

Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information exposure.

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability

CVE-2024-39578 6.3 - Medium - August 31, 2024

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.

insecure temporary file

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability

CVE-2024-39579 6.7 - Medium - August 31, 2024

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.

Incorrect Privilege Assignment

Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module

CVE-2023-22576 7.8 - High - August 21, 2024

Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service.

Improper Privilege Management

Dell Command | Update

CVE-2024-28962 7.5 - High - August 06, 2024

Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

Externally Controlled Reference to a Resource in Another Sphere

CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component

CVE-2024-38482 7.2 - High - August 02, 2024

CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database.

Improper Check or Handling of Exceptional Conditions

Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability

CVE-2024-28972 7.5 - High - August 01, 2024

Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure.

Use of a Broken or Risky Cryptographic Algorithm

Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability

CVE-2024-25948 4.4 - Medium - August 01, 2024

Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.

Memory Corruption

Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability

CVE-2024-38481 4.4 - Medium - August 01, 2024

Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.

Out-of-bounds Read

Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability

CVE-2024-38489 4.4 - Medium - August 01, 2024

Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event.

Memory Corruption

Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability

CVE-2024-38490 4.4 - Medium - August 01, 2024

Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.

Memory Corruption

Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability

CVE-2024-25947 4.4 - Medium - August 01, 2024

Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.

Memory Corruption

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability

CVE-2024-37127 7.8 - High - July 31, 2024

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege

DLL preloading

Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability

CVE-2024-37129 7.8 - High - July 31, 2024

Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system.

Directory traversal

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability

CVE-2024-32857 7.8 - High - July 31, 2024

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege

DLL preloading

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability

CVE-2024-37142 7.8 - High - July 31, 2024

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege

DLL preloading

Dell BSAFE Crypto-C Micro Edition

CVE-2023-28074 7.1 - High - July 31, 2024

Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

Out-of-bounds Read

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability

CVE-2023-32466 5.7 - Medium - July 24, 2024

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege.

Memory Corruption

Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability

CVE-2024-38301 7.8 - High - July 10, 2024

Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure.

Insufficient Isolation of Symbolic Constant Definitions

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability

CVE-2024-37126 6.7 - Medium - July 02, 2024

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access.

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability

CVE-2024-37132 6.7 - Medium - July 02, 2024

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Elevation of privileges.

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability

CVE-2024-37133 6.7 - Medium - July 02, 2024

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access.

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability

CVE-2024-37134 6.7 - Medium - July 02, 2024

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographic algorithm vulnerability

CVE-2024-32852 7.5 - High - July 02, 2024

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographic algorithm vulnerability. An unprivileged network malicious attacker could potentially exploit this vulnerability, leading to data leaks.

Use of a Broken or Risky Cryptographic Algorithm

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability

CVE-2024-32853 7.8 - High - July 02, 2024

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability

CVE-2024-32854 6.7 - Medium - July 02, 2024

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to privilege escalation.

Dell PowerProtect DD

CVE-2024-37138 6.8 - Medium - June 26, 2024

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system.

Relative Path Traversal

Dell PowerProtect DD

CVE-2024-37139 6.5 - Medium - June 26, 2024

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource constraint of system application. Exploitation may lead to denial of service of the application.

Improper Control of a Resource Through its Lifetime

Dell PowerProtect DD

CVE-2024-37140 8.8 - High - June 26, 2024

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Shell injection

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability

CVE-2024-37141 3.5 - Low - June 26, 2024

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.

Open Redirect

Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability

CVE-2024-29174 4.4 - Medium - June 26, 2024

Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data.

SQL Injection

Dell PowerProtect Data Domain

CVE-2024-29175 5.9 - Medium - June 26, 2024

Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information.

Use of a Broken or Risky Cryptographic Algorithm

Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability

CVE-2024-29176 8.8 - High - June 26, 2024

Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

Memory Corruption

Dell PowerProtect DD

CVE-2024-29177 2.7 - Low - June 26, 2024

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain unauthorized access to the application report.

Insertion of Sensitive Information into Log File

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user

CVE-2024-28965 5.4 - Medium - June 13, 2024

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.

Authorization

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user

CVE-2024-28966 5.4 - Medium - June 13, 2024

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.

Authorization

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user

CVE-2024-28967 5.4 - Medium - June 13, 2024

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.

Authorization

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user

CVE-2024-28968 5.4 - Medium - June 13, 2024

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.

Authorization

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user

CVE-2024-28969 4.3 - Medium - June 13, 2024

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources.

Authorization

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API

CVE-2024-29168 8.8 - High - June 13, 2024

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data.

SQL Injection

Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools

CVE-2024-28964 7.8 - High - June 12, 2024

Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file.

Marshaling, Unmarshaling

Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability

CVE-2024-25949 8.8 - High - June 12, 2024

Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges.

AuthZ

Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability

CVE-2024-28978 6.5 - Medium - May 01, 2024

Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources.

Authorization

Dell OpenManage Enterprise

CVE-2024-28979 4.8 - Medium - May 01, 2024

Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

XSS

In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00)

CVE-2023-44294 6.5 - Medium - February 14, 2024

In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database.

SQL Injection

Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability

CVE-2023-25535 6.5 - Medium - February 14, 2024

Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 2023

Improper Privilege Management

Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability

CVE-2023-39249 5.3 - Medium - February 14, 2024

Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes.

In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1)

CVE-2023-44283 7.8 - High - February 14, 2024

In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.

Authorization

In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00)

CVE-2023-44293 6.5 - Medium - February 14, 2024

In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database.

SQL Injection

Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability

CVE-2024-22455 4.6 - Medium - February 14, 2024

Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks.

Insecure Direct Object Reference / IDOR

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords

CVE-2024-22454 8.8 - High - February 13, 2024

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change

Weak Password Recovery Mechanism for Forgotten Password

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability

CVE-2024-22445 7.2 - High - February 13, 2024

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Shell injection

Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility

CVE-2024-0168 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges.

Shell injection

Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability

CVE-2024-22221 6.5 - Medium - February 12, 2024

Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading to exposure of sensitive information.

SQL Injection

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility

CVE-2024-22222 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Shell injection

Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility

CVE-2024-22226 6.5 - Medium - February 12, 2024

Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges.

Directory traversal

Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility

CVE-2024-0164 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges.

Shell injection

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility

CVE-2024-0165 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.

Shell injection

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility

CVE-2024-0166 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges.

Shell injection

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility

CVE-2024-0167 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges.

Shell injection

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility

CVE-2024-0170 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Shell injection

Dell Unity

CVE-2024-0169 5.4 - Medium - February 12, 2024

Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

XSS

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility

CVE-2024-22223 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Shell injection

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility

CVE-2024-22224 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Shell injection

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility

CVE-2024-22225 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.

Shell injection

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility

CVE-2024-22227 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands with root privileges.

Shell injection

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility

CVE-2024-22228 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Shell injection

Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability

CVE-2024-22230 5.4 - Medium - February 12, 2024

Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control the victim's browser.

XSS

Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability

CVE-2023-28077 4.4 - Medium - February 10, 2024

Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.

Information Disclosure

Dell EMC AppSync, versions

CVE-2024-22464 6.8 - Medium - February 08, 2024

Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.

Insertion of Sensitive Information into Log File

Dell Display Manager application, version 2.1.1.17, contains a vulnerability

CVE-2023-32451 7.8 - High - February 06, 2024

Dell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation

Improper Privilege Management

Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point

CVE-2023-32474 6.6 - Medium - February 06, 2024

Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion

insecure temporary file

Dell Encryption

CVE-2023-32479 7.8 - High - February 06, 2024

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.

DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability

CVE-2023-32454 7.1 - High - February 06, 2024

DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service

insecure temporary file

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search

CVE-2024-22433 9.8 - Critical - February 06, 2024

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.

Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service

CVE-2023-25543 7.8 - High - February 06, 2024

Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system.

Improper Handling of Exceptional Conditions

Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability

CVE-2023-28049 7.1 - High - February 06, 2024

Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete.

Improper Privilege Management

Dell BSAFE Micro Edition Suite

CVE-2021-21575 9.8 - Critical - February 02, 2024

Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.

Side Channel Attack

Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5

CVE-2022-34381 9.8 - Critical - February 02, 2024

Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.

Dell BSAFE Crypto-C Micro Edition

CVE-2020-29504 9.8 - Critical - February 02, 2024

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.

Improper Certificate Validation

Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability

CVE-2024-22430 5.5 - Medium - February 01, 2024

Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service.

Incorrect Default Permissions

Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability

CVE-2024-22449 7.8 - High - February 01, 2024

Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access.

Missing Authentication for Critical Function

Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups

CVE-2024-22432 6.5 - Medium - January 25, 2024

Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account.

Insufficiently Protected Credentials

Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker

CVE-2024-22229 4.3 - Medium - January 24, 2024

Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities.

Output Sanitization

Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability

CVE-2023-44281 7.1 - High - January 24, 2024

Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial of Service.

Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability

CVE-2024-22428 7.8 - High - January 16, 2024

Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity.

Incorrect Default Permissions

Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer

CVE-2023-48670 7.8 - High - December 22, 2023

Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges.

Untrusted Path

Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component

CVE-2023-28053 5.3 - Medium - December 18, 2023

Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure.

Use of a Broken or Risky Cryptographic Algorithm

Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability

CVE-2023-48671 7.5 - High - December 14, 2023

Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A remote attacker could potentially exploit this vulnerability leading to obtain sensitive information that may aid in further attacks.

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.