Dell
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Dell product.
Products by Dell Sorted by Most Security Vulnerabilities since 2018
Known Exploited Dell Vulnerabilities
The following Dell vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Dell dbutil Driver Insufficient Access Control Vulnerability |
Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service, or information disclosure. CVE-2021-21551 Exploit Probability: 0.5% |
March 31, 2022 |
By the Year
In 2025 there have been 11 vulnerabilities in Dell with an average score of 6.6 out of ten. Last year, in 2024 Dell had 218 security vulnerabilities published. Right now, Dell is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.44
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 11 | 6.65 |
| 2024 | 218 | 7.08 |
| 2023 | 163 | 6.95 |
| 2022 | 124 | 7.21 |
| 2021 | 139 | 6.93 |
| 2020 | 34 | 7.38 |
| 2019 | 52 | 7.34 |
| 2018 | 57 | 7.21 |
It may take a day or so for new Dell vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Dell Security Vulnerabilities
Dell PowerProtect DD
CVE-2025-22475
7.5 - High
- February 04, 2025
Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.
Use of a Broken or Risky Cryptographic Algorithm
Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability
CVE-2024-53295
7.8 - High
- February 01, 2025
Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.
Insufficient Granularity of Access Control
Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI
CVE-2024-53296
4.9 - Medium
- February 01, 2025
Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
Memory Corruption
Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability
CVE-2024-51534
7.1 - High
- February 01, 2025
Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service.
Directory traversal
Dell NetWorker
CVE-2025-21107
7.8 - High
- January 30, 2025
Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Unquoted Search Path or Element
Dell Networking Switches running Enterprise SONiC OS
CVE-2025-23374
4.9 - Medium
- January 30, 2025
Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
Insertion of Sensitive Information into Log File
Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
CVE-2025-22394
7 - High
- January 15, 2025
Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and possibly privilege escalation.
TOCTTOU
Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability
CVE-2025-21101
6.3 - Medium
- January 15, 2025
Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. A local malicious user could potentially exploit this vulnerability during installation, leading to arbitrary folder or file deletion.
Race Condition
Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability
CVE-2024-47239
6.5 - Medium
- January 08, 2025
Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service.
Resource Exhaustion
Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability
CVE-2025-22395
7.8 - High
- January 07, 2025
Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker.
Improper Handling of Insufficient Permissions or Privileges
Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability
CVE-2024-47475
5.5 - Medium
- January 06, 2025
Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service.
Incorrect Permission Assignment for Critical Resource
Dell ECS Arithmetic Overflow Vulnerability in Retention Period Handling
CVE-2024-51540
6.5 - Medium
- December 26, 2024
Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete objects.
Integer Overflow or Wraparound
Dell ECS Authentication Bypass by Capture-replay Vulnerability
CVE-2024-52534
5.4 - Medium
- December 25, 2024
Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft.
Authentication Bypass by Capture-replay
Dell NativeEdge Insecure Temporary File Creation Vulnerability
CVE-2024-52543
4.4 - Medium
- December 25, 2024
Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure Permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
Exposure of Resource to Wrong Sphere
Dell NativeEdge Exposure of Sensitive Information Through Metadata Vulnerability
CVE-2024-53291
7.5 - High
- December 25, 2024
Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadata vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Exposure of Sensitive Information Through Metadata
Dell SupportAssist Symlink Attack Vulnerability in Software Remediation Component
CVE-2024-52535
8.8 - High
- December 25, 2024
Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system.
insecure temporary file
Dell NativeEdge Privilege Escalation Vulnerability
CVE-2024-47978
7.8 - High
- December 25, 2024
Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Execution with Unnecessary Privileges
Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability
CVE-2024-51532
7.1 - High
- December 19, 2024
Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
Argument Injection
Dell Inventory Collector Client Improper Link Resolution Vulnerability
CVE-2024-47480
7.8 - High
- December 18, 2024
Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access.
insecure temporary file
Dell AppSync Symbolic Link Following Vulnerability
CVE-2024-52542
5.5 - Medium
- December 17, 2024
Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering.
insecure temporary file
Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability
CVE-2024-47984
6.5 - Medium
- December 13, 2024
Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after reboot, resulting in need of technical support intervention in getting system back to stable state.
Improper Filtering of Special Elements
Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH
CVE-2024-28980
9.8 - Critical
- December 13, 2024
Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.
Use of a Broken or Risky Cryptographic Algorithm
Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability
CVE-2024-24902
5.5 - Medium
- December 13, 2024
Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. A low privileged local attacker could potentially exploit this vulnerability leading to gaining access to unauthorized data for a limited time.
Authorization
Dell RecoverPoint for Virtual Machines OS Command Injection Vulnerability
CVE-2024-48008
6.5 - Medium
- December 13, 2024
Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. An Low privileged remote attacker could potentially exploit this vulnerability leading to information disclosure ,allowing of unintended actions like reading files that may contain sensitive information
Shell injection
Dell RecoverPoint for Virtual Machines Hard-Coded Credentials Vulnerability
CVE-2024-48007
9.8 - Critical
- December 13, 2024
Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data.
Use of Hard-coded Credentials
Dell RecoverPoint for VMs Authentication Bypass Vulnerability
CVE-2024-38488
9.8 - Critical
- December 13, 2024
Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Excessive Authentication vulnerability where a Network attacker could potentially exploit this vulnerability, leading to a brute force attack or a dictionary attack against the RecoverPoint login form and a complete system compromise. This allows attackers to brute-force the password of valid users in an automated manner.
Improper Restriction of Excessive Authentication Attempts
Dell RecoverPoint for Virtual Machines OS Command Injection Vulnerability
CVE-2024-22461
8.8 - High
- December 13, 2024
Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system.
Shell injection
Dell VxVerify Plain-text Password Storage Vulnerability in Shell Wrapper
CVE-2024-53292
6.7 - Medium
- December 11, 2024
Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account.
Insufficiently Protected Credentials
Dell ThinOS Command Injection Vulnerability in Command Execution
CVE-2024-53290
8.4 - High
- December 11, 2024
Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command execution
Command Injection
Dell ThinOS TOCTOU Race Condition Vulnerability
CVE-2024-53289
7 - High
- December 11, 2024
Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
TOCTTOU
Dell Avamar SQL Injection Vulnerability in Database Query Handling
CVE-2024-52538
8.8 - High
- December 10, 2024
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
SQL Injection
Dell Avamar SQL Injection Vulnerability in Database Query
CVE-2024-47977
8.8 - High
- December 10, 2024
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
SQL Injection
Dell Avamar SQL Injection Vulnerability
CVE-2024-47484
9.8 - Critical
- December 10, 2024
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
SQL Injection
Dell OpenManage Server Administrator Improper Input Validation Vulnerability
CVE-2024-45761
8.1 - High
- December 09, 2024
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service.
Improper Input Validation
Dell OpenManage Server Administrator Improper Access Control Vulnerability
CVE-2024-45760
8.8 - High
- December 09, 2024
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with elevated privileges.
AuthZ
Dell PowerScale OneFS Versions 8.2.2.x through 9.9.0.x contain an incorrect specified argument vulnerability
CVE-2024-49603
6.5 - Medium
- December 09, 2024
Dell PowerScale OneFS Versions 8.2.2.x through 9.9.0.x contain an incorrect specified argument vulnerability. A remote low privileged legitimate user could potentially exploit this vulnerability, leading to information disclosure.
Function Call With Incorrectly Specified Argument Value
Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an improper resource unlocking vulnerability
CVE-2024-49602
6.5 - Medium
- December 09, 2024
Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an improper resource unlocking vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service.
Improper Locking
Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain an uncontrolled resource consumption vulnerability
CVE-2024-42426
6.5 - Medium
- December 09, 2024
Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain an uncontrolled resource consumption vulnerability. A low privilege remote attacker could potentially exploit this vulnerability, leading to denial of service.
Resource Exhaustion
Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability
CVE-2024-49600
7.8 - High
- December 09, 2024
Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges.
Authorization
Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability
CVE-2024-38485
4.3 - Medium
- December 09, 2024
Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage.
Open Redirect
Dell NetWorker Authorization Bypass Vulnerability
CVE-2024-42422
7.5 - High
- December 03, 2024
Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Insecure Direct Object Reference / IDOR
Dell NetWorker Management Console Improper Verification of Cryptographic Signature Vulnerability
CVE-2024-47476
7.8 - High
- December 03, 2024
Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Improper Verification of Cryptographic Signature
Dell Wyse Management Suite Authentication Bypass Vulnerability
CVE-2024-49595
4.9 - Medium
- November 26, 2024
Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
Authentication Bypass by Capture-replay
Dell Wyse Management Suite Missing Authorization Vulnerability
CVE-2024-49596
6.5 - Medium
- November 26, 2024
Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion
AuthZ
Dell Wyse Management Suite Authentication Bypass Vulnerability
CVE-2024-49597
7.2 - High
- November 26, 2024
Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.
Improper Restriction of Excessive Authentication Attempts
Dell SmartFabric OS10 Software Privilege Escalation Vulnerability in Command Execution
CVE-2024-48837
7.8 - High
- November 12, 2024
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution
Execution with Unnecessary Privileges
Dell SmartFabric OS10 Software Local Privilege Escalation Vulnerability in Filesystem Access
CVE-2024-48838
3.3 - Low
- November 12, 2024
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.
Files or Directories Accessible to External Parties
Dell SmartFabric OS10 Command Injection Vulnerability in CLI
CVE-2024-49557
7.8 - High
- November 12, 2024
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Command Injection
Dell SmartFabric OS10 Improper Privilege Management Vulnerability in Version 10.5.x
CVE-2024-49558
7.8 - High
- November 12, 2024
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Improper Privilege Management
Dell SmartFabric OS10 Command Injection Vulnerability in CLI
CVE-2024-49560
7.8 - High
- November 12, 2024
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
Command Injection
Dell SONiC OS 4.x Command Injection Flaw - November 2024
CVE-2024-45763
7.2 - High
- November 08, 2024
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.
Shell injection
Dell SONiC OS 4.x Auth Bypass Flaw - November 2024
CVE-2024-45764
9.8 - Critical
- November 08, 2024
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.
Missing Critical Step in Authentication
Dell SONiC OS 4.x Command Injection Flaw - November 2024
CVE-2024-45765
7.2 - High
- November 08, 2024
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability as it allows high privilege OS commands to be executed with a less privileged role; so Dell recommends customers to upgrade at the earliest opportunity.
Shell injection
Dell PowerProtect Privilege Escalation
CVE-2024-45759
7.3 - High
- November 08, 2024
Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to unauthorized execution of certain commands to overwrite system config of the application. Exploitation may lead to denial of service of system.
Dell PowerProtect DD Access Control Bypass
CVE-2024-48010
7.2 - High
- November 08, 2024
Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application.
Authorization
Dell PowerProtect DD 7.7 Info Leak - November 2024
CVE-2024-48011
6.5 - Medium
- November 08, 2024
Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Information Disclosure
Dell PowerProtect DD 7.7 Info Leak - November 2024
CVE-2024-48011
6.5 - Medium
- November 08, 2024
Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Information Disclosure
Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0
CVE-2024-47481
6.5 - Medium
- October 25, 2024
Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service.
Authorization
Dell Data Lakehouse
CVE-2024-47483
5.5 - Medium
- October 25, 2024
Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
SQL Injection
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS
CVE-2024-48016
8.8 - High
- October 18, 2024
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use exposed credentials to access the system with privileges of the compromised account.
Use of a Broken or Risky Cryptographic Algorithm
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability
CVE-2024-47241
8.1 - High
- October 18, 2024
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access and modification of transmitted data.
Improper Certificate Validation
Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability
CVE-2024-47240
6.3 - Medium
- October 18, 2024
Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update failure condition.
Incorrect Default Permissions
Dell OpenManage Enterprise
CVE-2024-45766
8.8 - High
- October 17, 2024
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
Code Injection
Dell OpenManage Enterprise
CVE-2024-45767
6.5 - Medium
- October 17, 2024
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
SQL Injection
Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability
CVE-2024-39586
4.3 - Medium
- October 09, 2024
Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure.
XXE
Dell SmartFabric OS10 Software
CVE-2024-39577
8.8 - High
- September 26, 2024
Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability leading to code execution.
Command Injection
Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability
CVE-2024-37125
7.5 - High
- September 26, 2024
Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. A remote unauthenticated host could potentially exploit this vulnerability leading to a denial of service.
Resource Exhaustion
Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability
CVE-2024-39574
4.4 - Medium
- September 10, 2024
Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.
Improper Privilege Management
Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control vulnerability
CVE-2024-39580
6.7 - Medium
- September 10, 2024
Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Authorization
Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability
CVE-2024-39581
9.8 - Critical
- September 10, 2024
Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to read, modify, and delete arbitrary files.
Files or Directories Accessible to External Parties
Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability
CVE-2024-39582
4.4 - Medium
- September 10, 2024
Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
Use of Hard-coded Credentials
Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability
CVE-2024-39583
9.8 - Critical
- September 10, 2024
Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
Use of a Broken or Risky Cryptographic Algorithm
Dell ThinOS versions 2402 and 2405
CVE-2024-42427
7.6 - High
- September 10, 2024
Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of privileges.
Command Injection
Dell SmartFabric OS10 Software
CVE-2024-38486
8.8 - High
- September 06, 2024
Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
Command Injection
Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability
CVE-2024-39585
8.1 - High
- September 06, 2024
Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side request forgery and Information disclosure.
Use of Hard-coded Credentials
Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability
CVE-2024-37136
4.9 - Medium
- September 03, 2024
Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information exposure.
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability
CVE-2024-39578
6.3 - Medium
- August 31, 2024
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.
insecure temporary file
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability
CVE-2024-39579
6.7 - Medium
- August 31, 2024
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.
Incorrect Privilege Assignment
Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion
CVE-2023-43078
7.3 - High
- August 28, 2024
Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.
insecure temporary file
Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability
CVE-2024-39576
8.8 - High
- August 22, 2024
Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.
Incorrect Privilege Assignment
Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module
CVE-2023-22576
7.8 - High
- August 21, 2024
Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service.
Improper Privilege Management
Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer
CVE-2024-38305
7.3 - High
- August 21, 2024
Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with elevated privileges.
Untrusted Path
Dell Command | Update
CVE-2024-28962
7.5 - High
- August 06, 2024
Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
Externally Controlled Reference to a Resource in Another Sphere
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component
CVE-2024-38482
7.2 - High
- August 02, 2024
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database.
Improper Check or Handling of Exceptional Conditions
Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability
CVE-2024-28972
7.5 - High
- August 01, 2024
Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure.
Use of a Broken or Risky Cryptographic Algorithm
Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability
CVE-2024-25948
4.4 - Medium
- August 01, 2024
Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.
Memory Corruption
Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability
CVE-2024-38481
4.4 - Medium
- August 01, 2024
Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.
Out-of-bounds Read
Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability
CVE-2024-38489
4.4 - Medium
- August 01, 2024
Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event.
Memory Corruption
Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability
CVE-2024-38490
4.4 - Medium
- August 01, 2024
Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.
Memory Corruption
Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability
CVE-2024-25947
4.4 - Medium
- August 01, 2024
Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.
Memory Corruption
DM5500 5.16.0.0, contains an information disclosure vulnerability
CVE-2024-37135
4.4 - Medium
- July 31, 2024
DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
Unprotected Storage of Credentials
Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability
CVE-2024-37127
7.8 - High
- July 31, 2024
Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege
DLL preloading
Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability
CVE-2024-37129
7.8 - High
- July 31, 2024
Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system.
Directory traversal
Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability
CVE-2024-32857
7.8 - High
- July 31, 2024
Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege
DLL preloading
Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability
CVE-2024-37142
7.8 - High
- July 31, 2024
Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege
DLL preloading
Dell BSAFE Crypto-C Micro Edition
CVE-2023-28074
7.1 - High
- July 31, 2024
Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
Out-of-bounds Read
Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability
CVE-2023-32466
5.7 - Medium
- July 24, 2024
Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege.
Memory Corruption
Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data vulnerability in the DDAE (Starburst)
CVE-2024-38302
5.7 - Medium
- July 18, 2024
Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data vulnerability in the DDAE (Starburst). A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.
Missing Encryption of Sensitive Data
Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management
CVE-2024-30473
6.5 - Medium
- July 18, 2024
Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points.
Improper Privilege Management
Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability
CVE-2024-38301
7.8 - High
- July 10, 2024
Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure.
Insufficient Isolation of Symbolic Constant Definitions