Dell Dell

Do you want an email whenever new security vulnerabilities are reported in any Dell product?

Products by Dell Sorted by Most Security Vulnerabilities since 2018

Dell Emc Powerscale Onefs75 vulnerabilities

Dell Wyse Management Suite33 vulnerabilities

Dell Powerscale Onefs28 vulnerabilities

Dell Bsafe Micro Edition Suite25 vulnerabilities

Dell Bsafe23 vulnerabilities

Dell Emc Networker17 vulnerabilities

Dell Bsafe Ssl J16 vulnerabilities

Dell Idrac9 Firmware15 vulnerabilities

Dell Powermax Os14 vulnerabilities

Dell Emc Isilon Onefs13 vulnerabilities

Dell Emc Avamar Server11 vulnerabilities

Dell Hybrid Client10 vulnerabilities

Dell Bsafe Crypto C9 vulnerabilities

Dell Bsafe Crypto J9 vulnerabilities

Dell Command Update9 vulnerabilities

Dell Emc Idrac9 Firmware9 vulnerabilities

Dell Networking Os108 vulnerabilities

Dell Idrac8 Firmware7 vulnerabilities

Dell Alienware Update6 vulnerabilities

Dell Bsafe Ssl C6 vulnerabilities

Dell Cloudlink6 vulnerabilities

Dell Emc Isilon6 vulnerabilities

Dell Geodrive6 vulnerabilities

Dell Emc Unisphere6 vulnerabilities

Dell Openmanage Enterprise5 vulnerabilities

Dell Update5 vulnerabilities

Dell Digital Delivery5 vulnerabilities

Dell Emc Appsync5 vulnerabilities

Dell Emc Avamar5 vulnerabilities

Dell Emc Cloud Link5 vulnerabilities

Dell Solutions Enabler5 vulnerabilities

Dell Encryption5 vulnerabilities

Dell Idrac7 Firmware5 vulnerabilities

Dell Rugged Control Center4 vulnerabilities

Dell Wyse Device Agent4 vulnerabilities

Dell Commandconfigure4 vulnerabilities

Dell Display Manager4 vulnerabilities

Dell Emc Vipr Srm4 vulnerabilities

Dell Unisphere For Powermax4 vulnerabilities

Dell Emc Recoverpoint4 vulnerabilities

Dell Unisphere 3604 vulnerabilities

Dell Bsafe Cert J3 vulnerabilities

Dell Bsafe Share3 vulnerabilities

Dell Command Monitor3 vulnerabilities

Dell Smartfabric Os103 vulnerabilities

Dell Powerstoreos3 vulnerabilities

Dell Emc Mr3 vulnerabilities

Dell Networker3 vulnerabilities

Dell Power Manager3 vulnerabilities

Dell Vasa3 vulnerabilities

Dell Emc Scaleio3 vulnerabilities

Dell Powerpath3 vulnerabilities

Dell Os Recovery Tool3 vulnerabilities

Dell Repository Manager2 vulnerabilities

Dell Emc Idrac72 vulnerabilities

Dell Emc Idrac82 vulnerabilities

Dell Emc Idrac8 Firmware2 vulnerabilities

Dell Secure Connect Gateway2 vulnerabilities

Known Exploited Dell Vulnerabilities

The following Dell vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Dell dbutil Driver Insufficient Access Control Vulnerability Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service, or information disclosure. CVE-2021-21551 March 31, 2022

By the Year

In 2024 there have been 36 vulnerabilities in Dell with an average score of 7.4 out of ten. Last year Dell had 163 security vulnerabilities published. Right now, Dell is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.46.

Year Vulnerabilities Average Score
2024 36 7.42
2023 163 6.95
2022 124 7.21
2021 139 6.93
2020 34 7.38
2019 52 7.34
2018 57 7.21

It may take a day or so for new Dell vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Dell Security Vulnerabilities

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords

CVE-2024-22454 8.8 - High - February 13, 2024

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change

Weak Password Recovery Mechanism for Forgotten Password

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability

CVE-2024-22445 7.2 - High - February 13, 2024

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Shell injection

Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility

CVE-2024-0168 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges.

Shell injection

Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability

CVE-2024-22221 6.5 - Medium - February 12, 2024

Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading to exposure of sensitive information.

SQL Injection

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility

CVE-2024-22222 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Shell injection

Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility

CVE-2024-22226 6.5 - Medium - February 12, 2024

Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges.

Directory traversal

Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility

CVE-2024-0164 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges.

Shell injection

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility

CVE-2024-0165 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.

Shell injection

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility

CVE-2024-0166 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges.

Shell injection

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility

CVE-2024-0167 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges.

Shell injection

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility

CVE-2024-0170 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Shell injection

Dell Unity, versions prior to 5.4, contains a cross-site scripting (XSS) vulnerability

CVE-2024-0169 5.4 - Medium - February 12, 2024

Dell Unity, versions prior to 5.4, contains a cross-site scripting (XSS) vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading users to download and execute malicious software crafted by this product's feature to compromise their systems.

XSS

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility

CVE-2024-22223 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Shell injection

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility

CVE-2024-22224 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Shell injection

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility

CVE-2024-22225 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.

Shell injection

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility

CVE-2024-22227 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands with root privileges.

Shell injection

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility

CVE-2024-22228 7.8 - High - February 12, 2024

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Shell injection

Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability

CVE-2024-22230 5.4 - Medium - February 12, 2024

Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control the victim's browser.

XSS

Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability

CVE-2023-28077 4.4 - Medium - February 10, 2024

Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.

Information Disclosure

Dell EMC AppSync, versions

CVE-2024-22464 6.8 - Medium - February 08, 2024

Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.

Insertion of Sensitive Information into Log File

DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability

CVE-2023-32454 7.1 - High - February 06, 2024

DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service

insecure temporary file

Dell Encryption

CVE-2023-32479 7.8 - High - February 06, 2024

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.

Dell Display Manager application, version 2.1.1.17, contains a vulnerability

CVE-2023-32451 7.8 - High - February 06, 2024

Dell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation

Improper Privilege Management

Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point

CVE-2023-32474 6.6 - Medium - February 06, 2024

Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion

insecure temporary file

Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability

CVE-2023-28049 7.1 - High - February 06, 2024

Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete.

Improper Privilege Management

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search

CVE-2024-22433 9.8 - Critical - February 06, 2024

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.

Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service

CVE-2023-25543 7.8 - High - February 06, 2024

Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system.

Improper Handling of Exceptional Conditions

Dell BSAFE Micro Edition Suite

CVE-2021-21575 9.8 - Critical - February 02, 2024

Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.

Side Channel Attack

Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5

CVE-2022-34381 9.8 - Critical - February 02, 2024

Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.

Dell BSAFE Crypto-C Micro Edition

CVE-2020-29504 9.8 - Critical - February 02, 2024

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.

Improper Certificate Validation

Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability

CVE-2024-22430 5.5 - Medium - February 01, 2024

Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service.

Incorrect Default Permissions

Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability

CVE-2024-22449 7.8 - High - February 01, 2024

Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access.

Missing Authentication for Critical Function

Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups

CVE-2024-22432 6.5 - Medium - January 25, 2024

Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account.

Insufficiently Protected Credentials

Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker

CVE-2024-22229 4.3 - Medium - January 24, 2024

Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities.

Output Sanitization

Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability

CVE-2023-44281 7.1 - High - January 24, 2024

Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial of Service.

Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability

CVE-2024-22428 7.8 - High - January 16, 2024

Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity.

Incorrect Default Permissions

Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer

CVE-2023-48670 7.8 - High - December 22, 2023

Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges.

Untrusted Path

Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component

CVE-2023-28053 5.3 - Medium - December 18, 2023

Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure.

Use of a Broken or Risky Cryptographic Algorithm

Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability

CVE-2023-48671 7.5 - High - December 14, 2023

Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A remote attacker could potentially exploit this vulnerability leading to obtain sensitive information that may aid in further attacks.

Dell PowerProtect DD

CVE-2023-48668 6.7 - Medium - December 14, 2023

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC.

Shell injection

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability

CVE-2023-48664 7.2 - High - December 14, 2023

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

Shell injection

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability

CVE-2023-48665 7.2 - High - December 14, 2023

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

Shell injection

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability

CVE-2023-48663 7.2 - High - December 14, 2023

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

Shell injection

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability

CVE-2023-48660 7.5 - High - December 14, 2023

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

Directory traversal

Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability

CVE-2023-48661 4.9 - Medium - December 14, 2023

Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system.

Files or Directories Accessible to External Parties

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability

CVE-2023-48662 7.2 - High - December 14, 2023

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

Shell injection

Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability

CVE-2023-39248 7.5 - High - December 05, 2023

Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity.

Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability

CVE-2023-44288 7.5 - High - December 05, 2023

Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, leading to denial of service.

Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability

CVE-2023-44295 8.1 - High - December 05, 2023

Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to loss of information, and information disclosure.

Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability

CVE-2023-39256 7.8 - High - December 02, 2023

Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product installation and upgrade, leading to privilege escalation on the system.

Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability

CVE-2023-39257 7.8 - High - December 02, 2023

Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product installation repair is performed, leading to privilege escalation on the system.

Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder

CVE-2023-43089 3.3 - Low - December 01, 2023

Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources.

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability

CVE-2023-39253 7.8 - High - November 23, 2023

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.

Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability

CVE-2023-43086 7.8 - High - November 23, 2023

Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.

Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability

CVE-2023-44289 7.8 - High - November 23, 2023

Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.

Dell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability

CVE-2023-44290 7.8 - High - November 23, 2023

Dell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.

Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component

CVE-2023-43082 5.9 - Medium - November 22, 2023

Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate.

Improper Certificate Validation

PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component

CVE-2023-43081 3.3 - Low - November 22, 2023

PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, leading to overwriting of log files.

Incorrect Default Permissions

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module

CVE-2023-44282 7.8 - High - November 16, 2023

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.

Improper Privilege Management

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module

CVE-2023-44292 7.8 - High - November 16, 2023

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.

Improper Privilege Management

Dell Encryption

CVE-2023-39246 7.3 - High - November 16, 2023

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation

insecure temporary file

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability

CVE-2023-39259 7.8 - High - November 16, 2023

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.

Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability

CVE-2023-44296 5.5 - Medium - November 16, 2023

Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information.

Use of Hard-coded Credentials

Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability

CVE-2023-43076 6.5 - Medium - November 02, 2023

Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. A low privilege remote attacker could potentially exploit this vulnerability to cause an out of memory (OOM) condition.

Memory Leak

Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions

CVE-2023-43087 6.5 - Medium - November 02, 2023

Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure.

Improper Handling of Exceptional Conditions

Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability

CVE-2023-43066 7.8 - High - October 23, 2023

Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands.

Shell injection

Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability

CVE-2023-43067 6.5 - Medium - October 23, 2023

Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system.

XXE

Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability

CVE-2023-43065 5.4 - Medium - October 23, 2023

Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges.

XSS

Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability

CVE-2023-43074 7.5 - High - October 23, 2023

Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.

Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability

CVE-2023-43079 7.8 - High - October 13, 2023

Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system. Exploitation may lead to a complete system compromise.

Authorization

Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability

CVE-2023-32485 9.8 - Critical - October 05, 2023

Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity.

Improper Input Validation

Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection

CVE-2023-43071 5.4 - Medium - October 05, 2023

Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks.

CSV Injection

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the more command

CVE-2023-4401 8.8 - High - October 05, 2023

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the more command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.

Shell injection

Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration

CVE-2023-43073 6.5 - Medium - October 05, 2023

Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data.

Improper Input Validation

Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI

CVE-2023-43072 7.8 - High - October 05, 2023

Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.

Authorization

Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface

CVE-2023-43070 6.5 - Medium - October 05, 2023

Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container.

Directory traversal

Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI

CVE-2023-43069 7.8 - High - October 05, 2023

Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker.

Shell injection

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH

CVE-2023-43068 8.8 - High - October 05, 2023

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands.

Shell injection

Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability

CVE-2023-32477 7.8 - High - September 29, 2023

Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. A local low-privileged malicious user may potentially exploit this vulnerability to gain elevated privileges.

Authorization

Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability

CVE-2023-4129 7.5 - High - September 27, 2023

Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.

Inadequate Encryption Strength

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client

CVE-2023-28055 8.8 - High - September 27, 2023

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.

AuthZ

Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability

CVE-2023-39252 5.9 - Medium - September 21, 2023

Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.

Use of a Broken or Risky Cryptographic Algorithm

SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability

CVE-2023-3039 7.8 - High - September 12, 2023

SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.

Authorization

Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability

CVE-2023-32470 5.5 - Medium - September 08, 2023

Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).

1386

Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability

CVE-2023-28072 7.8 - High - September 04, 2023

Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. A local malicious user could potentially send specially crafted requests to the .NET Remoting server to run arbitrary code on the system.

Marshaling, Unmarshaling

Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability

CVE-2023-32457 8.8 - High - August 29, 2023

Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentially exploit this vulnerability, leading to escalation of privileges.

Improper Privilege Management

Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability

CVE-2023-39250 5.5 - Medium - August 16, 2023

Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.

Inclusion of Sensitive Information in Source Code

Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability

CVE-2023-32492 7.1 - High - August 16, 2023

Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files.

Incorrect Default Permissions

Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability

CVE-2023-32486 7.8 - High - August 16, 2023

Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. A low privilege local attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability

CVE-2023-32495 7.8 - High - August 16, 2023

Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability. An authorized local attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability

CVE-2023-32493 9.8 - Critical - August 16, 2023

Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution.

Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3

CVE-2023-32491 6.5 - Medium - August 16, 2023

Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure.

Insertion of Sensitive Information into Log File

Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability

CVE-2023-32490 6.7 - Medium - August 16, 2023

Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability. A high privilege local attacker could potentially exploit this vulnerability, leading to system takeover.

Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability

CVE-2023-32489 6.7 - Medium - August 16, 2023

Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain elevated privileges.  

Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS

CVE-2023-32488 4.3 - Medium - August 16, 2023

Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.

Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability

CVE-2023-32487 7.8 - High - August 16, 2023

Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service, code execution and information disclosure.

Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability

CVE-2023-32494 6.7 - Medium - August 16, 2023

Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.

Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability

CVE-2023-32450 7.8 - High - July 27, 2023

Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.

Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability

CVE-2023-32468 4.9 - Medium - July 26, 2023

Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure of this sensitive data.

Insertion of Sensitive Information into Log File

Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability

CVE-2023-32478 4.9 - Medium - July 21, 2023

Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.

Insertion of Sensitive Information into Log File

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.