Filtered by vendor Dell
Subscribe
Total
1453 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47241 | 1 Dell | 1 Secure Connect Gateway | 2024-12-13 | N/A | 5.5 MEDIUM |
|
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access and modification of transmitted data.
|
|||||
| CVE-2024-22457 | 1 Dell | 1 Secure Connect Gateway | 2024-12-04 | N/A | 7.1 HIGH |
|
Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server.
|
|||||
| CVE-2024-22458 | 1 Dell | 1 Secure Connect Gateway | 2024-12-04 | N/A | 3.7 LOW |
|
Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.
|
|||||
| CVE-2024-45766 | 1 Dell | 1 Openmanage Enterprise | 2024-12-02 | N/A | 8.0 HIGH |
|
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
|
|||||
| CVE-2024-45767 | 1 Dell | 1 Openmanage Enterprise | 2024-12-02 | N/A | 4.3 MEDIUM |
|
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
|
|||||
| CVE-2024-48010 | 1 Dell | 1 Data Domain Operating System | 2024-11-26 | N/A | 6.5 MEDIUM |
|
Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application.
|
|||||
| CVE-2024-39576 | 1 Dell | 1 Power Manager | 2024-11-26 | N/A | 8.8 HIGH |
|
Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.
|
|||||
| CVE-2024-48011 | 1 Dell | 1 Data Domain Operating System | 2024-11-26 | N/A | 3.1 LOW |
|
Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
|
|||||
| CVE-2024-45759 | 1 Dell | 1 Data Domain Operating System | 2024-11-26 | N/A | 6.8 MEDIUM |
|
Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to unauthorized execution of certain commands to overwrite system config of the application. Exploitation may lead to denial of service of system.
|
|||||
| CVE-2024-37125 | 1 Dell | 1 Smartfabric Os10 | 2024-11-25 | N/A | 7.5 HIGH |
|
Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. A remote unauthenticated host could potentially exploit this vulnerability leading to a denial of service.
|
|||||
| CVE-2024-39577 | 1 Dell | 1 Smartfabric Os10 | 2024-11-25 | N/A | 7.1 HIGH |
|
Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability leading to code execution.
|
|||||
| CVE-2024-38305 | 1 Dell | 1 Supportassist For Home Pcs | 2024-11-25 | N/A | 7.3 HIGH |
|
Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with elevated privileges.
|
|||||
| CVE-2024-37135 | 1 Dell | 2 Dm5500, Dm5500 Firmware | 2024-11-22 | N/A | 3.3 LOW |
|
DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
|
|||||
| CVE-2024-38301 | 1 Dell | 1 Alienware Command Center | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure.
|
|||||
| CVE-2024-37141 | 1 Dell | 1 Data Domain Operating System | 2024-11-21 | N/A | 3.5 LOW |
|
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.
|
|||||
| CVE-2024-37140 | 1 Dell | 1 Data Domain Operating System | 2024-11-21 | N/A | 8.8 HIGH |
|
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
|
|||||
| CVE-2024-37139 | 1 Dell | 1 Data Domain Operating System | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource constraint of system application. Exploitation may lead to denial of service of the application.
|
|||||
| CVE-2024-37138 | 1 Dell | 1 Data Domain Operating System | 2024-11-21 | N/A | 4.1 MEDIUM |
|
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system.
|
|||||
| CVE-2024-32860 | 1 Dell | 44 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R11 and 41 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
|
|||||
| CVE-2024-32859 | 1 Dell | 46 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R10 and 43 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
|
|||||
| CVE-2024-32858 | 1 Dell | 46 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R10 and 43 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
|
|||||
| CVE-2024-32856 | 1 Dell | 46 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R10 and 43 more | 2024-11-21 | N/A | 5.1 MEDIUM |
|
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
|
|||||
| CVE-2024-30472 | 2 Dell, Microsoft | 2 Thinos, Telemetry Dashboard | 2024-11-21 | N/A | 7.5 HIGH |
|
Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure.
|
|||||
| CVE-2024-29177 | 1 Dell | 1 Data Domain Operating System | 2024-11-21 | N/A | 2.7 LOW |
|
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain unauthorized access to the application report.
|
|||||
| CVE-2024-29176 | 1 Dell | 10 Apex Protection Storage, Data Domain Operating System, Dd3300 and 7 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
|
|||||
| CVE-2024-29175 | 1 Dell | 1 Data Domain Operating System | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information.
|
|||||
| CVE-2024-29174 | 1 Dell | 1 Data Domain Operating System | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data.
|
|||||
| CVE-2024-29168 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data.
|
|||||
| CVE-2024-28979 | 1 Dell | 1 Openmanage Enterprise | 2024-11-21 | N/A | 5.1 MEDIUM |
|
Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
|
|||||
| CVE-2024-28978 | 1 Dell | 1 Openmanage Enterprise | 2024-11-21 | N/A | 5.2 MEDIUM |
|
Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources.
|
|||||
| CVE-2024-28970 | 1 Dell | 28 G7 7500, G7 7500 Firmware, G7 7700 and 25 more | 2024-11-21 | N/A | 4.7 MEDIUM |
|
Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.
|
|||||
| CVE-2024-28969 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources.
|
|||||
| CVE-2024-28968 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
|
|||||
| CVE-2024-28967 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
|
|||||
| CVE-2024-28966 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
|
|||||
| CVE-2024-28965 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
|
|||||
| CVE-2024-28964 | 1 Dell | 1 Common Event Enabler | 2024-11-21 | N/A | 7.8 HIGH |
|
Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file.
|
|||||
| CVE-2024-25949 | 1 Dell | 1 Networking Os10 | 2024-11-21 | N/A | 8.8 HIGH |
|
Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges.
|
|||||
| CVE-2024-22464 | 1 Dell | 1 Emc Appsync | 2024-11-21 | N/A | 6.2 MEDIUM |
|
Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.
|
|||||
| CVE-2024-22455 | 1 Dell | 1 E-lab Navigator | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks.
|
|||||