Filtered by vendor Dell
Subscribe
Total
1453 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39253 | 1 Dell | 1 Os Recovery Tool | 2024-11-21 | N/A | 7.3 HIGH |
|
Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.
|
|||||
| CVE-2023-39251 | 1 Dell | 26 Inspiron 7510, Inspiron 7510 Firmware, Inspiron 7610 and 23 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.
|
|||||
| CVE-2023-39250 | 1 Dell | 3 Replay Manager For Vmware, Storage Integration Tools For Vmware, Storage Vsphere Client Plugin | 2024-11-21 | N/A | 7.8 HIGH |
|
Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.
|
|||||
| CVE-2023-39249 | 1 Dell | 1 Supportassist For Home Pcs | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limit ...
Show More |
|||||
| CVE-2023-39248 | 1 Dell | 1 Networking Os10 | 2024-11-21 | N/A | 7.5 HIGH |
|
Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity.
|
|||||
| CVE-2023-39246 | 2 Dell, Microsoft | 4 Encryption, Endpoint Security Suite Enterprise, Security Management Server and 1 more | 2024-11-21 | N/A | 4.6 MEDIUM |
|
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation
|
|||||
| CVE-2023-32485 | 1 Dell | 1 Smartfabric Storage Software | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity.
|
|||||
| CVE-2023-32483 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Wyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability. An authenticated malicious user having local access to the system running the application could exploit this vulnerability to read sensitive information written to log files.
|
|||||
| CVE-2023-32482 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group.
|
|||||
| CVE-2023-32481 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Wyse Management Suite versions prior to 4.0 contain a denial-of-service vulnerability. An authenticated malicious user can flood the configured SMTP server with numerous requests in order to deny access to the system.
|
|||||
| CVE-2023-32480 | 1 Dell | 62 Alienware M15 R7, Alienware M15 R7 Firmware, G15 5510 and 59 more | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution.
|
|||||
| CVE-2023-32479 | 2 Dell, Microsoft | 4 Encryption, Endpoint Security Suite Enterprise, Security Management Server and 1 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.
|
|||||
| CVE-2023-32478 | 1 Dell | 1 Powerstoreos | 2024-11-21 | N/A | 9.0 CRITICAL |
|
Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.
|
|||||
| CVE-2023-32477 | 1 Dell | 1 Common Event Enabler | 2024-11-21 | N/A | 7.8 HIGH |
|
Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. A local low-privileged malicious user may potentially exploit this vulnerability to gain elevated privileges.
|
|||||
| CVE-2023-32476 | 1 Dell | 1 Hybrid Client | 2024-11-21 | N/A | 6.4 MEDIUM |
|
Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability. An unauthenticated malicious user on the device can access hard coded secrets in javascript files.
|
|||||
| CVE-2023-32475 | 1 Dell | 80 Alienware Aurora R10, Alienware Aurora R10 Firmware, Alienware Aurora R15 Amd and 77 more | 2024-11-21 | N/A | 7.6 HIGH |
|
Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.
|
|||||
| CVE-2023-32474 | 1 Dell | 1 Display Manager | 2024-11-21 | N/A | 6.6 MEDIUM |
|
Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion
|
|||||
| CVE-2023-32472 | 1 Dell | 4 Edge Gateway 3200, Edge Gateway 3200 Firmware, Edge Gateway 5200 and 1 more | 2024-11-21 | N/A | 5.7 MEDIUM |
|
Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some code in System Management Mode, leading to arbitrary code execution or escalation of privilege.
|
|||||
| CVE-2023-32471 | 1 Dell | 20 Edge Gateway 3200, Edge Gateway 3200 Firmware, Edge Gateway 5200 and 17 more | 2024-11-21 | N/A | 6.0 MEDIUM |
|
Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits.
|
|||||
| CVE-2023-32470 | 1 Dell | 1 Digital Delivery | 2024-11-21 | N/A | 5.0 MEDIUM |
|
Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).
|
|||||
| CVE-2023-32469 | 1 Dell | 6 Precision 5820, Precision 5820 Firmware, Precision 7820 and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution.
|
|||||
| CVE-2023-32468 | 1 Dell | 1 Ecs Streamer | 2024-11-21 | N/A | 5.8 MEDIUM |
|
Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure of this sensitive data.
|
|||||
| CVE-2023-32467 | 1 Dell | 12 Chengming 3977, Chengming 3977 Firmware, Edge Gateway 3200 and 9 more | 2024-11-21 | N/A | 5.7 MEDIUM |
|
Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege.
|
|||||
| CVE-2023-32466 | 1 Dell | 2 Edge Gateway 3200, Edge Gateway 3200 Firmware | 2024-11-21 | N/A | 5.7 MEDIUM |
|
Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege.
|
|||||
| CVE-2023-32465 | 1 Dell | 1 Powerprotect Cyber Recovery | 2024-11-21 | N/A | 8.8 HIGH |
|
Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker.
|
|||||
| CVE-2023-32464 | 1 Dell | 90 Vxrail D560, Vxrail D560 Firmware, Vxrail D560f and 87 more | 2024-11-21 | N/A | 2.7 LOW |
|
Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.
|
|||||
| CVE-2023-32463 | 1 Dell | 90 Vxrail D560, Vxrail D560 Firmware, Vxrail D560f and 87 more | 2024-11-21 | N/A | 3.4 LOW |
|
Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.
|
|||||
| CVE-2023-32461 | 1 Dell | 104 Emc Xc Core Xc450, Emc Xc Core Xc450 Firmware, Emc Xc Core Xc650 and 101 more | 2024-11-21 | N/A | 5.0 MEDIUM |
|
Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.
|
|||||
| CVE-2023-32460 | 1 Dell | 252 Dss 8440, Dss 8440 Firmware, Emc Nx440 Firmware and 249 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.
|
|||||
| CVE-2023-32455 | 1 Dell | 10 Latitude 3420, Latitude 3440, Latitude 5440 and 7 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.
|
|||||
| CVE-2023-32454 | 1 Dell | 1 Update Package Framework | 2024-11-21 | N/A | 6.3 MEDIUM |
|
DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service
|
|||||
| CVE-2023-32453 | 1 Dell | 222 Alienware M15 R7, Alienware M15 R7 Firmware, Alienware M16 and 219 more | 2024-11-21 | N/A | 4.6 MEDIUM |
|
Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.
|
|||||
| CVE-2023-32451 | 1 Dell | 1 Display Manager | 2024-11-21 | N/A | 7.3 HIGH |
|
Dell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation
|
|||||
| CVE-2023-32450 | 1 Dell | 1 Power Manager | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.
|
|||||
| CVE-2023-32449 | 1 Dell | 11 Powerstore 1000t, Powerstore 1200t, Powerstore 3000t and 8 more | 2024-11-21 | N/A | 7.2 HIGH |
|
Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks
|
|||||
| CVE-2023-32448 | 1 Dell | 1 Powerpath | 2024-11-21 | N/A | 5.5 MEDIUM |
|
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems.
|
|||||
| CVE-2023-32447 | 1 Dell | 10 Latitude 3420, Latitude 3440, Latitude 5440 and 7 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.
|
|||||
| CVE-2023-32446 | 1 Dell | 10 Latitude 3420, Latitude 3440, Latitude 5440 and 7 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.
|
|||||
| CVE-2023-28080 | 1 Dell | 1 Powerpath | 2024-11-21 | N/A | 6.7 MEDIUM |
|
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.
|
|||||
| CVE-2023-28079 | 1 Dell | 1 Powerpath | 2024-11-21 | N/A | 7.0 HIGH |
|
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.
|
|||||