Filtered by vendor Dell
Subscribe
Total
1453 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22574 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 8.1 HIGH |
|
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service.
|
|||||
| CVE-2023-22573 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 7.9 HIGH |
|
Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure.
|
|||||
| CVE-2023-22572 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 7.8 HIGH |
|
Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover.
|
|||||
| CVE-2022-46756 | 1 Dell | 1 Vxrail Manager | 2024-11-21 | N/A | 8.2 HIGH |
|
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
|
|||||
| CVE-2022-46755 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized.
|
|||||
| CVE-2022-46754 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 8.7 HIGH |
|
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities.
|
|||||
| CVE-2022-46752 | 1 Dell | 150 Inspiron 14 Plus 7420, Inspiron 14 Plus 7420 Firmware, Inspiron 14 Plus 7620 and 147 more | 2024-11-21 | N/A | 4.6 MEDIUM |
|
Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.
|
|||||
| CVE-2022-46679 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.
|
|||||
| CVE-2022-46678 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Wyse Management Suite
3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized.
|
|||||
| CVE-2022-46677 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not authorized.
|
|||||
| CVE-2022-46676 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group admin is not authorized.
|
|||||
| CVE-2022-46675 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability. A unauthenticated attacker could potentially discover the internal structure of the application and its components and use this information for further vulnerability research.
|
|||||
| CVE-2022-45104 | 1 Dell | 3 Evasa Provider Virtual Appliance, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2024-11-21 | N/A | 8.8 HIGH |
|
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system.
|
|||||
| CVE-2022-45103 | 1 Dell | 8 Emc Solutions Enabler Virtual Appliance, Emc Unisphere For Powermax, Emc Unisphere For Powermax Virtual Appliance and 5 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.
|
|||||
| CVE-2022-45102 | 1 Dell | 5 Dp4400, Dp4400 Firmware, Dp5900 and 2 more | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web cache or trigger redirections.
|
|||||
| CVE-2022-45101 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 7.3 HIGH |
|
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution.
|
|||||
| CVE-2022-45100 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 8.1 HIGH |
|
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system.
|
|||||
| CVE-2022-45099 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 7.8 HIGH |
|
Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise
|
|||||
| CVE-2022-45098 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure.
|
|||||
| CVE-2022-45097 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.
|
|||||
| CVE-2022-45096 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information.
|
|||||
| CVE-2022-45095 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion.
|
|||||
| CVE-2022-34460 | 1 Dell | 52 G5 Se 5505, G5 Se 5505 Firmware, Inspiron 27 7775 and 49 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
|
|||||
| CVE-2022-34459 | 1 Dell | 3 Alienware Update, Command Update, Update | 2024-11-21 | N/A | 7.8 HIGH |
|
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.
|
|||||
| CVE-2022-34458 | 1 Dell | 3 Alienware Update, Command Update, Update | 2024-11-21 | N/A | 6.6 MEDIUM |
|
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data.
|
|||||
| CVE-2022-34457 | 1 Dell | 1 Command\|configure | 2024-11-21 | N/A | 7.3 HIGH |
|
Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.
|
|||||
| CVE-2022-34456 | 1 Dell | 1 Emc Metro Node | 2024-11-21 | N/A | 8.8 HIGH |
|
Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application.
|
|||||
| CVE-2022-34454 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters.
|
|||||
| CVE-2022-34453 | 1 Dell | 2 Xtremio X2, Xtremio X2 Firmware | 2024-11-21 | N/A | 7.6 HIGH |
|
Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default.
|
|||||
| CVE-2022-34452 | 1 Dell | 1 Powerpath Management Appliance | 2024-11-21 | N/A | 2.7 LOW |
|
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs.
|
|||||
| CVE-2022-34451 | 1 Dell | 1 Powerpath Management Appliance | 2024-11-21 | N/A | 4.8 MEDIUM |
|
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server.
|
|||||
| CVE-2022-34450 | 1 Dell | 1 Powerpath Management Appliance | 2024-11-21 | N/A | 6.7 MEDIUM |
|
PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root.
|
|||||
| CVE-2022-34449 | 1 Dell | 1 Powerpath Management Appliance | 2024-11-21 | N/A | 6.0 MEDIUM |
|
PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application.
|
|||||
| CVE-2022-34448 | 1 Dell | 1 Powerpath Management Appliance | 2024-11-21 | N/A | 8.8 HIGH |
|
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions.
|
|||||
| CVE-2022-34447 | 1 Dell | 1 Powerpath Management Appliance | 2024-11-21 | N/A | 7.2 HIGH |
|
PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user.
|
|||||
| CVE-2022-34446 | 1 Dell | 1 Powerpath Management Appliance | 2024-11-21 | N/A | 8.8 HIGH |
|
PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration.
|
|||||
| CVE-2022-34443 | 1 Dell | 1 Rugged Control Center | 2024-11-21 | N/A | 7.8 HIGH |
|
Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint. A Local Low Privilege attacker could potentially exploit this vulnerability, leading to an Escalation of privileges.
|
|||||
| CVE-2022-34439 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node.
|
|||||
| CVE-2022-34437 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters.
|
|||||
| CVE-2022-34436 | 1 Dell | 2 Idrac8, Idrac8 Firmware | 2024-11-21 | N/A | 2.7 LOW |
|
Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.
|
|||||