Filtered by vendor Dell
Subscribe
Total
1453 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29093 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system.
|
|||||
| CVE-2022-29092 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system.
|
|||||
| CVE-2022-29091 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
|
|||||
| CVE-2022-29090 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 8.5 HIGH |
|
Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. A low privileged malicious user could potentially exploit this vulnerability in order to obtain credentials. The attacker may be able to use the exposed credentials to access the target device and perform unauthorized actions.
|
|||||
| CVE-2022-29089 | 1 Dell | 1 Smartfabric Os10 | 2024-11-21 | N/A | 6.4 MEDIUM |
|
Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.
|
|||||
| CVE-2022-29085 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
|
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
|
|||||
| CVE-2022-29084 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-11-21 | 10.0 HIGH | 8.1 HIGH |
|
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users.
|
|||||
| CVE-2022-29083 | 1 Dell | 216 Chengming 3980, Chengming 3980 Firmware, Chengming 3990 and 213 more | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Prior Dell BIOS versions contain an Improper Authentication vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability by bypassing drive security mechanisms in order to gain access to the system.
|
|||||
| CVE-2022-29082 | 1 Dell | 1 Emc Networker | 2024-11-21 | 4.9 MEDIUM | 3.7 LOW |
|
Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates.
|
|||||
| CVE-2022-26870 | 1 Dell | 1 Powerstoreos | 2024-11-21 | N/A | 7.0 HIGH |
|
Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit.
|
|||||
| CVE-2022-26869 | 1 Dell | 3 Powerstore T, Powerstore X, Powerstoreos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution.
|
|||||
| CVE-2022-26868 | 1 Dell | 3 Powerstore T, Powerstore X, Powerstoreos | 2024-11-21 | 7.2 HIGH | 6.4 MEDIUM |
|
Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.
|
|||||
| CVE-2022-26867 | 1 Dell | 3 Powerstore T, Powerstore X, Powerstoreos | 2024-11-21 | 6.0 MEDIUM | 5.9 MEDIUM |
|
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file.
|
|||||
| CVE-2022-26866 | 1 Dell | 1 Powerstoreos | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session ...
Show More |
|||||
| CVE-2022-26865 | 1 Dell | 1 Supportassist Os Recovery | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
|
Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator.
|
|||||
| CVE-2022-26864 | 1 Dell | 68 Alienware M15 R5, Alienware M15 R5 Firmware, G15 5515 and 65 more | 2024-11-21 | 7.2 HIGH | 6.3 MEDIUM |
|
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.
|
|||||
| CVE-2022-26863 | 1 Dell | 68 Alienware M15 R5, Alienware M15 R5 Firmware, G15 5515 and 65 more | 2024-11-21 | 7.2 HIGH | 6.3 MEDIUM |
|
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.
|
|||||
| CVE-2022-26862 | 1 Dell | 68 Alienware M15 R5, Alienware M15 R5 Firmware, G15 5515 and 65 more | 2024-11-21 | 7.2 HIGH | 6.3 MEDIUM |
|
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.
|
|||||
| CVE-2022-26861 | 1 Dell | 798 Alienware M15 R6, Alienware M15 R6 Firmware, Chengming 3980 and 795 more | 2024-11-21 | N/A | 7.9 HIGH |
|
Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM.
|
|||||
| CVE-2022-26860 | 1 Dell | 798 Alienware M15 R6, Alienware M15 R6 Firmware, Chengming 3980 and 795 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in SMM.
|
|||||
| CVE-2022-26859 | 1 Dell | 798 Alienware M15 R6, Alienware M15 R6 Firmware, Chengming 3980 and 795 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI in order to bypass security checks during SMM.
|
|||||
| CVE-2022-26858 | 1 Dell | 798 Alienware M15 R6, Alienware M15 R6 Firmware, Chengming 3980 and 795 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls.
|
|||||
| CVE-2022-26857 | 1 Dell | 1 Openmanage Enterprise | 2024-11-21 | 6.5 MEDIUM | 9.0 CRITICAL |
|
Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions.
|
|||||
| CVE-2022-26856 | 1 Dell | 1 Emc Repository Manager | 2024-11-21 | 2.1 LOW | 8.2 HIGH |
|
Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account.
|
|||||
| CVE-2022-26855 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service.
|
|||||
| CVE-2022-26854 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 10.0 HIGH | 8.1 HIGH |
|
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access
|
|||||
| CVE-2022-26852 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
|
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise.
|
|||||
| CVE-2022-26851 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss.
|
|||||
| CVE-2022-24428 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure.
|
|||||
| CVE-2022-24426 | 1 Dell | 3 Alienware Update, Command Update, Update | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.
|
|||||
| CVE-2022-24424 | 1 Dell | 1 Emc Appsync | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.
|
|||||
| CVE-2022-24423 | 1 Dell | 2 Integrated Dell Remote Access Controller 8, Integrated Dell Remote Access Controller 8 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to cause resource exhaustion in the webserver, resulting in a denial of service condition.
|
|||||
| CVE-2022-24422 | 1 Dell | 1 Idrac9 | 2024-11-21 | 10.0 HIGH | 9.6 CRITICAL |
|
Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.
|
|||||
| CVE-2022-24421 | 1 Dell | 92 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 89 more | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
|
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
|
|||||
| CVE-2022-24420 | 1 Dell | 92 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 89 more | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
|
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
|
|||||
| CVE-2022-24419 | 1 Dell | 92 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 89 more | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
|
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
|
|||||
| CVE-2022-24418 | 1 Dell | 56 Dell G5 5505, Dell G5 5505 Firmware, Inspiron 22-3275 and 53 more | 2024-11-21 | 7.2 HIGH | 7.5 HIGH |
|
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
|
|||||
| CVE-2022-24417 | 1 Dell | 56 Dell G5 5505, Dell G5 5505 Firmware, Inspiron 22-3275 and 53 more | 2024-11-21 | 7.2 HIGH | 7.5 HIGH |
|
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
|
|||||
| CVE-2022-24416 | 1 Dell | 92 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 89 more | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
|
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
|
|||||
| CVE-2022-24415 | 1 Dell | 92 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 89 more | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
|
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
|
|||||