Filtered by vendor Dell
Subscribe
Total
1453 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29098 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 5.0 MEDIUM | 8.1 HIGH |
|
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise.
|
|||||
| CVE-2025-43724 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 4.4 MEDIUM |
|
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain unauthorized access to NFSv4 or SMB shares.
|
|||||
| CVE-2024-37134 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 6.7 MEDIUM |
|
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.
|
|||||
| CVE-2024-25953 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 6.0 MEDIUM |
|
Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.
|
|||||
| CVE-2022-34444 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 5.9 MEDIUM |
|
Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak.
|
|||||
| CVE-2021-21565 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.
|
|||||
| CVE-2026-22269 | 1 Dell | 1 Powerprotect Data Manager | 2026-02-20 | N/A | 4.7 MEDIUM |
|
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.
|
|||||
| CVE-2026-22266 | 1 Dell | 1 Powerprotect Data Manager | 2026-02-20 | N/A | 4.7 MEDIUM |
|
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.
|
|||||
| CVE-2026-22267 | 1 Dell | 1 Powerprotect Data Manager | 2026-02-20 | N/A | 8.1 HIGH |
|
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
|
|||||
| CVE-2026-22268 | 1 Dell | 1 Powerprotect Data Manager | 2026-02-20 | N/A | 6.3 MEDIUM |
|
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection.
|
|||||
| CVE-2026-22769 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2026-02-18 | N/A | 10.0 CRITICAL |
|
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.
|
|||||
| CVE-2026-23857 | 1 Dell | 1 Update Package Framework | 2026-02-18 | N/A | 8.2 HIGH |
|
Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
|
|||||
| CVE-2026-22276 | 1 Dell | 2 Elastic Cloud Storage, Objectscale | 2026-02-18 | N/A | 5.5 MEDIUM |
|
Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
|
|||||
| CVE-2026-22275 | 1 Dell | 2 Elastic Cloud Storage, Objectscale | 2026-02-18 | N/A | 4.4 MEDIUM |
|
Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
|
|||||
| CVE-2026-22274 | 1 Dell | 2 Elastic Cloud Storage, Objectscale | 2026-02-18 | N/A | 6.5 MEDIUM |
|
Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and modify information in transit.
|
|||||
| CVE-2026-22273 | 1 Dell | 2 Elastic Cloud Storage, Objectscale | 2026-02-18 | N/A | 8.8 HIGH |
|
Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
|
|||||
| CVE-2026-22271 | 1 Dell | 2 Elastic Cloud Storage, Objectscale | 2026-02-18 | N/A | 7.5 HIGH |
|
Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information exposure.
|
|||||
| CVE-2025-46684 | 1 Dell | 1 Supportassist Os Recovery | 2026-02-13 | N/A | 6.6 MEDIUM |
|
Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering.
|
|||||
| CVE-2025-46685 | 1 Dell | 1 Supportassist Os Recovery | 2026-02-13 | N/A | 7.5 HIGH |
|
Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
|
|||||
| CVE-2026-22764 | 1 Dell | 1 Openmanage Network Integration | 2026-02-13 | N/A | 4.3 MEDIUM |
|
Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
|
|||||
| CVE-2025-21104 | 1 Dell | 1 Networker | 2026-02-13 | N/A | 4.3 MEDIUM |
|
Dell NetWorker, versions prior to 19.11.0.4 and version 19.12, contains an URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in NetWorker Management Console. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information.
|
|||||
| CVE-2025-43914 | 1 Dell | 1 Data Domain Operating System | 2026-02-12 | N/A | 7.5 HIGH |
|
Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
|
|||||
| CVE-2026-21417 | 1 Dell | 1 Cloudboost Virtual Appliance | 2026-02-06 | N/A | 7.0 HIGH |
|
Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
|
|||||
| CVE-2025-46644 | 1 Dell | 1 Data Domain Operating System | 2026-02-05 | N/A | 6.0 MEDIUM |
|
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command executio ...
Show More |
|||||
| CVE-2025-46676 | 1 Dell | 1 Data Domain Operating System | 2026-02-05 | N/A | 2.7 LOW |
|
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
|
|||||
| CVE-2025-46643 | 1 Dell | 1 Data Domain Operating System | 2026-02-05 | N/A | 2.3 LOW |
|
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain a Heap-based Buffer Overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.
|
|||||
| CVE-2025-46645 | 1 Dell | 1 Data Domain Operating System | 2026-02-05 | N/A | 6.5 MEDIUM |
|
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execut ...
Show More |
|||||
| CVE-2025-46696 | 1 Dell | 1 Secure Connect Gateway | 2026-02-03 | N/A | 6.4 MEDIUM |
|
Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, version(s) versions 5.26 to 5.30, contain(s) an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
|
|||||
| CVE-2025-46699 | 1 Dell | 1 Data Protection Advisor | 2026-01-28 | N/A | 4.3 MEDIUM |
|
Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
|
|||||
| CVE-2026-22278 | 1 Dell | 1 Powerscale Onefs | 2026-01-28 | N/A | 8.1 HIGH |
|
Dell PowerScale OneFS versions prior to 9.13.0.0 contains an improper restriction of excessive authentication attempts vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
|
|||||
| CVE-2026-22279 | 1 Dell | 1 Powerscale Onefs | 2026-01-28 | N/A | 4.3 MEDIUM |
|
Dell PowerScale OneFS, versions prior 9.13.0.0, contains an insufficient logging vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information tampering.
|
|||||
| CVE-2026-22280 | 1 Dell | 1 Powerscale Onefs | 2026-01-28 | N/A | 5.0 MEDIUM |
|
Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains an incorrect permission assignment for critical resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.
|
|||||
| CVE-2026-22281 | 1 Dell | 1 Powerscale Onefs | 2026-01-28 | N/A | 3.5 LOW |
|
Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to denial of service.
|
|||||
| CVE-2025-29987 | 1 Dell | 4 Data Domain Operating System, Powerprotect Data Domain, Powerprotect Dm5500 and 1 more | 2026-01-22 | N/A | 8.8 HIGH |
|
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.
|
|||||
| CVE-2025-36589 | 1 Dell | 2 Unisphere For Powermax, Unisphere For Powermax Virtual Appliance | 2026-01-22 | N/A | 7.6 HIGH |
|
Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control.
|
|||||
| CVE-2024-37143 | 1 Dell | 5 Data Lakehouse, Insightiq, Powerflex Appliance Intelligent Catalog and 2 more | 2026-01-22 | N/A | 10.0 CRITICAL |
|
Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Improper Link Resolution Before File Access vulnerability. An unauthenticated attacker with remote access could potentially exp ...
Show More |
|||||
| CVE-2024-37144 | 1 Dell | 5 Data Lakehouse, Insightiq, Powerflex Appliance Intelligent Catalog and 2 more | 2026-01-22 | N/A | 8.2 HIGH |
|
Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Insecure Storage of Sensitive Information vulnerability. A high privileged attacker with local access could potentially exploit ...
Show More |
|||||
| CVE-2024-51539 | 1 Dell | 1 Secure Connect Gateway | 2026-01-21 | N/A | 2.3 LOW |
|
The Dell Secure Connect Gateway (SCG) Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attacker with access to the system could potentially exploit this vulnerability, leading to the disclosure of non-sensitive information that does not include any customer data.
|
|||||
| CVE-2025-46363 | 1 Dell | 1 Secure Connect Gateway | 2026-01-21 | N/A | 4.3 MEDIUM |
|
Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources.
|
|||||
| CVE-2025-43990 | 1 Dell | 1 Command Monitor | 2026-01-21 | N/A | 7.3 HIGH |
|
Dell Command Monitor (DCM), versions prior to 10.12.3.28, contains an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
|
|||||