Dell Security Vulnerabilities (CVEs)

This OS command injection vulnerability in Dell Unity storage systems allows low-privileged local attackers to execute arbitrary commands with elevate...

This CVE describes an OS command injection vulnerability in Dell Unity storage systems. A low-privileged attacker with local access can execute arbitr...

This CVE describes an OS command injection vulnerability in Dell Unity storage systems. A low-privileged attacker with local access can execute arbitr...

This OS command injection vulnerability in Dell Unity storage systems allows attackers with local access to execute arbitrary commands with elevated p...

This vulnerability allows a low-privileged attacker with local access to execute arbitrary operating system commands on Dell Unity systems, potentiall...

CVE-2024-49601 is an OS command injection vulnerability in Dell Unity storage systems that allows unauthenticated remote attackers to execute arbitrar...

This CVE describes an OS command injection vulnerability in Dell Unity storage systems. A low-privileged attacker with local access can execute arbitr...

This CVE describes an OS command injection vulnerability in Dell Unity storage systems. A low-privileged attacker with local access can execute arbitr...

This OS command injection vulnerability in Dell Unity storage systems allows low-privileged local attackers to execute arbitrary commands with elevate...

A stack-based buffer overflow vulnerability in Dell Chassis Management Controller firmware allows unauthenticated remote attackers to execute arbitrar...

Dell Secure Connect Gateway (SCG) 5.0 Appliance versions 5.26 expose sensitive system information to unauthorized actors. A high-privileged attacker w...

Dell ThinOS 2408 and earlier versions have an improper permissions vulnerability that allows local low-privileged attackers to elevate their privilege...

This vulnerability allows a low-privileged attacker with local access to Dell SmartFabric OS10 switches to execute arbitrary code via command injectio...

Dell SmartFabric OS10 Software contains a default password vulnerability that allows low-privileged attackers with remote access to gain unauthorized ...

Dell SmartFabric OS10 Software contains an incorrect privilege assignment vulnerability (CWE-266) that allows local low-privileged attackers to elevat...

This CVE describes a command injection vulnerability in Dell SmartFabric OS10 Software that allows low-privileged local attackers to execute arbitrary...

This CVE describes a command injection vulnerability in Dell SmartFabric OS10 Software that allows high-privileged attackers with local access to exec...

Dell SmartFabric OS10 Software contains an improper privilege management vulnerability (CWE-269) where a low-privileged attacker with local access cou...

Dell SmartFabric OS10 Software versions 10.5.6.x contain a hard-coded password vulnerability. An unauthenticated attacker with local access could expl...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Dell SmartFabric OS10 Software. A high-privileged attacker with remote access...

This CVE describes a command injection vulnerability in Dell SmartFabric OS10 Software that allows low-privileged local attackers to execute arbitrary...

Dell SmartFabric OS10 Software contains an execution with unnecessary privileges vulnerability that allows low-privileged remote attackers to elevate ...

Dell NetWorker Management Console versions prior to 19.11.0.4 and version 19.12 contain an open redirect vulnerability that allows unauthenticated att...

This CVE describes a command injection vulnerability in Dell ThinOS versions 2411 and earlier. A low-privileged attacker with local access can execute...

Dell Recover Point for Virtual Machines 6.0.X has weak file system permissions that allow local low-privileged attackers to access non-sensitive resou...

Dell Client Platform BIOS contains a weak authentication vulnerability that allows high-privileged attackers with local access to elevate their privil...

Dell SupportAssist OS Recovery versions before 5.5.13.1 contain a symbolic link attack vulnerability that allows local low-privileged attackers to del...

Dell BSAFE SSL-J contains an improper certificate verification vulnerability that could allow a remote attacker to intercept or manipulate encrypted c...

Dell UCC Edge version 2.3.0 contains a blind Server-Side Request Forgery (SSRF) vulnerability in the Add Customer SFTP Server functionality. Unauthent...

Dell Avamar versions 19.4+ have an access token reuse vulnerability in the AUI (Avamar User Interface). A local attacker with low privileges could exp...

This vulnerability allows a local malicious user with low privileges on Dell PowerProtect DD systems to escalate their privileges through improper acc...

A local path traversal vulnerability in Dell PowerProtect DD allows low-privileged users to overwrite OS files, potentially causing denial of service....

This CVE describes an unquoted search path vulnerability in Dell NetWorker that allows local attackers with low privileges to execute arbitrary code. ...

Dell Networking Switches running Enterprise SONiC OS versions before 4.4.1 and 4.2.3 have a vulnerability where sensitive information can be inserted ...

Dell Display Manager versions before 2.3.2.20 contain a race condition vulnerability that allows a local malicious user to delete arbitrary files or f...

Dell VxRail versions 8.0.000 through 8.0.311 store passwords in plaintext, allowing high-privileged attackers with local access to read sensitive cred...

Dell VxRail versions 7.0.000 through 7.0.532 store passwords in plaintext, allowing a high-privileged attacker with local access to read sensitive cre...

Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability that allows remote low-privileged at...

Dell Update Package Framework versions before 22.01.02 contain a local privilege escalation vulnerability. A local low-privileged attacker can exploit...

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.x have incorrect permissions on critical system resources. A local authenticated attacker could e...

An arithmetic overflow vulnerability in Dell ECS retention period handling allows authenticated users with bucket/object access to bypass retention po...

Dell NativeEdge version 2.1.0.0 contains a temporary file creation vulnerability with insecure permissions. A high-privileged attacker with local acce...

Dell NativeEdge version 2.1.0.0 contains a metadata exposure vulnerability that allows unauthenticated remote attackers to access sensitive informatio...

Dell NativeEdge version 2.1.0.0 contains an execution with unnecessary privileges vulnerability (CWE-250). A low-privileged attacker with local access...

Dell Inventory Collector Client versions before 12.7.0 have a path traversal vulnerability where low-privilege local attackers can exploit improper li...

Dell AppSync version 4.6.0.x contains a symbolic link following vulnerability that allows local low-privileged attackers to tamper with files by manip...

Dell RecoverPoint for VMs versions 6.0.x contain a broken cryptographic algorithm vulnerability in SSH that allows unauthenticated remote attackers to...

Dell RecoverPoint for Virtual Machines 6.0.x contains an OS command injection vulnerability that allows low-privileged remote attackers to execute arb...