Dell Security Vulnerabilities (CVEs)

Dell RecoverPoint for Virtual Machines 6.0.x has an authentication rate limiting vulnerability that allows attackers to perform brute-force or diction...

This vulnerability allows a high-privileged attacker with local access to execute arbitrary code on Dell systems due to improper input validation in a...

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) race condition vulnerability that allows a low-privileged attacker with local a...

Dell VxVerify versions before x.40.405 store passwords in plain text within shell wrapper files. A local high-privileged attacker can read these crede...

Dell Client Platform Firmware Update Utility has an Improper Link Resolution vulnerability (CWE-61) that allows a high-privileged attacker with local ...

This SQL injection vulnerability in Dell Avamar allows unauthenticated remote attackers to execute arbitrary commands on affected systems. It affects ...

This SQL injection vulnerability in Dell Avamar allows low-privileged remote attackers to execute arbitrary SQL commands, potentially leading to scrip...

Dell OpenManage Server Administrator (OMSA) versions 11.0.1.0 and prior contain an improper input validation vulnerability that allows remote low-priv...

Dell Power Manager versions before 3.17 have an improper access control vulnerability that allows local low-privileged attackers to execute arbitrary ...

Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.x contain an incorrect argument specification vulnerability that allows remote low-privileged leg...

Dell PowerScale OneFS versions 9.5.0.x through 9.8.0.x contain an uncontrolled resource consumption vulnerability. A low-privilege remote attacker cou...

Dell NetWorker versions 19.10 contain an authorization bypass vulnerability where an unauthenticated attacker can manipulate user-controlled keys to a...

Dell NetWorker Management Console versions 19.11 contain an improper cryptographic signature verification vulnerability. An unauthenticated attacker w...

Dell Wyse Management Suite versions 4.4 and earlier contain an authentication bypass vulnerability where attackers can replay captured authentication ...

Dell Wyse Management Suite versions 4.4 and earlier have a vulnerability where attackers with high privileges and remote access can bypass protection ...

This vulnerability allows a high-privileged attacker with local access to exploit shared microarchitectural structures during transient execution, pot...

This CVE describes a command injection vulnerability in Dell SmartFabric OS10 Software that allows a low-privileged attacker with local access to exec...

Dell SmartFabric OS10 Software contains a command injection vulnerability that allows low-privileged attackers with local access to execute arbitrary ...

Dell SmartFabric OS10 Software contains a privilege escalation vulnerability where low-privileged local attackers can execute commands with elevated p...

Dell PowerProtect Data Domain has a local privilege escalation vulnerability where authenticated low-privileged users can execute unauthorized command...

Dell Data Lakehouse versions 1.0.0.0 and 1.1.0 contain an improper access control vulnerability that allows unauthenticated attackers on adjacent netw...

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS versions 5.24 has an improper certificate validation vulnerability. A low-privileged attacker wi...

Dell Secure Connect Gateway 5.24 has incorrect default file permissions that allow local low-privileged attackers to access the file system. This coul...

Dell OpenManage Enterprise versions 4.1 and earlier contain a code injection vulnerability that allows authenticated attackers with low privileges to ...

This CVE describes a command injection vulnerability in Dell SmartFabric OS10 Software that allows low-privileged remote attackers to execute arbitrar...

Dell SmartFabric OS10 Software contains an uncontrolled resource consumption vulnerability that allows remote unauthenticated attackers to cause denia...

CVE-2024-39583 is a cryptographic vulnerability in Dell PowerScale InsightIQ versions 5.0 through 5.1 that allows unauthenticated remote attackers to ...

Dell PowerScale InsightIQ version 5.1 contains an improper privilege management vulnerability that allows a high-privileged attacker with local access...

CVE-2024-39581 is a directory traversal vulnerability in Dell PowerScale InsightIQ versions 5.0 through 5.1 that allows unauthenticated remote attacke...

Dell ThinOS versions 2402 and 2405 contain a command injection vulnerability that allows unauthenticated attackers with physical access to execute arb...

This vulnerability allows a low-privileged attacker with remote access to execute arbitrary commands on Dell SmartFabric OS10 networking devices throu...

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A local high-privileged attacker could...

Dell Client Platform BIOS contains a vulnerability where default cryptographic keys are used, allowing a high-privileged attacker with local access to...

CVE-2023-22576 is a local privilege escalation vulnerability in Dell Repository Manager versions 3.4.2 and earlier. A local low-privileged attacker ca...

Dell SupportAssist for Home PCs Installer version 4.0.3 contains a local privilege escalation vulnerability where a low-privileged authenticated attac...

Dell BIOS contains an improper input validation vulnerability in an externally developed component that allows a high-privileged attacker with local a...

Dell Command | Update, Dell Update, and Alienware Update UWP applications contain an exposed dangerous method vulnerability in versions prior to 5.4. ...

CVE-2024-38490 is an out-of-bounds write vulnerability in Dell iDRAC Service Module versions 5.3.0.0 and earlier. A privileged local attacker could ex...

CVE-2024-25948 is an out-of-bounds write vulnerability in Dell iDRAC Service Module versions 5.3.0.0 and earlier. A privileged local attacker could ex...

Dell iDRAC Service Module versions 5.3.0.0 and earlier contain an out-of-bounds read vulnerability that could allow a privileged local attacker to exe...

Dell Inventory Collector versions before 12.3.0.6 contain a path traversal vulnerability that allows local authenticated users to write files to arbit...

Dell Peripheral Manager versions before 1.7.6 have a DLL hijacking vulnerability where attackers can place malicious DLLs in locations the software se...

Dell Peripheral Manager versions before 1.7.6 have a DLL hijacking vulnerability where attackers can place malicious DLLs in locations the application...

This vulnerability allows an unauthenticated attacker with local access to read memory outside intended bounds in Dell BSAFE cryptographic libraries. ...

Dell ECS versions before 3.8.1 contain a privilege elevation vulnerability in user management. A remote attacker with high privileges could exploit th...

This vulnerability allows a local authenticated user with high privileges to perform an out-of-bounds write in Dell Edge Gateway BIOS, potentially lea...

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high-privileged attacker with local ...