Dell Security Vulnerabilities (CVEs)

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability that allows a local high-privileged atta...

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 use broken or risky cryptographic algorithms, allowing unprivileged network attackers to potent...

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability that allows a local high-privilege attac...

This CVE describes a session hijacking vulnerability in iDRAC9's IPMI interface that allows remote attackers to take over authenticated sessions. Succ...

Dell PowerProtect DD management console contains a relative path traversal vulnerability that allows authenticated high-privilege attackers to send un...

Dell PowerProtect DD versions before 8.0 contain an OS command injection vulnerability in an admin operation. A remote attacker with low privileges ca...

Dell PowerProtect Data Domain systems using weak cryptographic algorithms are vulnerable to man-in-the-middle attacks. Remote unauthenticated attacker...

Dell PowerProtect DD versions contain an out-of-bounds write vulnerability that allows low-privileged remote attackers to execute arbitrary code. This...

This SSRF vulnerability in Dell PowerProtect DD allows remote attackers with high privileges to make the server send requests to internal systems, pot...

Dell PowerEdge Server BIOS contains a Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability that allows a local low-privileged attacker to p...

Dell Secure Connect Gateway (SCG) versions before 5.24.00.00 have an improper access control vulnerability in an internal update REST API. A remote lo...

CVE-2024-37131 is an overly permissive Cross-Origin Resource Policy (CORP) vulnerability in Dell Secure Connect Gateway Policy Manager. This allows re...

Dell Secure Connect Gateway (SCG) versions before 5.24.00.00 have an improper access control vulnerability in an internal REST API. A remote low-privi...

Dell Secure Connect Gateway (SCG) versions before 5.24.00.00 have an improper access control vulnerability in an internal maintenance REST API. If an ...

Dell Client Platform BIOS contains an improper input validation vulnerability in an externally developed component. A high-privileged attacker with lo...

Dell Client Platform BIOS contains an improper input validation vulnerability in an externally developed component. A high-privileged attacker with lo...

Dell Common Event Enabler versions 8.9.10.0 and earlier contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attack...

Dell Client BIOS contains an out-of-bounds write vulnerability that allows a local authenticated malicious user with admin privileges to potentially c...

Dell OpenManage Server Administrator (OMSA) versions 11.0.1.0 and prior contain a local privilege escalation vulnerability via XSL hijacking. A local ...

Dell BIOS contains a missing integrity check vulnerability that allows attackers with physical access to bypass security mechanisms and execute arbitr...

Dell Data Protection Advisor versions 19.9 contain an inadequate encryption strength vulnerability (CWE-326). A low-privileged attacker with remote ac...

Dell BIOS contains an improper input validation vulnerability that allows a local authenticated malicious user with admin privileges to execute arbitr...

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contain a resource allocation vulnerability where an attacker can cause denial of service by exha...

This CVE describes a privilege escalation vulnerability in Dell PowerScale OneFS where local high-privileged users can execute commands with unnecessa...

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contain a path traversal vulnerability where an attacker with local high privileges can control f...

CVE-2024-24908 is a path traversal vulnerability in Dell PowerProtect DM5500 that allows authenticated high-privilege attackers to delete arbitrary fi...

Dell OpenManage Enterprise versions 4.1.0 and older contain a cross-site scripting (XSS) vulnerability that allows high-privileged attackers with remo...

Dell Repository Manager versions before 3.4.5 contain a path traversal vulnerability in the API module. A local attacker with low privileges can explo...

Dell Alienware Command Center versions before 6.2.7.0 have a path traversal vulnerability where local attackers can place malicious files in the appli...

Dell PowerScale OneFS contains a UNIX symbolic link following vulnerability that allows local high-privileged attackers to manipulate symbolic links t...

Dell PowerScale OneFS versions 9.5.0.x through 9.7.0.x have an insufficient session expiration vulnerability that allows remote unauthenticated attack...

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x transmit sensitive information in cleartext, allowing a local low-privileged attacker to interc...

Dell vApp Manager versions prior to 9.2.4.9 contain a command injection vulnerability (CWE-78) that allows authorized attackers to execute arbitrary c...

Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x log sensitive information that could be accessed by local low-privileged users. This vulnerabil...

Dell InsightIQ version 5.0 has an improper access control vulnerability that allows remote low-privileged attackers to gain unauthorized access to mon...

Dell PowerScale OneFS versions 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability that allows remote unauthenticated attackers to p...

A heap-based buffer overflow vulnerability in Dell PowerEdge Server BIOS allows local high-privileged attackers to write to unauthorized memory. This ...

This vulnerability allows a local low-privileged attacker on affected Dell PowerEdge and Precision Rack servers to perform arbitrary writes to SMRAM (...

A buffer overflow vulnerability in Dell Digital Delivery allows local low-privileged attackers to execute arbitrary code or escalate privileges. This ...

Dell Display and Peripheral Manager for macOS contains an improper access control vulnerability that allows low-privileged users to modify files in th...

CVE-2024-22426 is an unauthenticated remote OS command injection vulnerability in Dell RecoverPoint for Virtual Machines. An attacker can execute arbi...

This vulnerability in Dell SupportAssist allows locally authenticated users to escalate privileges and execute arbitrary code with Windows system-leve...

This vulnerability in Dell SupportAssist for Home PCs allows local attackers to escalate privileges during first-time installations. Only users who pe...

Dell PowerProtect Data Manager versions 19.15 and earlier contain an OS command injection vulnerability that allows remote authenticated high-privileg...

This CVE describes an OS command injection vulnerability in Dell Unity's svc_dc utility that allows authenticated attackers to execute arbitrary comma...

This CVE describes an OS command injection vulnerability in Dell Unity's svc_udoctor utility. Authenticated local attackers can execute arbitrary oper...

This CVE describes an OS command injection vulnerability in Dell Unity's svc_nas utility that allows authenticated attackers to escape the restricted ...