Dell Security Vulnerabilities (CVEs)

This vulnerability allows authenticated attackers to execute arbitrary operating system commands with root privileges on Dell Unity storage systems. I...

This vulnerability allows authenticated attackers to escape the restricted shell in Dell Unity's svc_cava utility and execute arbitrary operating syst...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands with elevated privileges on Dell Unity storage system...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands with elevated privileges on Dell Unity storage system...

Dell Display Manager version 2.1.1.17 contains a privilege escalation vulnerability where low-privileged users can execute arbitrary code during insta...

Dell Data Protection Search versions 19.2.0 and above expose LDAP passwords in plain text through the LdapSettings.get_ldap_info function. This allows...

This vulnerability in Dell BSAFE cryptographic libraries allows attackers to potentially bypass security controls or decrypt sensitive data when crypt...

Dell PowerScale OneFS versions 8.2.x through 9.6.0.x have incorrect default permissions that allow local low-privileged users to cause denial of servi...

This CVE describes an OS command injection vulnerability in Dell PowerProtect DD's administrator CLI. A remote attacker with high privileges can execu...

Dell vApp Manager versions prior to 9.2.4.x contain a command injection vulnerability (CWE-78) that allows remote authenticated users with high privil...

Dell vApp Manager versions prior to 9.2.4.x contain a command injection vulnerability (CWE-78) that allows remote attackers with high privileges to ex...

CVE-2023-48660 is an arbitrary file read vulnerability in Dell vApp Manager that allows remote attackers to read arbitrary files from the target syste...

This vulnerability allows a local malicious user with low privileges on Dell PowerProtect DD systems to escalate their privileges, potentially gaining...

This CVE describes an OS command injection vulnerability in Dell PowerProtect DD's CLI that allows local low-privileged attackers to execute arbitrary...

Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contain an improper resource lifetime control vulnerability. An unauthenticated network attacke...

Dell PowerProtect Data Manager DM5500 appliances running version 5.14.0.0 and earlier contain an improper authentication vulnerability (CWE-287). Remo...

CVE-2023-44305 is a stack-based buffer overflow vulnerability in Dell DM5500 appliances that allows unauthenticated remote attackers to crash services...

Dell DM5500 5.14.0.0 contains an OS command injection vulnerability that allows authenticated attackers with high privileges to execute arbitrary oper...

Dell Command | Monitor versions before 10.10.0 contain an improper access control vulnerability that allows a local standard user to escalate privileg...

Dell Command | Configure versions before 4.11.0 have an improper access control vulnerability that allows local malicious users to modify files during...

Dell Unity storage systems prior to version 5.3 contain a man-in-the-middle vulnerability in the vmadapter component. Attackers can spoof vCenter cert...

This vulnerability in Dell OS Recovery Tool allows local authenticated non-administrator users to bypass access controls and gain elevated privileges ...

Dell ELab-Navigator version 3.1.9 contains hard-coded credentials that allow local attackers to gain unauthorized access to sensitive data. This vulne...

Dell PowerScale OneFS versions 8.2.x through 9.5.0.x contain an improper permission handling vulnerability that allows low-privileged remote attackers...

This vulnerability in Dell OpenManage Server Administrator allows local low-privileged users to execute arbitrary code and elevate privileges due to i...

Dell SmartFabric Storage Software v1.4 and earlier contains an OS command injection vulnerability in the CLI's 'more' command. Authenticated attackers...

Dell SmartFabric Storage Software v1.4 and earlier contain an OS command injection vulnerability in the CLI. An authenticated local attacker can injec...

This vulnerability in Dell Common Event Enabler allows local low-privileged users to bypass access controls and gain elevated privileges on affected W...

Dell NetWorker 19.7 has an improper authorization vulnerability in its client component. An unauthenticated attacker on the same network can manipulat...

CVE-2023-3039 is an improper access control vulnerability in SD ROM Utility that allows low-privileged users to execute arbitrary code with limited ac...

This vulnerability allows a local malicious user to exploit insecure deserialization in Dell Alienware Command Center to execute arbitrary code on the...

Dell PowerScale OneFS versions 8.2.2.x through 9.5.0.x contain an improper privilege management vulnerability. A remote attacker with low privileges c...

Dell PowerScale OneFS versions 8.2.x through 9.5.0.x contain a local privilege escalation vulnerability. A low-privileged local attacker could exploit...

Dell PowerScale OneFS versions 8.2x through 9.5x contain a local privilege escalation vulnerability. A local attacker with existing high privileges ca...

Dell PowerScale OneFS versions 9.5.0.x have a vulnerability where SNMPv3 logs sensitive information that low-privilege users can access. This allows u...

Dell PowerScale OneFS versions 9.5.0.x contain a protection mechanism bypass vulnerability that allows unprivileged remote attackers to potentially ex...

Dell PowerScale OneFS 9.5.x contains a local privilege escalation vulnerability that allows low-privileged local attackers to gain higher privileges o...

Dell XtremIO X2 XMS versions before 6-4-1.11 have an improper access control vulnerability where remote read-only users can perform add/delete QoS pol...

Dell BIOS contains an authentication bypass vulnerability that allows a local attacker with physical or administrative access to bypass security contr...

This vulnerability allows attackers to bypass cryptographic signature verification in Dell PowerStore storage systems. By tricking a high-privileged u...

CVE-2023-32465 is an authentication bypass vulnerability in Dell PowerProtect Cyber Recovery that allows attackers to gain unauthorized admin access t...

This vulnerability in Dell OS Recovery Tool allows local authenticated non-administrator users to elevate their privileges on the system. It affects v...

CVE-2023-28079 is an insecure file and folder permissions vulnerability in Dell PowerPath for Windows that allows non-admin users to escalate privileg...

Dell Display Manager versions 2.1.0 and earlier contain a privilege escalation vulnerability during installation. A local attacker with low privileges...

Dell Trusted Device Agent versions before 5.3.0 have improper installation permissions that allow an unauthenticated local attacker to escalate privil...

Dell PowerScale OneFS versions 8.2.x through 9.5.0.x contain a local privilege escalation vulnerability. A low-privileged local attacker could exploit...

This vulnerability allows a local malicious user with high privileges to exploit improper SMM communication buffer verification in Dell PowerEdge and ...