Dell Security Vulnerabilities (CVEs)

Dell VNX2 file storage systems running version 8.1.21.266 or earlier contain an unauthenticated remote code execution vulnerability. Attackers can exe...

Dell PowerScale OneFS versions 8.2.x through 9.2.x contain weak cryptographic algorithms that could allow a remote attacker without privileges to gain...

Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability that allows authenticated admin users to uploa...

Dell BIOS contains an improper input validation vulnerability in System Management Mode (SMM). A local authenticated attacker can exploit this via Sys...

CVE-2022-24421 is a BIOS vulnerability in Dell systems where improper input validation allows a local authenticated attacker to execute arbitrary code...

This CVE describes an improper input validation vulnerability in Dell BIOS that allows a local authenticated malicious user to exploit System Manageme...

Dell VNX2 OE for File versions 8.1.21.266 and earlier contain a sensitive information disclosure vulnerability that allows local malicious users to re...

Dell VNX2 OE for File versions 8.1.21.266 and earlier contain an authenticated remote code execution vulnerability. A malicious user with valid creden...

This CVE describes a stack-based buffer overflow vulnerability in Dell iDRAC9 and iDRAC8 remote management controllers. An authenticated attacker with...

Dell BIOS contains an improper input validation vulnerability that allows a local authenticated malicious user to exploit System Management Interrupt ...

Dell EMC System Update versions 1.9.2 and earlier store user credentials insecurely, allowing local attackers with user privileges to read passwords. ...

Dell EMC AppSync versions 3.9 to 4.3 transmit sensitive session information via GET request query strings, which can be intercepted by adjacent attack...

Dell EMC AppSync versions 3.9 to 4.3 have an authentication rate limiting vulnerability that allows adjacent unauthenticated attackers to perform pass...

Dell PowerPath Management Appliance versions 2.6 through 3.2 use hard-coded cryptographic keys, allowing local high-privileged malicious users to decr...

CVE-2021-36328 is a SQL injection vulnerability in Dell EMC Streaming Data Platform that allows remote attackers to execute arbitrary SQL commands. Th...

Dell EMC Streaming Data Platform versions before 1.3 contain an insufficient session expiration vulnerability that allows remote unauthenticated attac...

Dell EMC CloudLink versions 7.1 and earlier contain an arbitrary file creation vulnerability that allows remote unauthenticated attackers to create ar...

This SQL injection vulnerability in Dell iDRAC9 allows authenticated low-privilege users to execute arbitrary SQL commands. Attackers could potentiall...

CVE-2021-36306 is an authentication bypass vulnerability in Dell Networking OS10's RESTCONF API that allows remote unauthenticated attackers to gain u...

Dell Networking X-Series switches with firmware versions before 3.0.1.8 contain an authentication bypass vulnerability. Remote attackers can forge ses...

Dell EMC Secure Connect Gateway (SCG) versions 5.00.00.10 and earlier contain a sensitive information disclosure vulnerability. A local malicious user...

Dell EMC InsightIQ versions before 4.1.4 use weak cryptographic algorithms in SSH, allowing unauthenticated attackers to bypass authentication and gai...

Dell BIOS contains an improper input validation vulnerability that allows a local authenticated attacker to execute arbitrary code in SMRAM via System...

Dell SupportAssist Client Consumer versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability. Attackers can exploit NTFS symbolic li...

Dell PowerScale OneFS versions 8.2.2 through 9.1.0.x have a vulnerability where sensitive data can be exposed through GET requests containing sensitiv...

Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 expose sensitive information in log files. Local users with specific privileges (ISI_PR...

Dell EMC PowerScale OneFS versions 8.2.x through 9.2.x contain an incorrect permission assignment vulnerability that allows users with SSH or console ...

This vulnerability allows authenticated users with SSH or console login privileges on Dell PowerScale OneFS systems to elevate their privileges beyond...

Dell EMC Data Protection Search and IDPA contain an information exposure vulnerability where sensitive user credentials are logged in plain text. A lo...

This vulnerability allows a local authenticated malicious user to execute arbitrary code on systems running vulnerable versions of Dell Command | Upda...

Dell PowerScale OneFS versions 8.1.0 through 9.1.0 contain an incorrect user management vulnerability that allows CompAdmin users to elevate privilege...

This vulnerability allows attackers to spoof their UID over NFS to gain write access to the admin home directory on affected Dell Isilon/PowerScale sy...

This vulnerability allows a locally authenticated low-privileged user to load arbitrary DLLs through Dell SupportAssist, leading to privilege escalati...

Dell EMC Repository Manager (DRM) version 3.2 stores proxy server passwords in plain text in a local database. This allows any authenticated local use...

This XXE vulnerability in Dell EMC Avamar Server and IDPA allows remote unauthenticated attackers to cause denial of service or information disclosure...

CVE-2021-21558 is an information disclosure vulnerability in Dell EMC NetWorker backup software where local administrators can read LDAP credentials f...

CVE-2021-21549 is a Cross-Site Request Forgery (CSRF) vulnerability in Dell EMC XtremIO XMS management software. It allows attackers to trick authenti...

CVE-2021-21505 is a critical vulnerability in Dell EMC Integrated System for Microsoft Azure Stack Hub where an undocumented default iDRAC account exi...