| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-29094 |
22 |
|
Dir. Trav. |
2022-06-10 |
2022-06-17 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system. |
|
2 |
CVE-2022-29093 |
22 |
|
Dir. Trav. |
2022-06-10 |
2022-06-17 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system. |
|
3 |
CVE-2022-29091 |
79 |
|
Exec Code XSS |
2022-05-26 |
2022-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. |
|
4 |
CVE-2022-29085 |
522 |
|
+Priv |
2022-06-02 |
2022-06-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. |
|
5 |
CVE-2022-29082 |
295 |
|
|
2022-05-26 |
2022-06-08 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates. |
|
6 |
CVE-2022-26866 |
79 |
|
Exec Code XSS |
2022-06-02 |
2022-06-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. |
|
7 |
CVE-2022-26856 |
522 |
|
|
2022-04-21 |
2022-05-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account. |
|
8 |
CVE-2022-26855 |
276 |
|
DoS |
2022-04-08 |
2022-04-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service. |
|
9 |
CVE-2022-24414 |
200 |
|
+Info |
2022-05-26 |
2022-06-07 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks. |
|
10 |
CVE-2022-24413 |
367 |
|
|
2022-04-12 |
2022-04-20 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss. |
|
11 |
CVE-2022-24411 |
668 |
|
|
2022-04-12 |
2022-04-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees. |
|
12 |
CVE-2022-23163 |
668 |
|
DoS |
2022-04-12 |
2022-04-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability. |
|
13 |
CVE-2022-23160 |
269 |
|
|
2022-04-12 |
2022-04-20 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files. |
|
14 |
CVE-2022-23159 |
401 |
|
|
2022-04-12 |
2022-04-20 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity. |
|
15 |
CVE-2022-23158 |
200 |
|
+Info |
2022-04-01 |
2022-04-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server |
|
16 |
CVE-2022-23157 |
200 |
|
+Info |
2022-04-01 |
2022-04-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A authenticated malicious user could potentially exploit this vulnerability in order to view sensitive information from the WMS Server. |
|
17 |
CVE-2022-23156 |
287 |
|
|
2022-04-01 |
2022-04-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server. |
|
18 |
CVE-2022-22563 |
|
|
|
2022-04-08 |
2022-04-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes. |
|
19 |
CVE-2022-22560 |
798 |
|
|
2022-04-12 |
2022-04-20 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline. |
|
20 |
CVE-2022-22554 |
522 |
|
|
2022-01-24 |
2022-01-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading to the disclosure of user passwords. |
|
21 |
CVE-2022-22550 |
522 |
|
|
2022-04-12 |
2022-04-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over. |
|
22 |
CVE-2021-43590 |
312 |
|
|
2022-03-04 |
2022-03-12 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. |
|
23 |
CVE-2021-36349 |
918 |
|
|
2022-01-24 |
2022-01-28 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts. |
|
24 |
CVE-2021-36341 |
200 |
|
+Info |
2021-12-21 |
2021-12-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A local authenticated user with low privileges could potentially exploit this vulnerability in order to access sensitive information. |
|
25 |
CVE-2021-36340 |
532 |
|
|
2021-11-20 |
2021-11-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it. |
|
26 |
CVE-2021-36339 |
269 |
|
|
2022-01-21 |
2022-01-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance. |
|
27 |
CVE-2021-36333 |
120 |
|
Overflow |
2021-11-23 |
2021-11-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low privileged attacker, may potentially exploit this vulnerability, leading to an application crash. |
|
28 |
CVE-2021-36332 |
601 |
|
|
2021-11-23 |
2021-11-27 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites. |
|
29 |
CVE-2021-36329 |
639 |
|
|
2021-11-30 |
2021-12-02 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information. |
|
30 |
CVE-2021-36326 |
757 |
|
|
2021-11-30 |
2021-12-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format. |
|
31 |
CVE-2021-36319 |
668 |
|
+Priv |
2021-11-20 |
2021-11-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages. |
|
32 |
CVE-2021-36318 |
522 |
|
|
2021-12-21 |
2022-01-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage. |
|
33 |
CVE-2021-36317 |
256 |
|
|
2021-12-21 |
2022-01-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. |
|
34 |
CVE-2021-36311 |
|
|
|
2021-11-23 |
2022-04-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. |
|
35 |
CVE-2021-36309 |
200 |
|
+Info |
2021-10-01 |
2021-10-08 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks. |
|
36 |
CVE-2021-36305 |
863 |
|
DoS |
2021-11-12 |
2021-11-17 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB. |
|
37 |
CVE-2021-36297 |
426 |
|
|
2021-09-28 |
2021-10-07 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll's, |
|
38 |
CVE-2021-36286 |
22 |
|
Dir. Trav. |
2021-09-28 |
2021-10-01 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin. |
|
39 |
CVE-2021-36282 |
908 |
|
+Priv |
2021-08-16 |
2022-05-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions. |
|
40 |
CVE-2021-36280 |
732 |
|
|
2021-08-16 |
2021-08-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. |
|
41 |
CVE-2021-36278 |
532 |
|
|
2021-08-16 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access sensitive information. If any third-party consumes those logs, the same sensitive information is available to those systems as well. |
|
42 |
CVE-2021-36276 |
|
|
DoS |
2021-08-09 |
2022-04-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. |
|
43 |
CVE-2021-21601 |
532 |
|
|
2021-08-10 |
2021-08-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. |
|
44 |
CVE-2021-21600 |
772 |
|
DoS |
2021-08-10 |
2021-08-18 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. An authorized API user could potentially exploit this vulnerability via the web and desktop user interfaces, leading to denial of service in the manageability path. |
|
45 |
CVE-2021-21599 |
78 |
|
|
2021-08-16 |
2021-08-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. |
|
46 |
CVE-2021-21595 |
77 |
|
|
2021-08-16 |
2021-08-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. |
|
47 |
CVE-2021-21592 |
755 |
|
|
2021-08-16 |
2021-08-25 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure. |
|
48 |
CVE-2021-21591 |
200 |
|
+Priv +Info |
2021-07-12 |
2021-07-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. |
|
49 |
CVE-2021-21590 |
200 |
|
+Priv +Info |
2021-07-12 |
2021-07-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. |
|
50 |
CVE-2021-21589 |
|
|
|
2021-07-12 |
2021-07-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user could potentially exploit this vulnerability to escalate privileges. |
