| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-24413 |
367 |
|
|
2022-04-12 |
2022-04-20 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss. |
|
2 |
CVE-2021-43590 |
312 |
|
|
2022-03-04 |
2022-03-12 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. |
|
3 |
CVE-2021-36286 |
22 |
|
Dir. Trav. |
2021-09-28 |
2021-10-01 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin. |
|
4 |
CVE-2021-21543 |
79 |
|
Exec Code XSS |
2021-04-30 |
2021-05-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. |
|
5 |
CVE-2021-21542 |
79 |
|
Exec Code XSS |
2021-04-30 |
2021-05-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. |
|
6 |
CVE-2021-21515 |
79 |
|
XSS |
2021-03-01 |
2021-03-08 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessions or to trick a victim application user to unknowingly send arbitrary requests to the server. |
|
7 |
CVE-2021-21512 |
200 |
|
+Info |
2021-02-19 |
2021-02-25 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account. |
|
8 |
CVE-2020-35170 |
79 |
|
XSS |
2021-01-05 |
2021-01-08 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users’ sessions. |
|
9 |
CVE-2020-29497 |
79 |
|
Exec Code XSS |
2021-01-04 |
2021-01-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code under the device tag. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. |
|
10 |
CVE-2020-29496 |
79 |
|
Exec Code XSS |
2021-01-04 |
2021-01-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with high privileges could exploit this vulnerability to store malicious HTML or JavaScript code while creating the Enduser. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. |
|
11 |
CVE-2020-5317 |
79 |
|
Exec Code XSS |
2020-02-06 |
2020-02-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. |
|
12 |
CVE-2019-18588 |
79 |
|
XSS |
2020-01-10 |
2020-01-22 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions. |
|
13 |
CVE-2019-18571 |
79 |
|
Exec Code XSS |
2019-12-18 |
2020-08-31 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a reflected cross-site scripting vulnerability in the My Access Live module [MAL]. An authenticated malicious local user could potentially exploit this vulnerability by sending crafted URL with scripts. When victim users access the module through their browsers, the malicious code gets injected and executed by the web browser in the context of the vulnerable web application. |
|
14 |
CVE-2019-3770 |
79 |
|
Exec Code XSS |
2020-03-13 |
2020-03-18 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. |
|
15 |
CVE-2019-3769 |
79 |
|
Exec Code XSS |
2020-03-13 |
2020-03-18 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. |
|
16 |
CVE-2019-3761 |
79 |
|
Exec Code XSS |
2019-09-11 |
2020-08-31 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the stored malicious code would gets executed by the web browser in the context of the vulnerable web application. |
|
17 |
CVE-2019-3750 |
59 |
|
|
2019-12-03 |
2019-12-10 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly. |
|
18 |
CVE-2019-3749 |
59 |
|
|
2019-12-03 |
2019-12-10 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly. |
|
19 |
CVE-2018-15772 |
400 |
|
|
2018-11-13 |
2019-02-04 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI. |
|
20 |
CVE-2018-11076 |
|
|
+Info |
2018-11-26 |
2020-08-24 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users. |
|
21 |
CVE-2018-11050 |
319 |
|
|
2018-08-01 |
2019-10-03 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. An unauthenticated attacker in the same network collision domain, could potentially sniff the password from the network and use it to access the component using the privileges of the compromised user. |
|
22 |
CVE-2018-1202 |
79 |
|
XSS |
2018-03-26 |
2018-04-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. |
|
23 |
CVE-2018-1201 |
79 |
|
XSS |
2018-03-26 |
2018-04-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. |
|
24 |
CVE-2018-1189 |
79 |
|
XSS |
2018-03-26 |
2018-04-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. |
|
25 |
CVE-2018-1188 |
79 |
|
XSS |
2018-03-26 |
2018-04-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. |
|
26 |
CVE-2018-1187 |
79 |
|
XSS |
2018-03-26 |
2018-04-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. |
|
27 |
CVE-2018-1186 |
79 |
|
XSS |
2018-03-26 |
2018-04-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. |
|
28 |
CVE-2011-4436 |
79 |
|
XSS |
2011-11-12 |
2011-11-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface on the Dell KACE K2000 System Deployment Appliance allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
