CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Dell : Security Vulnerabilities (CVSS score between 3 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-24413 367 2022-04-12 2022-04-20
3.3
None Local Medium Not required None Partial Partial
Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss.
2 CVE-2022-24411 668 2022-04-12 2022-04-20
4.6
None Local Low Not required Partial Partial Partial
Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees.
3 CVE-2022-23160 269 2022-04-12 2022-04-20
4.0
None Remote Low ??? None Partial None
Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files.
4 CVE-2022-23159 401 2022-04-12 2022-04-20
4.0
None Remote Low ??? None None Partial
Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity.
5 CVE-2022-23156 287 2022-04-01 2022-04-08
4.6
None Local Low Not required Partial Partial Partial
Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server.
6 CVE-2022-22560 798 2022-04-12 2022-04-20
4.9
None Local Low Not required None None Complete
Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline.
7 CVE-2022-22550 522 2022-04-12 2022-04-20
4.6
None Local Low Not required Partial Partial Partial
Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over.
8 CVE-2021-43590 312 2022-03-04 2022-03-12
3.6
None Local Low Not required Partial Partial None
Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
9 CVE-2021-36349 918 2022-01-24 2022-01-28
4.0
None Remote Low ??? Partial None None
Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts.
10 CVE-2021-36339 269 2022-01-21 2022-01-28
4.6
None Local Low Not required Partial Partial Partial
The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.
11 CVE-2021-36332 601 2021-11-23 2021-11-27
4.9
None Remote Medium ??? Partial Partial None
Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites.
12 CVE-2021-36329 639 2021-11-30 2021-12-02
4.0
None Remote Low ??? Partial None None
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information.
13 CVE-2021-36326 757 2021-11-30 2021-12-01
4.3
None Remote Medium Not required Partial None None
Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format.
14 CVE-2021-36318 522 2021-12-21 2022-01-05
4.6
None Local Low Not required Partial Partial Partial
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.
15 CVE-2021-36311 2021-11-23 2022-04-25
4.6
None Local Low Not required Partial Partial Partial
Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it.
16 CVE-2021-36309 200 +Info 2021-10-01 2021-10-08
4.0
None Remote Low ??? Partial None None
Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks.
17 CVE-2021-36305 863 DoS 2021-11-12 2021-11-17
4.0
None Remote Low ??? None None Partial
Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB.
18 CVE-2021-36297 426 2021-09-28 2021-10-07
4.4
None Local Medium Not required Partial Partial Partial
SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll's,
19 CVE-2021-36286 22 Dir. Trav. 2021-09-28 2021-10-01
3.6
None Local Low Not required None Partial Partial
Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin.
20 CVE-2021-36276 DoS 2021-08-09 2022-04-25
4.6
None Local Low Not required Partial Partial Partial
Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
21 CVE-2021-21600 772 DoS 2021-08-10 2021-08-18
4.0
None Remote Low ??? None None Partial
Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. An authorized API user could potentially exploit this vulnerability via the web and desktop user interfaces, leading to denial of service in the manageability path.
22 CVE-2021-21599 78 2021-08-16 2021-08-25
4.6
None Local Low Not required Partial Partial Partial
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.
23 CVE-2021-21595 77 2021-08-16 2021-08-25
4.6
None Local Low Not required Partial Partial Partial
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.
24 CVE-2021-21592 755 2021-08-16 2021-08-25
4.0
None Remote Low ??? Partial None None
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure.
25 CVE-2021-21591 200 +Priv +Info 2021-07-12 2021-07-14
4.6
None Local Low Not required Partial Partial Partial
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
26 CVE-2021-21590 200 +Priv +Info 2021-07-12 2021-07-14
4.6
None Local Low Not required Partial Partial Partial
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
27 CVE-2021-21589 2021-07-12 2021-07-14
4.6
None Local Low Not required Partial Partial Partial
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user could potentially exploit this vulnerability to escalate privileges.
28 CVE-2021-21588 345 2021-07-12 2021-07-14
4.3
None Remote Medium Not required None Partial None
Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead to configuration changes.
29 CVE-2021-21584 200 +Info 2021-08-09 2021-08-13
4.0
None Remote Low ??? Partial None None
Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials.
30 CVE-2021-21581 79 XSS 2021-08-03 2021-08-09
4.3
None Remote Medium Not required None Partial None
Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
31 CVE-2021-21580 74 2021-08-03 2021-08-09
4.3
None Remote Medium Not required None Partial None
Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message is legitimate.
32 CVE-2021-21577 79 XSS 2021-08-03 2021-08-09
4.3
None Remote Medium Not required None Partial None
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
33 CVE-2021-21576 79 XSS 2021-08-03 2021-08-09
4.3
None Remote Medium Not required None Partial None
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
34 CVE-2021-21570 78 2021-09-28 2021-10-01
4.0
None Remote Low ??? Partial None None
Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.
35 CVE-2021-21569 22 Dir. Trav. 2021-09-28 2021-10-01
4.0
None Remote Low ??? Partial None None
Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.
36 CVE-2021-21568 2021-08-16 2022-05-03
4.0
None Remote Low ??? None Partial None
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISI_PRIV_LOGIN_PAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change.
37 CVE-2021-21567 269 2021-08-10 2022-04-26
4.6
None Local Low Not required Partial Partial Partial
Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege.
38 CVE-2021-21563 754 DoS 2021-08-03 2021-08-11
4.0
None Remote Low ??? None None Partial
Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper Check for Unusual or Exceptional Conditions in its auditing component.This can lead to an authenticated user with low-privileges to trigger a denial of service event.
39 CVE-2021-21551 863 DoS 2021-05-04 2021-05-27
4.6
None Local Low Not required Partial Partial Partial
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
40 CVE-2021-21544 669 2021-04-30 2021-05-10
4.0
None Remote Low ??? None Partial None
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user.
41 CVE-2021-21543 79 Exec Code XSS 2021-04-30 2021-05-10
3.5
None Remote Medium ??? None Partial None
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.
42 CVE-2021-21542 79 Exec Code XSS 2021-04-30 2021-05-10
3.5
None Remote Medium ??? None Partial None
Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.
43 CVE-2021-21541 79 Exec Code XSS 2021-04-30 2021-05-10
4.3
None Remote Medium Not required None Partial None
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application.
44 CVE-2021-21539 367 +Priv 2021-04-30 2021-05-10
4.6
None Remote High ??? Partial Partial Partial
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface.
45 CVE-2021-21533 20 DoS 2021-04-02 2021-04-08
4.0
None Remote Low ??? None None Partial
Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job details
46 CVE-2021-21531 669 Bypass 2021-04-30 2021-05-10
4.6
None Local Low Not required Partial Partial Partial
Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.
47 CVE-2021-21529 400 DoS 2021-04-02 2021-04-08
4.9
None Local Low Not required None None Complete
Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to cause the system to run out of memory by running multiple instances of the vulnerable application.
48 CVE-2021-21515 79 XSS 2021-03-01 2021-03-08
3.5
None Remote Medium ??? None Partial None
Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessions or to trick a victim application user to unknowingly send arbitrary requests to the server.
49 CVE-2021-21514 22 Dir. Trav. 2021-03-02 2021-03-09
4.0
None Remote Low ??? Partial None None
Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request.
50 CVE-2021-21512 200 +Info 2021-02-19 2021-02-25
3.6
None Local Low Not required Partial Partial None
Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account.
Total number of vulnerabilities : 114   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.