CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Dell : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-36340 532 2021-11-20 2021-11-23
2.1
None Local Low Not required Partial None None
Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.
2 CVE-2021-36335 20 2021-11-23 2021-11-27
6.5
None Remote Low ??? Partial Partial Partial
Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, leading to execution of arbitrary files on the server
3 CVE-2021-36334 1236 Exec Code 2021-11-23 2021-11-27
6.0
None Remote Medium ??? Partial Partial Partial
Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine
4 CVE-2021-36333 120 Overflow 2021-11-23 2021-11-27
2.1
None Local Low Not required None None Partial
Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low privileged attacker, may potentially exploit this vulnerability, leading to an application crash.
5 CVE-2021-36332 601 2021-11-23 2021-11-27
4.9
None Remote Medium ??? Partial Partial None
Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites.
6 CVE-2021-36319 668 +Priv 2021-11-20 2021-11-23
2.1
None Local Low Not required Partial None None
Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages.
7 CVE-2021-36314 2021-11-23 2021-11-27
7.5
None Remote Low Not required Partial Partial Partial
Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. A remote unauthenticated attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary files on the end user system.
8 CVE-2021-36313 78 Exec Code 2021-11-23 2021-11-24
9.0
None Remote Low ??? Complete Complete Complete
Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it may be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.
9 CVE-2021-36312 259 +Priv 2021-11-23 2021-11-24
8.5
None Remote Medium ??? Complete Complete Complete
Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit this vulnerability to gain unauthorized access to the system.
10 CVE-2021-36311 863 2021-11-23 2021-11-27
4.6
None Local Low Not required Partial Partial Partial
Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it.
11 CVE-2021-36310 400 DoS 2021-11-20 2021-11-23
6.8
None Remote Low ??? None None Complete
Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service.
12 CVE-2021-36309 200 +Info 2021-10-01 2021-10-08
4.0
None Remote Low ??? Partial None None
Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks.
13 CVE-2021-36308 288 Bypass 2021-11-20 2021-11-23
9.3
None Remote Medium Not required Complete Complete Complete
Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.
14 CVE-2021-36307 269 +Priv 2021-11-20 2021-11-23
8.5
None Remote Medium ??? Complete Complete Complete
Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system.
15 CVE-2021-36306 287 Bypass 2021-11-20 2021-11-23
9.3
None Remote Medium Not required Complete Complete Complete
Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.
16 CVE-2021-36305 863 DoS 2021-11-12 2021-11-17
4.0
None Remote Low ??? None None Partial
Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB.
17 CVE-2021-36301 787 Overflow 2021-11-23 2021-11-29
6.5
None Remote Low ??? Partial Partial Partial
Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system.
18 CVE-2021-36300 89 Sql 2021-11-23 2021-11-26
6.4
None Remote Low Not required Partial None Partial
iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability by sending a specially crafted malicious request to crash the webserver or cause information disclosure.
19 CVE-2021-36299 89 DoS Sql 2021-11-23 2021-11-27
5.5
None Remote Low ??? Partial None Partial
Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application.
20 CVE-2021-36297 426 2021-09-28 2021-10-07
4.4
None Local Medium Not required Partial Partial Partial
SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll's,
21 CVE-2021-36286 22 Dir. Trav. 2021-09-28 2021-10-01
3.6
None Local Low Not required None Partial Partial
Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin.
22 CVE-2021-36282 755 +Priv 2021-08-16 2021-08-25
2.1
None Local Low Not required Partial None None
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions.
23 CVE-2021-36281 732 2021-08-16 2021-08-25
6.5
None Remote Low ??? Partial Partial Partial
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges.
24 CVE-2021-36280 732 2021-08-16 2021-08-25
2.1
None Local Low Not required Partial None None
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.
25 CVE-2021-36279 732 2021-08-16 2021-08-24
7.2
None Local Low Not required Complete Complete Complete
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.
26 CVE-2021-36278 532 2021-08-16 2021-08-25
2.1
None Local Low Not required Partial None None
Dell EMC PowerScale OneFS versions 8.2.x and 9.1.0.x contain an insertion of sensitive information into log files vulnerability. This means a malicious actor with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges can access privileged information.
27 CVE-2021-36277 347 Exec Code 2021-08-09 2021-08-17
7.2
None Local Low Not required Complete Complete Complete
Dell Command Update, Dell Update, and Alienware Update versions prior to 4.3 contains a Improper Certificate Verification vulnerability. A local authenticated malicious user could exploit this vulnerability by modifying local configuration files in order to execute arbitrary code on the system.
28 CVE-2021-36276 552 DoS 2021-08-09 2021-08-17
4.6
None Local Low Not required Partial Partial Partial
Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
29 CVE-2021-21601 532 2021-08-10 2021-08-18
2.1
None Local Low Not required Partial None None
Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.
30 CVE-2021-21600 772 DoS 2021-08-10 2021-08-18
4.0
None Remote Low ??? None None Partial
Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. An authorized API user could potentially exploit this vulnerability via the web and desktop user interfaces, leading to denial of service in the manageability path.
31 CVE-2021-21599 78 2021-08-16 2021-08-25
4.6
None Local Low Not required Partial Partial Partial
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.
32 CVE-2021-21596 200 Exec Code +Info 2021-08-09 2021-08-13
5.8
None Local Network Low Not required Partial Partial Partial
Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability leading to information disclosure and a possible elevation of privileges.
33 CVE-2021-21595 77 2021-08-16 2021-08-25
4.6
None Local Low Not required Partial Partial Partial
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.
34 CVE-2021-21594 598 2021-08-16 2021-08-25
5.0
None Remote Low Not required Partial None None
Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity.
35 CVE-2021-21592 755 2021-08-16 2021-08-25
4.0
None Remote Low ??? Partial None None
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure.
36 CVE-2021-21591 200 +Priv +Info 2021-07-12 2021-07-14
4.6
None Local Low Not required Partial Partial Partial
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
37 CVE-2021-21590 200 +Priv +Info 2021-07-12 2021-07-14
4.6
None Local Low Not required Partial Partial Partial
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
38 CVE-2021-21589 2021-07-12 2021-07-14
4.6
None Local Low Not required Partial Partial Partial
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user could potentially exploit this vulnerability to escalate privileges.
39 CVE-2021-21588 345 2021-07-12 2021-07-14
4.3
None Remote Medium Not required None Partial None
Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead to configuration changes.
40 CVE-2021-21587 200 +Info 2021-07-15 2021-07-31
2.1
None Local Low Not required Partial None None
Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders.
41 CVE-2021-21586 22 Dir. Trav. 2021-07-15 2021-07-31
6.8
None Remote Low ??? Complete None None
Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system.
42 CVE-2021-21585 78 Exec Code 2021-08-09 2021-08-13
9.0
None Remote Low ??? Complete Complete Complete
Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands.
43 CVE-2021-21584 200 +Info 2021-08-09 2021-08-13
4.0
None Remote Low ??? Partial None None
Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials.
44 CVE-2021-21581 79 XSS 2021-08-03 2021-08-09
4.3
None Remote Medium Not required None Partial None
Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
45 CVE-2021-21580 74 2021-08-03 2021-08-09
4.3
None Remote Medium Not required None Partial None
Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message is legitimate.
46 CVE-2021-21579 601 2021-08-03 2021-08-09
5.8
None Remote Medium Not required Partial Partial None
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
47 CVE-2021-21578 601 2021-08-03 2021-08-09
5.8
None Remote Medium Not required Partial Partial None
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
48 CVE-2021-21577 79 XSS 2021-08-03 2021-08-09
4.3
None Remote Medium Not required None Partial None
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
49 CVE-2021-21576 79 XSS 2021-08-03 2021-08-09
4.3
None Remote Medium Not required None Partial None
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
50 CVE-2021-21570 78 2021-09-28 2021-10-01
4.0
None Remote Low ??? Partial None None
Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.
Total number of vulnerabilities : 328   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.