Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-7270

Summary
Assigner-certcc
Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b
Published At-10 Apr, 2017 | 03:00
Updated At-06 Aug, 2024 | 07:43
Rejected At-
Credits

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:certcc
Assigner Org ID:37e5125f-f79b-445b-8fad-9564f167944b
Published At:10 Apr, 2017 | 03:00
Updated At:06 Aug, 2024 | 07:43
Rejected At:
▼CVE Numbering Authority (CNA)

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.

Affected Products
Vendor
n/a
Product
Dell Integrated Remote Access Controller (iDRAC)
Versions
Affected
  • Dell Integrated Remote Access Controller (iDRAC)
Problem Types
TypeCWE IDDescription
textN/Adirectory traversal
Type: text
CWE ID: N/A
Description: directory traversal
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/97521
vdb-entry
x_refsource_BID
http://en.community.dell.com/techcenter/extras/m/white_papers/20441859
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/97521
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://en.community.dell.com/techcenter/extras/m/white_papers/20441859
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/97521
vdb-entry
x_refsource_BID
x_transferred
http://en.community.dell.com/techcenter/extras/m/white_papers/20441859
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/97521
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://en.community.dell.com/techcenter/extras/m/white_papers/20441859
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cret@cert.org
Published At:10 Apr, 2017 | 03:59
Updated At:20 Apr, 2025 | 01:37

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Dell Inc.
dell
>>integrated_remote_access_controller_firmware>>Versions up to 2.20.20.20(inclusive)
cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>integrated_remote_access_controller_7>>-
cpe:2.3:h:dell:integrated_remote_access_controller_7:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>integrated_remote_access_controller_8>>-
cpe:2.3:h:dell:integrated_remote_access_controller_8:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>integrated_remote_access_controller_firmware>>Versions up to 1.99(inclusive)
cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>integrated_remote_access_controller_6>>-
cpe:2.3:h:dell:integrated_remote_access_controller_6:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://en.community.dell.com/techcenter/extras/m/white_papers/20441859cret@cert.org
Vendor Advisory
http://www.securityfocus.com/bid/97521cret@cert.org
Third Party Advisory
VDB Entry
http://en.community.dell.com/techcenter/extras/m/white_papers/20441859af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/97521af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://en.community.dell.com/techcenter/extras/m/white_papers/20441859
Source: cret@cert.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/97521
Source: cret@cert.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://en.community.dell.com/techcenter/extras/m/white_papers/20441859
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/97521
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

120Records found
CVE-2019-3744
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.57%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 19:13
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryAlienware Digital DeliveryDell Digital Delivery
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2017-4983
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 24.32%
||
7 Day CHG~0.00%
Published-04 May, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system.

Action-Not Available
Vendor-n/aDell Inc.
Product-emc_data_domain_osEMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0
CVE-2019-3704
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.39%
||
7 Day CHG~0.00%
Published-07 Feb, 2019 | 19:00
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.

Action-Not Available
Vendor-Dell Inc.
Product-emc_vnx2_firmwareemc_vnx2VNX Control Station in Dell EMC VNX2 OE for File
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36289
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.60%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 22:15
Updated-17 Sep, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.

Action-Not Available
Vendor-Dell Inc.
Product-vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX Control Station
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-36311
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.04% / 9.61%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 20:00
Updated-16 Sep, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-285
Improper Authorization
CVE-2021-36276
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.37%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 21:05
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Action-Not Available
Vendor-Dell Inc.
Product-dbutildrv2.sys_firmwaredbutil
CWE ID-CWE-285
Improper Authorization
CVE-2021-36339
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.85%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 20:15
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermax_virtual_applianceunisphere_for_powermaxvasasolutions_enabler_virtual_appliancepowermax_ossolutions_enablerunisphere_360Solutions Enabler vApp
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2021-36293
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.13% / 33.36%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 19:50
Updated-17 Sep, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-vnxe1600vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-36318
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 18.85%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:05
Updated-17 Sep, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.

Action-Not Available
Vendor-Dell Inc.
Product-emc_avamar_serverAvamar
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-3742
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.56%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 19:12
Updated-17 Sep, 2024 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an executable with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryAlienware Digital DeliveryDell Digital Delivery
CVE-2019-3741
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.61%
||
7 Day CHG~0.00%
Published-18 Jul, 2019 | 15:47
Updated-16 Sep, 2024 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentUnity
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2021-21595
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.14% / 34.19%
||
7 Day CHG-0.05%
Published-16 Aug, 2021 | 22:00
Updated-17 Sep, 2024 | 00:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-21599
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.22% / 44.47%
||
7 Day CHG-0.08%
Published-16 Aug, 2021 | 22:00
Updated-17 Sep, 2024 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36290
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.11% / 30.44%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 19:50
Updated-16 Sep, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges.

Action-Not Available
Vendor-Dell Inc.
Product-vnxe1600vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX2
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-15778
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.64%
||
7 Day CHG~0.00%
Published-04 Feb, 2019 | 22:00
Updated-17 Sep, 2024 | 02:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DSA-2019-019: Dell Networking OS10 OS Command Injection Vulnerability

Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI).

Action-Not Available
Vendor-Dell Inc.
Product-networking_os10Dell Networking OS10
CWE ID-CWE-20
Improper Input Validation
CVE-2018-15776
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.72% / 71.64%
||
7 Day CHG~0.00%
Published-13 Dec, 2018 | 22:00
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iDRAC7, iDRAC8 - Improper Error Handling

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell.

Action-Not Available
Vendor-Dell Inc.
Product-idrac7_firmwareidrac8_firmwareiDRAC
CVE-2020-29502
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.61%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-17 Sep, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerstoreemc_powerstore_firmwarePowerStore
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-5316
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.43%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 17:00
Updated-17 Sep, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsDell SupportAssist Client
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-29500
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.61%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerstoreemc_powerstore_firmwarePowerStore
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-29489
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 3.47%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_vsa_operating_environmentemc_unity_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2018-11063
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.49%
||
7 Day CHG~0.00%
Published-10 Aug, 2018 | 20:00
Updated-16 Sep, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to execute arbitrary executables with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2018-11064
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.95%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 21:00
Updated-16 Sep, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result in arbitrary code execution with elevated privileges. No user file systems are directly affected by this vulnerability.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentDell EMC UnityVSADell EMC Unity
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-11072
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.48%
||
7 Day CHG~0.00%
Published-02 Oct, 2018 | 13:00
Updated-16 Sep, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryDell Digital Delivery
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-26191
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.77%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-6856
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.62%
||
7 Day CHG~0.00%
Published-08 Jan, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call.

Action-Not Available
Vendor-n/aDell Inc.
Product-pre-boot_authentication_drivern/a
CVE-2015-0949
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.55%
||
7 Day CHG~0.00%
Published-30 Jan, 2020 | 20:45
Updated-06 Aug, 2024 | 04:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.

Action-Not Available
Vendor-HPDell Inc.HP Inc.
Product-latitude_e6430elitebook_850_g1latitude_e6430_firmwareelitebook_850_g1_firmwareLatitude E6430EliteBook 850 G1
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-29085
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.10% / 28.94%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 21:00
Updated-17 Sep, 2024 | 03:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentunityvsa_operating_environmentunity_xt_operating_environmentUnity
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-24411
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.49%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 17:50
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-378
Creation of Temporary File With Insecure Permissions
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-23156
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.04% / 11.57%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 20:00
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_device_agentDell Wyse Device Agent
CWE ID-CWE-287
Improper Authentication
CVE-2020-26192
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.77%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no non-admin users or roles have these privileges by default.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-21589
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.7||MEDIUM
EPSS-0.04% / 11.94%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 15:40
Updated-17 Sep, 2024 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user could potentially exploit this vulnerability to escalate privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentemc_unity_xt_operating_environmentUnity
CVE-2021-21531
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.14% / 35.42%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 21:10
Updated-17 Sep, 2024 | 03:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermax_virtual_applianceunisphere_for_powermaxsolutions_enabler_virtual_appliancepowermax_ossolutions_enablerUnisphere for PowerMax
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CWE ID-CWE-669
Incorrect Resource Transfer Between Spheres
CVE-2022-22550
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 8.82%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 17:50
Updated-17 Sep, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-549
Missing Password Field Masking
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2012-3537
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.24% / 46.87%
||
7 Day CHG~0.00%
Published-05 Sep, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names.

Action-Not Available
Vendor-n/aDell Inc.
Product-crowbarn/a
CVE-2020-26194
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.05% / 14.77%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-17 Sep, 2024 | 02:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to compromised cryptographic operations. Note: no non-admin users or roles have these privileges by default.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-21591
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.12% / 31.26%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 15:40
Updated-17 Sep, 2024 | 03:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-21503
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.29%
||
7 Day CHG~0.00%
Published-08 Mar, 2021 | 21:44
Updated-17 Sep, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21590
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.12% / 31.26%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 15:40
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-21567
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.91%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 19:05
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-21551
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-65.23% / 98.41%
||
7 Day CHG~0.00%
Published-04 May, 2021 | 15:15
Updated-30 Jul, 2025 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-21||Apply updates per vendor instructions.

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_5521inspiron_7706_2-in-1latitude_5520vostro_5391precision_5720_aiooptiplex_7770_aioprecision_5820_xl_towerlatitude_3440vostro_14_3458latitude_5495latitude_5401latitude_e7440xps_13_9360inspiron_3157optiplex_3046latitude_12_rugged_tablet_7212inspiron_5520vostro_3591inspiron_3880vostro_3900optiplex_7440_aiolatitude_e5540latitude_14_rugged_extreme_7414precision_3560precision_3420_towerwyse_5070precision_3520inspiron_5584inspiron_1545chengming_3990latitude_e7270_wyse_tcvostro_3584latitude_7390_2-in-1inspiron_3168latitude_3480latitude_7380inspiron_5590vostro_260inspiron_one_19inspiron_7501optiplex_7060latitude_3310_2-in-1latitude_3310latitude_7400precision_3540vostro_14_5471inspiron_7359inspiron_5548latitude_rugged_5420inspiron_5482alienware_asm100r2inspiron_7391_2-in-1latitude_12_rugged_extreme_7214precision_m6600vostro_5490inspiron_5490_aiolatitude_3490inspiron_3581precision_t7610vostro_3800thunderbolt_dock_tb18dcvostro_3560precision_3550latitude_3160optiplex_3090_ultralatitude_e6540inspiron_15-3552latitude_5420latitude_7320inspiron_3670xps_15_9560inspiron_7500_2-in-1_silverinspiron_7390optiplex_5270_aiooptiplex_7460_all-in-onelatitude_7290precision_t5600vostro_270sinspiron_5406_2-in-1inspiron_5391inspiron_3790inspiron_3520latitude_3120inspiron_3590inspiron_5737latitude_e5420xps_8700optiplex_5250_all-in-onevostro_5390latitude_e5570vostro_3900gprecision_3530latitude_e5270inspiron_5443inspiron_7591optiplex_7080latitude_3560latitude_5491vostro_3400optiplex_7040dbutilprecision_7520latitude_7420vostro_1550inspiron_5409inspiron_15_gaming_7566latitude_xt3g7_7790vostro_15_7570latitude_rugged_extreme_tablet_7220latitude_3301latitude_3410inspiron_2330optiplex_7071inspiron_14_5468inspiron_24-5475inspiron_5481_2-in-1precision_t7910vostro_5480inspiron_5498vostro_3010inspiron_3656precision_t5810inspiron_620xps_9530latitude_5490vostro_7590optiplex_5050latitude_3470latitude_7200_2-in-1latitude_3480_mobile_thin_clientvostro_3501xps_8940optiplex_fx130precision_7920_towerg3_3500precision_m4600vostro_20_3052optiplex_3011_aiooptiplexlatitude_e6530latitude_e6440vostro_3590xps_17_9700canvas_27latitude_3300precision_7550inspiron_3252optiplex_7760_aioinspiron_3501latitude_3390precision_t3500inspiron_7537vostro_3901inspiron_24-3452xps_12_9250xps_13_9380inspiron_7300vostro_5301vostro_5401optiplex_9020precision_7530latitude_7285inspiron_7490inspiron_7548latitude_e5470inspiron_17_5767chengming_3980precision_7710inspiron_5509alienware_m14xr2vostro_3481xps_9550latitude_5591latitude_3330inspiron_3481xps_13_9305inspiron_3780vostro_3669inspiron_14_gaming_7466inspiron_5537latitude_e6330optiplex_3280_aioprecision_3551xps_8900latitude_e5430inspiron_5598latitude_7400_2in1vostro_3881optiplex_7450_all-in-oneinspiron_7506_2-in-1precision_3930_xl_racklatitude_rugged_7424inspiron_5493inspiron_7558latitude_5510inspiron_5448xps_13_9310_2-in-1inspiron_7737vostro_3470inspiron_3881vostro_7500inspiron_5400_aioinspiron_3793wyse_5470vostro_3580optiplex_5040precision_3541precision_5530_2-in-1inspiron_5323inspiron_580sprecision_5510inspiron_15_7572inspiron_5423precision_3510inspiron_7437vostro_230vostro_2521xps_9350inspiron_3043inspiron_5400_2-in-1latitude_3500g7_7590latitude_e6230inspiron_7500_2-in-1_blackinspiron_15-5559latitude_3190_2-in-1chengming_3991inspiron_3443vostro_5890g7_7700precision_m6700xps_13_7390_2-in-1inspiron_3471inspiron_17-5759latitude_5288latitude_3510xps_15_9575_2-in-1optiplex_5055optiplex_3080inspiron_3437inspiron_7590_2-in-1precision_t7810optiplex_3030_aiowyse_7040_thin_clientlatitude_3450precision_3620_towerinspiron_14_gaming_7467inspiron_15zinspiron_5408inspiron_20-3052latitude_e7470xps_13_9300inspiron_3480optiplex_xe3latitude_3460_wyse_tclatitude_5300_2-in-1vostro_3500alienware_m15_r4inspiron_7380inspiron_3543precision_3930_rackinspiron_14-5459inspiron_5543g3_3579inspiron_7720optiplex_5480_aiovostro_15_3561vostro_3668embedded_box_pc_5000vostro_5581precision_5550vostro_5402xps_13_9370latitude_5280latitude_5175vostro_5880vostro_5590latitude_3150latitude_5480xps_13_9343vostro_3267xps_13_9365_2-in-1latitude_7370vostro_13_5370inspiron_3580vostro_3905precision_t1700g5_5090inspiron_5583latitude_e6220dock_wd15optiplex_990inspiron_3521inspiron_13_5370inspiron_1210inspiron_7591_2-in-1inspiron_5508optiplex_7090_ultravostro_3252inspiron_7559optiplex_3010precision_3640latitude_e6320inspiron_14-3452latitude_e7270vostro_3902dock_wd19latitude_5250xps_13_7390inspiron_5580inspiron_3490inspiron_7586inspiron_3781latitude_7280optiplex_7020optiplex_5055_ryzen_cpulatitude_3380optiplex_7050inspiron_1564precision_7510inspiron_3646vostro_14-3446precision_3440alienware_14latitude_7300precision_t3610precision_3240_cffg3_3779precision_7820_towerlatitude_rugged_5424latitude_9510precision_5530precision_t7500optiplex_3070g5_5500precision_7730optiplex_xe2inspiron_24-3455latitude_5511inspiron_3593latitude_7490latitude_e7270_mobile_thin_clientoptiplex_7480_aiothunderbolt_dock_tb16latitude_5320latitude_5580vostro_5300vostro_5591latitude_5290_2-in-1xps_27_7760inspiron_7580precision_5540xps_13_9310xps_one_2710vostro_3660latitude_5179inspiron_7790inspiron_3584latitude_5450vostro_3583inspiron_3647latitude_7210_2_in_1inspiron_5402latitude_3460inspiron_3671inspiron_3147vostro_3471inspiron_3542precision_3630_towerlatitude_e5530inspiron_14_7460alienware_m17xr4inspiron_7746vostro_270inspiron_3470inspiron_5301vostro_3888inspiron_660slatitude_5501inspiron_5676latitude_3570vostro_15_5568inspiron_5490latitude_7389precision_5820_towervostro_3070precision_7540vostro_5502inspiron_3268inspiron_3655inspiron_15_7560vostro_5491inspiron_3442precision_m4700inspiron_5491_aiolatitude_5300vostro_5501inspiron_5348latitude_7275latitude_7390inspiron_15_5567precision_7920_xl_towerlatitude_3580g5_5590inspiron_11-3162inspiron_5494g15_5510latitude_5285_2-in-1g7_7588precision_3430_towervostro_14-5459vostro_20_3055inspiron_3583inspiron_7368latitude_3350inspiron_5390optiplex_3050_aioinspiron_7472latitude_5200latitude_9410inspiron_1122chengming_3988inspiron_3537optiplex_9010optiplex_fx170inspiron_15_5566optiplex_3050inspiron_7500optiplex_5080optiplex_7010latitude_3190inspiron_5576inspiron_5570inspiron_5593latitude_e5440optiplex_5070latitude_7310optiplex_7070_ultraoptiplex_780xps_15_9570latitude_5400vostro_3671latitude_7480latitude_3400latitude_3550inspiron_3891vostro_3490optiplex_790latitude_5285precision_t5610vostro_3491latitude_7520latitude_5550precision_7720precision_7750latitude_5410vostro_3268vostro_3480inspiron_7386inspiron_7786vostro_5090inspiron_5480alienware_m18xr2latitude_14_rugged_extreme_7404vostro_5410vostro_3667latitude_5280_mobile_thin_clientlatitude_7410latitude_3590optiplex_5060inspiron_5577latitude_7350gaming_g3_3590g5_5587chengming_3977xps_7590vostro_470precision_t3600precision_7820_xl_towerinspiron_5591_2-in-1latitude_5310_2-in-1latitude_14_rugged_5414inspiron_15_gaming_7577optiplex_9030_aioinspiron_7391chengming_3967latitude_e7450latitude_3340precision_5520inspiron_5300precision_t7600latitude_5290vostro_5481cheng_ming_3967latitude_e7250inspiron_15_5582_2-in-1latitude_rugged_extreme_tablet_7220exlatitude_3180inspiron_7590latitude_12_7285inspiron_15_gaming_7567g5_5000inspiron_5502vostro_3890vostro_3681optiplex_3040inspiron_15-5565xps_15_9500latitude_e7240inspiron_7791inspiron_660latitude_5500optiplex_5055_ryzen_apualienware_asm100optiplex_7070optiplex_3020vostro_3401optiplex_5260_all-in-oneprecision_t5500wyse_5470_all-in-onealienware_17_51m_r2latitude_rugged_extreme_7424vostro_3690vostro_1450inspiron_3847precision_3431_towerinspiron_7306_2-in-1latitude_5590vostro_220sinspiron_one_2020latitude_3189latitude_e6430_atgprecision_17_m5750inspiron_7300_2-in-1inspiron_5401vostro_3670precision_7740g7_7500inspiron_3421latitude_e6430latitude_5289vostro_14_5468optiplex_5055_a-serialoptiplex_390inspiron_5491_2-in-1latitude_5488vostro_3581inspiron_7520vostro_15_7580optiplex_3060inspiron_7700inspiron_5485_2-in-1inspiron_5770precision_r5500inspiron_5594inspiron_5749precision_3430_xlinspiron_3048inspiron_7400inspiron_5501alienware_area_51inspiron_3493optiplex_3240_all-in-onelatitude_5411optiplex_7780_aiolatitude_5310inspiron_3668dbutildbutil Driver
CWE ID-CWE-782
Exposed IOCTL with Insufficient Access Control
CVE-2020-29501
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 6.61%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerstoreemc_powerstore_firmwarePowerStore
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-51534
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.08% / 25.45%
||
7 Day CHG~0.00%
Published-01 Feb, 2025 | 04:02
Updated-12 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect DD
CWE ID-CWE-29
Path Traversal: '\..\filename'
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-3304
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.09% / 90.39%
||
7 Day CHG~0.00%
Published-30 Oct, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.

Action-Not Available
Vendor-n/aDell Inc.
Product-equallogic_ps4000_firmwaren/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-3720
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-5.15% / 89.48%
||
7 Day CHG~0.00%
Published-25 Apr, 2019 | 20:17
Updated-16 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Directory Traversal Vulnerability

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters.

Action-Not Available
Vendor-Dell Inc.
Product-emc_openmanage_server_administratorOpen Manage System Administrator
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2012-1841
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.80% / 73.02%
||
7 Day CHG~0.00%
Published-22 Mar, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to read arbitrary files via a full pathname in the file parameter.

Action-Not Available
Vendor-quantumn/aDell Inc.
Product-powervault_ml6000powervault_ml6000_firmwarescalar_i500powervault_ml6020scalar_i500_firmwarepowervault_ml6010powervault_ml6030n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-14384
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-4.83% / 89.11%
||
7 Day CHG~0.00%
Published-16 Mar, 2018 | 20:00
Updated-16 Sep, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability.

Action-Not Available
Vendor-Dell Inc.
Product-storage_managerDell Storage Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-37129
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.31%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 08:47
Updated-13 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system.

Action-Not Available
Vendor-Dell Inc.
Product-inventory_collectorDell Inventory Collectorsupportassist_for_business_pcscommand_updatesupportassist_for_home_pcsupdatealienware_update
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-28977
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-3.3||LOW
EPSS-0.06% / 17.36%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 08:08
Updated-21 Jan, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem with the privileges of the running web application.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerDell Repository Manager (DRM) repository_manager
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2011-0329
Matching Score-6
Assigner-Flexera Software LLC
ShareView Details
Matching Score-6
Assigner-Flexera Software LLC
CVSS Score-5||MEDIUM
EPSS-0.26% / 48.63%
||
7 Day CHG~0.00%
Published-21 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the GetData method in the Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 allows remote attackers to read arbitrary files via directory traversal sequences in the fileID parameter.

Action-Not Available
Vendor-n/aDell Inc.
Product-dellsystemlite.scanner_activex_controln/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-28976
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.04% / 12.38%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 08:01
Updated-21 Jan, 2025 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the running web application.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerDell Repository Manager (DRM) repository_manager
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found