Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-5348

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-03 Apr, 2020 | 23:20
Updated At-17 Sep, 2024 | 03:02
Rejected At-
Credits

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:03 Apr, 2020 | 23:20
Updated At:17 Sep, 2024 | 03:02
Rejected At:
▼CVE Numbering Authority (CNA)

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.

Affected Products
Vendor
Dell Inc.Dell
Product
CPG BIOS
Versions
Affected
  • From unspecified before A28 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416: Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416: Use After Free
Metrics
VersionBase scoreBase severityVector
3.16.8MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/article/SLN320792
x_refsource_MISC
Hyperlink: https://www.dell.com/support/article/SLN320792
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/article/SLN320792
x_refsource_MISC
x_transferred
Hyperlink: https://www.dell.com/support/article/SLN320792
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:04 Apr, 2020 | 00:15
Updated At:06 Apr, 2020 | 18:13

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.8MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Dell Inc.
dell
>>latitude_7202>>-
cpe:2.3:h:dell:latitude_7202:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>latitude_7202_firmware>>Versions before a28(exclusive)
cpe:2.3:o:dell:latitude_7202_firmware:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Primarynvd@nist.gov
CWE-416Secondarysecurity_alert@emc.com
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-416
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/article/SLN320792security_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/article/SLN320792
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2038Records found
CVE-2020-5376
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 31.38%
||
7 Day CHG~0.00%
Published-02 Sep, 2020 | 20:55
Updated-16 Sep, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_7347_biosinspiron_7347CPG BIOS
CWE ID-CWE-416
Use After Free
CVE-2020-5378
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 31.38%
||
7 Day CHG~0.00%
Published-02 Sep, 2020 | 20:55
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

Action-Not Available
Vendor-Dell Inc.
Product-g7_17_7790_biosg7_17_7790CPG BIOS
CWE ID-CWE-416
Use After Free
CVE-2024-0155
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.09% / 25.62%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 13:00
Updated-08 Jan, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to application crash or execution of arbitrary code.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryDell Digital Delivery (D3)digital_delivery
CWE ID-CWE-416
Use After Free
CVE-2025-21105
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.05% / 14.91%
||
7 Day CHG~0.00%
Published-20 Feb, 2025 | 12:10
Updated-31 Jul, 2025 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down the server, modifying the configuration leading to gain access to unauthorized data.

Action-Not Available
Vendor-Dell Inc.
Product-recoverpoint_for_virtual_machinesRecoverPoint for VMs
CWE ID-CWE-284
Improper Access Control
CVE-2015-6856
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.08%
||
7 Day CHG~0.00%
Published-08 Jan, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call.

Action-Not Available
Vendor-n/aDell Inc.
Product-pre-boot_authentication_drivern/a
CVE-2023-32495
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.76%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 13:00
Updated-08 Oct, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability. An authorized local attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-32450
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 19.98%
||
7 Day CHG~0.00%
Published-27 Jul, 2023 | 04:33
Updated-15 Oct, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)
CWE ID-CWE-379
Creation of Temporary File in Directory with Insecure Permissions
CVE-2023-32479
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.61%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 08:09
Updated-22 Aug, 2024 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-windowssecurity_management_serverencryptionendpoint_security_suite_enterpriseDell Security Management Server (Windows)Dell Endpoint Security Suite EnterpriseDell Encryptionsecurity_management_serverencryptionendpoint_security_suite_enterprise
CWE ID-CWE-284
Improper Access Control
CVE-2025-21107
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.96%
||
7 Day CHG~0.00%
Published-30 Jan, 2025 | 09:15
Updated-07 Feb, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationDell Inc.
Product-linux_kernelwindowsnetworkerNetWorker
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-32451
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 9.24%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 07:46
Updated-07 Nov, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation

Action-Not Available
Vendor-Dell Inc.
Product-display_managerDell Display Manager
CWE ID-CWE-272
Least Privilege Violation
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-32460
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.98%
||
7 Day CHG~0.00%
Published-08 Dec, 2023 | 05:37
Updated-02 Aug, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r7515poweredge_fc430poweredge_t140_firmwarepoweredge_t560_firmwarepoweredge_xr12poweredge_r7515_firmwarepoweredge_fc630poweredge_r760xa_firmwarepoweredge_xe7420poweredge_mx750c_firmwarepoweredge_r530poweredge_m640_\(pe_vrtx\)poweredge_m830_\(pe_vrtx\)emc_xc_core_xc650_firmwarenx3330emc_nx440_firmwarepoweredge_t630_firmwareemc_xc_core_xc940poweredge_r330dss_8440poweredge_xe7440_firmwarepoweredge_t130poweredge_xe9680poweredge_r430poweredge_r840_firmwarepoweredge_t150_firmwarepoweredge_r830poweredge_m630_\(pe_vrtx\)xc730_hyperconverged_appliancepoweredge_c6320poweredge_r350_firmwarepoweredge_r750_firmwarepoweredge_xr8610tpoweredge_r440poweredge_xr4510cpoweredge_c6615poweredge_m830poweredge_r340poweredge_fc640_firmwarepoweredge_c6320_firmwarepoweredge_r750xspoweredge_t640_firmwarepoweredge_r830_firmwarepoweredge_r740xd2poweredge_t550_firmwarepoweredge_xr7620_firmwarepoweredge_r240_firmwarepoweredge_fc830_firmwarenx3230poweredge_r730xdpoweredge_r230poweredge_t350poweredge_fc630_firmwareemc_xc_core_xc740xd2poweredge_r740poweredge_xr2xc_core_xc660_firmwarexc730xd_hyperconverged_appliancepoweredge_r230_firmwarepoweredge_r440_firmwarepoweredge_t150poweredge_r630_firmwarepoweredge_xe9680_firmwarepoweredge_r650xspoweredge_fc830xc430_hyperconverged_applianceemc_xc_core_xc740xd2_firmwarexc_core_xc760poweredge_r730xd_firmwarepoweredge_c6620_firmwareemc_storage_nx3240poweredge_mx840cemc_xc_core_xc740xd_firmwarepoweredge_mx740cpoweredge_r730poweredge_r7525poweredge_t130_firmwaredss_8440_firmwarepoweredge_r6615_firmwareemc_xc_core_xc750xa_firmwareemc_xc_core_xc640_firmwarepoweredge_fc430_firmwareemc_storage_nx3240_firmwarepoweredge_r540_firmwarepoweredge_r740xdpoweredge_r740_firmwarepoweredge_r6415nx430_firmwareemc_xc_core_xc750poweredge_r760xs_firmwarepoweredge_r740xd2_firmwarepoweredge_r940xaemc_xc_core_xc750xapoweredge_t330_firmwarepoweredge_r7625poweredge_r450_firmwarepoweredge_r640poweredge_r7425poweredge_r7615poweredge_r760xd2poweredge_r750xs_firmwarepoweredge_t440_firmwarepoweredge_r930_firmwarenx430poweredge_hs5620_firmwareemc_xc_core_xc6520poweredge_m830_firmwarepoweredge_r7615_firmwarepoweredge_r250poweredge_r6515_firmwarepoweredge_r240poweredge_hs5610_firmwarepoweredge_r430_firmwareemc_xc_core_xc6520_firmwarepoweredge_xr4510c_firmwarepoweredge_r730_firmwarepoweredge_xr8620t_firmwareemc_xc_core_6420_firmwareemc_xc_core_xc450_firmwarexc630_hyperconverged_appliancepoweredge_m640xc730xd_hyperconverged_appliance_firmwarepoweredge_xr8620tpoweredge_t630poweredge_r750poweredge_r650_firmwarepoweredge_m640_\(pe_vrtx\)_firmwarepoweredge_r930xc_core_xc760_firmwarexc6320_hyperconverged_appliance_firmwarepoweredge_xe8640poweredge_t640poweredge_c6520_firmwareemc_xc_core_xc940_firmwareemc_storage_nx3340_firmwarepoweredge_r550_firmwareemc_xc_core_xc750_firmwarexc6320_hyperconverged_appliancepoweredge_r760xd2_firmwarepoweredge_c4140_firmwarexc_core_xc660poweredge_r250_firmwarepoweredge_r760_firmwarepoweredge_r550poweredge_mx840c_firmwarepoweredge_r660_firmwarepoweredge_c6525_firmwarepoweredge_c6525emc_xc_core_xc650emc_xc_core_xc740xdpoweredge_r6625_firmwarepoweredge_r6415_firmwarepoweredge_m830_\(pe_vrtx\)_firmwarepoweredge_r330_firmwarepoweredge_m630xc730_hyperconverged_appliance_firmwarepoweredge_c6615_firmwareemc_xc_core_xc640poweredge_t430_firmwareemc_xc_core_6420poweredge_xe7420_firmwarepoweredge_c6420_firmwarepoweredge_r7415_firmwarepoweredge_fc640poweredge_xe2420_firmwarepoweredge_r7415poweredge_r660poweredge_c4140poweredge_r940_firmwareemc_xc_core_xcxr2_firmwarepoweredge_xr11_firmwarexc430_hyperconverged_appliance_firmwarepoweredge_r860poweredge_r650poweredge_r650xs_firmwarepoweredge_r740xd_firmwarepoweredge_xr11poweredge_t140poweredge_xr12_firmwarepoweredge_xr8610t_firmwarepoweredge_c6620poweredge_xr4520cpoweredge_r7625_firmwarepoweredge_r760xapoweredge_xe9640_firmwareemc_xc_core_xc7525_firmwarepoweredge_t560emc_xc_core_xcxr2poweredge_mx740c_firmwarepoweredge_xr7620poweredge_xr5610_firmwarepoweredge_r640_firmwarepoweredge_t440nx3330_firmwarepoweredge_xr4520c_firmwarepoweredge_r940xa_firmwarepoweredge_r630poweredge_c4130_firmwarepoweredge_r7525_firmwarepoweredge_t330nx440poweredge_mx760c_firmwarepoweredge_r660xspoweredge_r6525poweredge_xe8545_firmwarepoweredge_c4130poweredge_r6615poweredge_mx760cpoweredge_xe9640poweredge_xe8545emc_xc_core_xc7525poweredge_r940poweredge_r750xapoweredge_r540poweredge_t550poweredge_m640_firmwarepoweredge_r660xs_firmwarepoweredge_hs5620poweredge_t340_firmwarepoweredge_r340_firmwarepoweredge_t430poweredge_xr2_firmwarepoweredge_r6515poweredge_xe2420poweredge_r760poweredge_r530_firmwareemc_xc_core_xc450poweredge_r6525_firmwarepoweredge_mx750cpoweredge_c6420poweredge_xe7440poweredge_r960poweredge_m630_firmwarepoweredge_r350emc_storage_nx3340poweredge_xe8640_firmwarepoweredge_r750xa_firmwarepoweredge_r840poweredge_r960_firmwarepoweredge_r760xspoweredge_c6520poweredge_m630_\(pe_vrtx\)_firmwarepoweredge_t340poweredge_xr5610poweredge_r450poweredge_hs5610poweredge_t350_firmwarexc630_hyperconverged_appliance_firmwarepoweredge_r860_firmwarepoweredge_r6625nx3230_firmwarepoweredge_r7425_firmwarePowerEdge Platform
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-3039
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.06% / 18.82%
||
7 Day CHG+0.01%
Published-12 Sep, 2023 | 06:06
Updated-26 Sep, 2024 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.

Action-Not Available
Vendor-Dell Inc.
Product-sd_rom_utilitySD ROM Utility
CWE ID-CWE-284
Improper Access Control
CVE-2023-28079
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.08% / 22.85%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 15:20
Updated-10 Jan, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Dell Inc.
Product-powerpathPowerPath Windows
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-28047
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.09% / 25.31%
||
7 Day CHG~0.00%
Published-20 Apr, 2023 | 06:59
Updated-05 Feb, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges.

Action-Not Available
Vendor-Dell Inc.
Product-display_managerDell Display Manager
CWE ID-CWE-272
Least Privilege Violation
CVE-2023-28070
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 28.71%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 08:05
Updated-30 Jan, 2025 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-284
Improper Access Control
CVE-2023-28051
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.71%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 07:20
Updated-10 Feb, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)
CWE ID-CWE-284
Improper Access Control
CVE-2025-46685
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.02% / 5.86%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 16:36
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_os_recoverySupportAssist OS Recovery
CWE ID-CWE-378
Creation of Temporary File With Insecure Permissions
CVE-2025-46422
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.61%
||
7 Day CHG~0.00%
Published-30 Oct, 2025 | 14:19
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-25940
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.12% / 30.95%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 10:14
Updated-11 Feb, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-25542
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.10% / 27.21%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 06:17
Updated-10 Feb, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-trusted_device_agent Dell Trusted Device Client
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-25543
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.24%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 06:31
Updated-02 Aug, 2024 | 11:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2023-24575
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.04%
||
7 Day CHG~0.00%
Published-21 Feb, 2023 | 04:03
Updated-12 Mar, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system

Action-Not Available
Vendor-Dell Inc.
Product-multifunction_printer_e525w_driver_and_software_suiteDell Multifunction Printer E525w Driver and Software Suite
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2024-47476
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.88%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 09:59
Updated-03 Feb, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Dell Inc.
Product-networker_management_consoleNetWorker Management Consolenetworker_management_console
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-23696
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.05% / 14.44%
||
7 Day CHG~0.00%
Published-07 Feb, 2023 | 09:49
Updated-25 Mar, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system.

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_intel_vpro_out_of_bandDell Command Intel vPro Out of Band (DCIV)
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-43882
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.78%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 13:51
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Unauthorized Access.

Action-Not Available
Vendor-Dell Inc.
Product-pro_max_16_pluspro_16_plus_pb16250latitude_5440pro_max_14latitude_3420latitude_5540wyse_5070_thin_clientlatitude_3440precision_3280latitude_3450optiplex_all-in-one_7410pro_14_pc14250optiplex_3000_tcoptiplex_5400_all-in-onewyse_5470_all-in-one_thin_clientoptiplex_all-in-one_7420thinospro_rugged_13_ra13250optiplex_micro_plus_7010pro_24_all-in-onewyse_5070_extended_thin_clientpro_tower_qct1250pro_rugged_14_rb14250pro_slim_low_sffoptiplex_7020pro_16_pc16250latitude_5450latitude_5530latitude_5550wyse_5470_mtclatitude_3330precision_3260_compactlatitude_5520ThinOS 10
CWE ID-CWE-283
Unverified Ownership
CVE-2025-43942
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.45%
||
7 Day CHG~0.00%
Published-30 Oct, 2025 | 14:23
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-43887
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.01% / 3.43%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 15:59
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Data Manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-43888
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.03% / 9.28%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 15:42
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Data Manager
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-34387
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.12% / 30.32%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:15
Updated-26 Mar, 2025 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist
CWE ID-CWE-377
Insecure Temporary File
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2025-36609
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-2.5||LOW
EPSS-0.04% / 12.79%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 18:14
Updated-06 Aug, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains a Use of Hard-coded Password vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Software
CWE ID-CWE-259
Use of Hard-coded Password
CVE-2022-31226
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.06% / 18.86%
||
7 Day CHG~0.00%
Published-12 Sep, 2022 | 18:35
Updated-16 Sep, 2024 | 23:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.

Action-Not Available
Vendor-Dell Inc.
Product-precision_3660_towerinspiron_16_plus_7620_firmwareinspiron_7420xps_17_9720_firmwareinspiron_5620optiplex_7400vostro_3910optiplex_7000vostro_7620_firmwareinspiron_7420_firmwareoptiplex_5000_firmwareprecision_3660_tower_firmwareoptiplex_7000_oemoptiplex_5000inspiron_7620_firmwarechengming_3900optiplex_3000inspiron_5420chengming_3900_firmwarexps_17_9720vostro_3910_firmwareprecision_5770inspiron_16_plus_7620inspiron_14_plus_7420vostro_3710_firmwarevostro_5320vostro_5620_firmwarevostro_7620optiplex_3000_thin_clientinspiron_5620_firmwareoptiplex_5400inspiron_5320_firmwarevostro_5620precision_5770_firmwareinspiron_14_plus_7420_firmwareoptiplex_5400_firmwareoptiplex_3000_thin_client_firmwareoptiplex_3000_firmwareoptiplex_7000_firmwareinspiron_5320inspiron_3910vostro_3710vostro_5320_firmwareoptiplex_7400_firmwareinspiron_3910_firmwareinspiron_5420_firmwareprecision_3460_small_form_factor_firmwareoptiplex_7000_oem_firmwareprecision_3460_small_form_factorinspiron_7620CPG BIOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-15782
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.7||HIGH
EPSS-0.03% / 8.54%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 20:00
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DSA-2018-226: RSA® Authentication Manager Relative Path Traversal Vulnerability

The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-authentication_managerRSA Authentication Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-26865
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 18.34%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-16 Sep, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_os_recoveryDell OS Recovery Tool
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2022-24415
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.04% / 12.82%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-17 Sep, 2024 | 02:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-1184
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.25% / 48.30%
||
7 Day CHG~0.00%
Published-03 Feb, 2018 | 01:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges.

Action-Not Available
Vendor-n/aDell Inc.
Product-emc_recoverpointemc_recoverpoint_for_virtual_machinesEMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2015-0949
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.04%
||
7 Day CHG~0.00%
Published-30 Jan, 2020 | 20:45
Updated-06 Aug, 2024 | 04:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.

Action-Not Available
Vendor-HPDell Inc.HP Inc.
Product-latitude_e6430elitebook_850_g1latitude_e6430_firmwareelitebook_850_g1_firmwareLatitude E6430EliteBook 850 G1
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-11077
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.37% / 59.04%
||
7 Day CHG~0.00%
Published-26 Nov, 2018 | 20:00
Updated-17 Sep, 2024 | 03:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Dell Inc.
Product-emc_integrated_data_protection_applianceemc_avamarvsphere_data_protectionIntegrated Data Protection ApplianceAvamar
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-38743
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.11%
||
7 Day CHG~0.00%
Published-21 Aug, 2025 | 18:46
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_idrac_service_moduleiDRAC Service Module (iSM)
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2018-11072
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.08% / 22.98%
||
7 Day CHG~0.00%
Published-02 Oct, 2018 | 13:00
Updated-16 Sep, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryDell Digital Delivery
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2018-1203
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-1.08% / 78.26%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 18:00
Updated-16 Sep, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsIsilon OneFS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-53295
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.06%
||
7 Day CHG~0.00%
Published-01 Feb, 2025 | 04:12
Updated-07 Feb, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect DD
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CVE-2024-53289
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.90%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 07:40
Updated-04 Feb, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-thinosWyse Proprietary OS (Modern ThinOS)
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2015-2890
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-6||MEDIUM
EPSS-0.32% / 55.10%
||
7 Day CHG~0.00%
Published-01 Aug, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.

Action-Not Available
Vendor-n/aDell Inc.
Product-precision_t1600latitude_e4310latitude_xt3precision_mobile_m6600latitude_e6220latitude_e5510latitude_e5520precision_t5600latitude_e6420_atglatitude_e6520latitude_e6410_atgprecision_mobile_m4500optiplex_790precision_t5600_xllatitude_e6320latitude_e6510precision_t3600latitude_e5410precision_mobile_m4600latitude_e6420_xfrbiosoptiplex_990latitude_e5420optiplex_390n/a
CVE-2024-49561
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.06%
||
7 Day CHG~0.00%
Published-17 Mar, 2025 | 17:35
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Software
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-49565
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.19%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 01:28
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-48837
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.54%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 03:31
Updated-18 Nov, 2024 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Softwaresmartfabric_os10
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-49564
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.19%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 01:31
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-49558
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.46%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 03:22
Updated-15 Nov, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Softwaresmartfabric_os10
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-49600
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.62%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 14:56
Updated-04 Feb, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)
CWE ID-CWE-284
Improper Access Control
CVE-2024-49560
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.96%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 03:17
Updated-15 Nov, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Softwaresmartfabric_os10
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 40
  • 41
  • Next
Details not found