Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-36346

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-25 Jan, 2022 | 22:15
Updated At-16 Sep, 2024 | 22:25
Rejected At-
Credits

Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:25 Jan, 2022 | 22:15
Updated At:16 Sep, 2024 | 22:25
Rejected At:
▼CVE Numbering Authority (CNA)

Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver.

Affected Products
Vendor
Dell Inc.Dell
Product
Integrated Dell Remote Access Controller (iDRAC)
Versions
Affected
  • From unspecified before 2.82.82.82 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287: Improper Authentication
Type: CWE
CWE ID: CWE-287
Description: CWE-287: Improper Authentication
Metrics
VersionBase scoreBase severityVector
3.05.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000194038/dsa-2021-259
x_refsource_MISC
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000194038/dsa-2021-259
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000194038/dsa-2021-259
x_refsource_MISC
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000194038/dsa-2021-259
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:25 Jan, 2022 | 23:15
Updated At:31 Jan, 2022 | 21:38

Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Secondary3.05.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Dell Inc.
dell
>>integrated_dell_remote_access_controller_8_firmware>>Versions before 2.82.82.82(exclusive)
cpe:2.3:o:dell:integrated_dell_remote_access_controller_8_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>integrated_dell_remote_access_controller_8>>-
cpe:2.3:h:dell:integrated_dell_remote_access_controller_8:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-287Secondarysecurity_alert@emc.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-287
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000194038/dsa-2021-259security_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000194038/dsa-2021-259
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

117Records found
CVE-2024-25966
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 65.50%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 07:07
Updated-09 Jan, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected data type vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSpowerscale_onefs
CWE ID-CWE-241
Improper Handling of Unexpected Data Type
CVE-2024-25964
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.44% / 62.21%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 08:13
Updated-09 Jan, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSpowerscale_onefs
CWE ID-CWE-385
Covert Timing Channel
CVE-2024-25954
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.64% / 69.60%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 18:38
Updated-09 Jan, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSpowerscale_onefs
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2015-7770
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-5||MEDIUM
EPSS-2.45% / 84.60%
||
7 Day CHG~0.00%
Published-06 Nov, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SonicWall TotalSecure TZ 100 devices with firmware before 5.9.1.0-22o allow remote attackers to cause a denial of service via a crafted packet.

Action-Not Available
Vendor-n/aDell Inc.
Product-sonicwall_totalsecure_tz_100_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-36321
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.39% / 58.99%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 01:40
Updated-16 Sep, 2024 | 22:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-x1008px1018_firmwarex4012x1052p_firmwarex1008p_firmwarex1026x4012_firmwarex1026p_firmwarex1018p_firmwarex1018x1026px1008_firmwarex1052_firmwarex1052x1026_firmwarex1008x1018px1052pNetworking X-Series
CWE ID-CWE-20
Improper Input Validation
CVE-2018-1205
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-1.51% / 80.44%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 21:00
Updated-16 Sep, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash.

Action-Not Available
Vendor-Dell Inc.
Product-emc_scaleioScaleIO
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-1218
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-22.38% / 95.60%
||
7 Day CHG~0.00%
Published-19 Mar, 2018 | 18:00
Updated-17 Sep, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. A remote unauthenticated attacker could potentially exploit this vulnerability to cause a denial of service to the users of NetWorker systems.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerDell EMC NetWorker
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-11054
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-2.35% / 84.27%
||
7 Day CHG~0.00%
Published-31 Aug, 2018 | 18:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.

Action-Not Available
Vendor-Dell Inc.RSA Security LLCOracle Corporation
Product-timesten_in-memory_databasecommunications_ip_service_activatorcore_rdbmscommunications_analyticsbsafegoldengate_application_adaptersreal_user_experience_insightapplication_testing_suitejd_edwards_enterpriseone_toolsretail_predictive_application_serverenterprise_manager_ops_centersecurity_serviceBSAFE Micro Edition Suite
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-30476
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.55%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 18:45
Updated-16 May, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale InsightIQ, version 5.2, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-PowerScale InsightIQ
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-15769
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-1.57% / 80.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2018 | 21:00
Updated-05 Aug, 2024 | 10:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.

Action-Not Available
Vendor-n/aOracle CorporationDell Inc.
Product-timesten_in-memory_databasecommunications_ip_service_activatorcore_rdbmscommunications_analyticsbsafegoldengate_application_adaptersreal_user_experience_insightapplication_testing_suitejd_edwards_enterpriseone_toolsretail_predictive_application_serverenterprise_manager_ops_centersecurity_servicen/a
CVE-2025-27694
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.13%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 00:12
Updated-11 Jul, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-410
Insufficient Resource Pool
CVE-2025-26480
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.13%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 02:22
Updated-11 Jul, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2014-0628
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5||MEDIUM
EPSS-0.26% / 48.64%
||
7 Day CHG~0.00%
Published-25 Mar, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

Action-Not Available
Vendor-n/aDell Inc.
Product-bsafe_micro-edition-suiten/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0625
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5||MEDIUM
EPSS-0.47% / 63.75%
||
7 Day CHG~0.00%
Published-18 Feb, 2014 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.

Action-Not Available
Vendor-n/aELAN Microelectronics CorporationDell Inc.
Product-rsa_bsafe_ssl-jbsafe_ssl-jn/a
CVE-2021-21565
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 65.93%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 23:45
Updated-16 Sep, 2024 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-834
Excessive Iteration
CVE-2022-33932
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 39.02%
||
7 Day CHG+0.06%
Published-22 Aug, 2022 | 16:51
Updated-16 Sep, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-419
Unprotected Primary Channel
CVE-2022-34439
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 55.79%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 18:05
Updated-07 May, 2025 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2017-4981
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.54%
||
7 Day CHG~0.00%
Published-14 Jun, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability.

Action-Not Available
Vendor-n/aDell Inc.
Product-bsafe_cert-cRSA BSAFE Cert-C RSA BSAFE Cert-C version 2.9.0.5
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-5372
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.6||HIGH
EPSS-0.66% / 70.21%
||
7 Day CHG~0.00%
Published-06 Jul, 2020 | 17:45
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerstore_5000emc_powerstore_3000emc_powerstore_1000_firmwareemc_powerstore_9000emc_powerstore_7000_firmwareemc_powerstore_5000_firmwareemc_powerstore_7000emc_powerstore_1000emc_powerstore_9000_firmwareemc_powerstore_3000_firmwarePowerStore
CWE ID-CWE-1244
Internal Asset Exposed to Unsafe Debug Access Level or State
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-5360
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-1.80% / 82.05%
||
7 Day CHG~0.00%
Published-16 Dec, 2020 | 15:50
Updated-16 Sep, 2024 | 22:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems.

Action-Not Available
Vendor-Oracle CorporationDell Inc.
Product-http_serverweblogic_server_proxy_plug-indatabasebsafe_micro-edition-suitesecurity_serviceDell BSAFE Micro Edition Suite
CWE ID-CWE-127
Buffer Under-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-5347
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.54% / 66.48%
||
7 Day CHG~0.00%
Published-03 Apr, 2020 | 23:20
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsIsilon OneFS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-29091
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 56.77%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentunityvsa_operating_environmentunity_xt_operating_environmentUnity
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-5383
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 51.95%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 18:25
Updated-16 Sep, 2024 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilonemc_powerscale_onefsIsilon OneFS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-5365
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.06%
||
7 Day CHG~0.00%
Published-20 May, 2020 | 20:45
Updated-16 Sep, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsIsilon OneFS
CWE ID-CWE-341
Predictable from Observable State
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2006-3894
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-5||MEDIUM
EPSS-11.85% / 93.47%
||
7 Day CHG~0.00%
Published-22 May, 2007 | 19:00
Updated-07 Aug, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.

Action-Not Available
Vendor-n/aDell Inc.
Product-bsafe_cert-cbsafe_crypto-cn/a
CVE-2022-24412
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.48%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 17:50
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-229
Improper Handling of Values
CVE-2022-23161
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.46% / 62.98%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 17:50
Updated-16 Sep, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker may potentially exploit this vulnerability, leading to denial-of-service.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2023-23689
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.66%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 16:40
Updated-07 Mar, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. This may allow an unauthenticated network host to impair built-in hardware management functionality and trigger OneFS data protection mechanism causing a denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-h600_firmwareh5600_firmwaref810h600a2000f810_firmwareh500h400a200_firmwareh5600a200h500_firmwaref800a2000_firmwareh400_firmwaref800_firmwarePowerScale OneFS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-26195
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-1.77% / 81.91%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-16 Sep, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2022-24423
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.85% / 73.96%
||
7 Day CHG~0.00%
Published-21 Apr, 2022 | 20:50
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to cause resource exhaustion in the webserver, resulting in a denial of service condition.

Action-Not Available
Vendor-Dell Inc.
Product-integrated_dell_remote_access_controller_8_firmwareintegrated_dell_remote_access_controller_8Integrated Dell Remote Access Controller 8
CWE ID-CWE-20
Improper Input Validation
CVE-2004-0331
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-67.53% / 98.51%
||
7 Day CHG~0.00%
Published-18 Mar, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable.

Action-Not Available
Vendor-n/aDell Inc.
Product-openmanagen/a
CVE-2004-0079
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.27% / 83.98%
||
7 Day CHG~0.00%
Published-18 Mar, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Action-Not Available
Vendor-neoteristarantella4dstonesoftscosecurecomputingbluecoatliten/aAvaya LLCNovellSun Microsystems (Oracle Corporation)Symantec CorporationCisco Systems, Inc.Apple Inc.HP Inc.Check Point Software Technologies Ltd.Silicon Graphics, Inc.OpenBSDRed Hat, Inc.Dell Inc.FreeBSD FoundationOpenSSLVMware (Broadcom Inc.)
Product-wbemfirewall_services_moduleapplication_and_content_networking_softwareaaa_servers8700okena_stormwatchmac_os_xthreat_responseapache-based_web_serverpix_firewallpropacks8500provider-1call_managerciscoworks_common_management_foundationclientless_vpn_gateway_4400secure_content_acceleratorvsus8300stonebeat_fullclustergsx_serverfirewall-1access_registrarstonebeat_securityclustergss_4480_global_site_selectortarantella_enterprisestonegate_vpn_clientproxysgvpn-1mac_os_x_serverenterprise_linux_desktopmds_9000enterprise_linuxwebstaropenserverbsafe_ssl-jioswebnssg203css11000_content_services_switchopenssllinuxintuity_audixserverclustersg5openbsdsg208sg200cacheos_ca_sastonegateciscoworks_common_servicesgss_4490_global_site_selectorimanagerinstant_virtual_extranetedirectorysidewinderhp-uxconverged_communications_serverstonebeat_webclustercrypto_accelerator_4000speed_technologies_litespeed_web_serverfreebsdpix_firewall_softwarecontent_services_switch_11500css_secure_content_acceleratorn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2004-0081
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.80% / 85.53%
||
7 Day CHG~0.00%
Published-18 Mar, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

Action-Not Available
Vendor-neoteristarantella4dstonesoftscosecurecomputingbluecoatliten/aAvaya LLCNovellSun Microsystems (Oracle Corporation)Symantec CorporationCisco Systems, Inc.Apple Inc.HP Inc.Check Point Software Technologies Ltd.Silicon Graphics, Inc.OpenBSDRed Hat, Inc.Dell Inc.FreeBSD FoundationOpenSSLVMware (Broadcom Inc.)
Product-wbemfirewall_services_moduleapplication_and_content_networking_softwareaaa_servers8700okena_stormwatchmac_os_xthreat_responseapache-based_web_serverpix_firewallpropacks8500provider-1call_managerciscoworks_common_management_foundationclientless_vpn_gateway_4400secure_content_acceleratorvsus8300stonebeat_fullclustergsx_serverfirewall-1access_registrarstonebeat_securityclustergss_4480_global_site_selectortarantella_enterprisestonegate_vpn_clientproxysgvpn-1mac_os_x_serverenterprise_linux_desktopmds_9000enterprise_linuxwebstaropenserverbsafe_ssl-jioswebnssg203css11000_content_services_switchopenssllinuxintuity_audixserverclustersg5openbsdsg208sg200cacheos_ca_sastonegateciscoworks_common_servicesgss_4490_global_site_selectorimanagerinstant_virtual_extranetedirectorysidewinderhp-uxconverged_communications_serverstonebeat_webclustercrypto_accelerator_4000speed_technologies_litespeed_web_serverfreebsdpix_firewall_softwarecontent_services_switch_11500css_secure_content_acceleratorn/a
CVE-2004-0112
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.72% / 71.58%
||
7 Day CHG~0.00%
Published-18 Mar, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

Action-Not Available
Vendor-forcepointneoteristarantella4dstonesoftscosecurecomputingbluecoatlitespeedtechn/aAvaya LLCNovellSun Microsystems (Oracle Corporation)Symantec CorporationCisco Systems, Inc.Apple Inc.HP Inc.Check Point Software Technologies Ltd.Silicon Graphics, Inc.OpenBSDRed Hat, Inc.Dell Inc.FreeBSD FoundationOpenSSLVMware (Broadcom Inc.)
Product-wbemfirewall_services_moduleapplication_and_content_networking_softwareaaa_servers8700okena_stormwatchmac_os_xthreat_responseapache-based_web_serverpix_firewallpropacks8500provider-1call_managerciscoworks_common_management_foundationclientless_vpn_gateway_4400secure_content_acceleratorvsus8300stonebeat_fullclustergsx_serverfirewall-1access_registrarstonebeat_securityclustergss_4480_global_site_selectortarantella_enterpriseproxysgvpn-1mac_os_x_serverenterprise_linux_desktopmds_9000enterprise_linuxwebstaropenserverbsafe_ssl-jioswebnssg203css11000_content_services_switchopenssllinuxintuity_audixserverclustersg5openbsdlitespeed_web_serversg208sg200cacheos_ca_sastonegateciscoworks_common_servicesgss_4490_global_site_selectorimanagerinstant_virtual_extranetedirectorysidewinderhp-uxconverged_communications_serverstonebeat_webclustercrypto_accelerator_4000freebsdpix_firewall_softwarecontent_services_switch_11500css_secure_content_acceleratorn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-22562
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.02%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 17:50
Updated-17 Sep, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. An unauthenticated network attacker could potentially exploit this denial-of-service vulnerability.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-229
Improper Handling of Values
CVE-2021-43588
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.3||MEDIUM
EPSS-0.52% / 65.83%
||
7 Day CHG~0.00%
Published-24 Jan, 2022 | 20:10
Updated-16 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-emc_data_protection_centralData Protection Central
CWE ID-CWE-20
Improper Input Validation
CVE-2019-3728
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.43%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 21:48
Updated-22 May, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA BSAFE Crypto-C Micro Edition versions from 4.0.0.0 before 4.0.5.4 and from 4.1.0 before 4.1.4, RSA BSAFE Micro Edition Suite versions from 4.0.0 before 4.0.13 and from 4.1.0 before 4.4 and RSA Crypto-C versions from 6.0.0 through 6.4.* are vulnerable to an out-of-bounds read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-bsafe_crypto-c-micro-editionbsafe_micro-edition-suitebsafe_crypto-cRSA Crypto-CRSA BSAFE Crypto-C Micro EditionRSA BSAFE Micro Edition Suite
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-29508
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 46.23%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 19:25
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.

Action-Not Available
Vendor-Oracle CorporationDell Inc.
Product-http_serverweblogic_server_proxy_plug-inbsafe_crypto-c-micro-editiondatabasebsafe_micro-edition-suitesecurity_serviceDell BSAFE Micro Edition Suite
CWE ID-CWE-331
Insufficient Entropy
CWE ID-CWE-20
Improper Input Validation
CVE-2020-5364
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.06%
||
7 Day CHG~0.00%
Published-20 May, 2020 | 20:45
Updated-16 Sep, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsIsilon OneFS
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5696
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-16.25% / 94.56%
||
7 Day CHG~0.00%
Published-14 Aug, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request.

Action-Not Available
Vendor-n/aDell Inc.
Product-netvault_backupn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-26185
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.30%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 14:25
Updated-17 Sep, 2024 | 00:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.

Action-Not Available
Vendor-Oracle CorporationDell Inc.
Product-http_serverweblogic_server_proxy_plug-indatabasebsafe_micro-edition-suitesecurity_serviceDell BSAFE Micro Edition Suite
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2009-0695
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-70.62% / 98.63%
||
7 Day CHG~0.00%
Published-19 Jun, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.

Action-Not Available
Vendor-n/aDell Inc.
Product-wyse_device_managern/a
CWE ID-CWE-287
Improper Authentication
CVE-2010-0834
Matching Score-6
Assigner-Canonical Ltd.
ShareView Details
Matching Score-6
Assigner-Canonical Ltd.
CVSS Score-9.3||HIGH
EPSS-0.51% / 65.27%
||
7 Day CHG~0.00%
Published-09 Aug, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.

Action-Not Available
Vendor-n/aUbuntuDell Inc.
Product-ubuntu_linuxlatitude_2110_netbookn/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-36308
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-1.72% / 81.64%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 01:40
Updated-16 Sep, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-networking_os10Networking OS
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2021-36350
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.39% / 59.35%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:05
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-287
Improper Authentication
CVE-2025-26475
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.17%
||
7 Day CHG~0.00%
Published-19 Mar, 2025 | 15:13
Updated-20 May, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack exposure, preventing accidental misconfigurations, and ensuring security controls remain active.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway (SCG) 5.0 Appliance - SRS
CWE ID-CWE-287
Improper Authentication
CVE-2021-21502
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.37%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-16 Sep, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-287
Improper Authentication
CVE-2021-21538
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.6||CRITICAL
EPSS-1.55% / 80.68%
||
7 Day CHG~0.00%
Published-29 Jul, 2021 | 15:55
Updated-17 Sep, 2024 | 01:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-287
Improper Authentication
CVE-2021-21564
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 73.05%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 21:05
Updated-17 Sep, 2024 | 03:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_enterpriseDell OpenManage Enterprise
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2025-22477
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.3||HIGH
EPSS-0.12% / 31.33%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 16:03
Updated-13 May, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-storage_managerDell Storage Center - Dell Storage Manager
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found