ByteOS Network

Type	CWE ID	Description
CWE	CWE-121	CWE-121: Stack-based Buffer Overflow

Version	Base score	Base severity	Vector
3.0	6.2	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

Hyperlink	Resource
https://www.dell.com/support/kbdoc/000194038	x_refsource_MISC

Hyperlink	Resource
https://www.dell.com/support/kbdoc/000194038	x_refsource_MISC x_transferred

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary	3.0	6.2	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
Primary	2.0	9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE ID	Type	Source
CWE-787	Primary	nvd@nist.gov
CWE-121	Secondary	security_alert@emc.com

Hyperlink	Source	Resource
https://www.dell.com/support/kbdoc/000194038	security_alert@emc.com	Vendor Advisory

CVE-2024-25946

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.2||HIGH

EPSS-0.42% / 62.45%

||

7 Day CHG~0.00%

Published-28 Mar, 2024 | 19:00

Updated-25 Mar, 2025 | 14:43

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.

Vendor-Dell Inc.

Product-solutions_enabler_virtual_appliance powermax_eem unisphere_for_powermax_virtual_appliance Virtual Appliance (vApp) Manager virtual_appliance_manager

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2026-22766

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.2||HIGH

EPSS-0.32% / 55.02%

||

7 Day CHG~0.00%

Published-24 Feb, 2026 | 19:28

Updated-20 Mar, 2026 | 19:43

Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

Vendor-Dell Inc.

Product-Wyse Management Suite

CWE ID-CWE-434

Unrestricted Upload of File with Dangerous Type

CVE-2018-1215

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-10.25% / 93.31%

||

7 Day CHG~0.00%

Published-08 Mar, 2018 | 15:00

Updated-05 Aug, 2024 | 03:51

An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). A remote authenticated malicious user may potentially upload arbitrary maliciously crafted files in any location on the web server. By chaining this vulnerability with CVE-2018-1216, the attacker may use the default account to exploit this vulnerability.

Vendor-n/a Dell Inc.

Product-emc_vasa_virtual_appliance emc_solutions_enabler_virtual_appliance emc_unisphere_for_vmax_virtual_appliance emc_vmax_embedded_management vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement)

CWE ID-CWE-434

Unrestricted Upload of File with Dangerous Type

CVE-2018-1239

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.2||HIGH

EPSS-2.50% / 85.65%

||

7 Day CHG~0.00%

Published-08 May, 2018 | 13:00

Updated-16 Sep, 2024 | 16:33

Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed.

Vendor-Dell Inc.

Product-emc_unity_operating_environment emc_unityvsa_operating_environment Unity Operating Environment (OE)

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2018-1212

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-0.89% / 75.85%

||

7 Day CHG~0.00%

Published-02 Jul, 2018 | 17:00

Updated-17 Sep, 2024 | 01:37

Authenticated remote code execution in iDRAC 6

The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.

Vendor-Dell Inc.

Product-idrac6_monolithic idrac6_modular iDRAC6 (Modular)iDRAC6 (Monolithic)

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2024-22460

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-2.2||LOW

EPSS-1.20% / 79.30%

||

7 Day CHG~0.00%

Published-08 May, 2024 | 15:52

Updated-04 Feb, 2025 | 17:15

Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.

Vendor-Dell Inc.

Product-dm5500 dm5500_firmware Data Manager Appliance Software (DMAS)powerprotect_data_manager_dm5500_firmware

CWE ID-CWE-502

Deserialization of Untrusted Data

CVE-2024-22426

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.2||HIGH

EPSS-0.79% / 74.25%

||

7 Day CHG~0.00%

Published-16 Feb, 2024 | 11:20

Updated-23 Jan, 2025 | 16:50

Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.

Vendor-Dell Inc.

Product-recoverpoint_for_virtual_machines RecoverPoint for VMs recoverpoint_for_virtual_machines

CWE ID-CWE-434

Unrestricted Upload of File with Dangerous Type

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2024-22445

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.2||HIGH

EPSS-0.31% / 54.14%

||

7 Day CHG~0.00%

Published-13 Feb, 2024 | 07:40

Updated-22 Aug, 2024 | 15:28

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Vendor-Dell Inc.

Product-powerprotect_data_manager PowerProtect Data Manager powerprotect_data_manager

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2026-24504

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.2||HIGH

EPSS-0.13% / 31.68%

||

7 Day CHG-0.02%

Published-20 Apr, 2026 | 16:08

Updated-28 Apr, 2026 | 21:03

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

Vendor-Dell Inc.

Product-powerprotect_dp_series_appliance data_domain_operating_system PowerProtect Data Domain

CWE ID-CWE-20

Improper Input Validation

CVE-2026-22284

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.6||MEDIUM

EPSS-0.10% / 26.29%

||

7 Day CHG~0.00%

Published-17 Feb, 2026 | 19:46

Updated-26 Feb, 2026 | 22:03

Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Vendor-Dell Inc.

Product-smartfabric_os10 SmartFabric OS10 Software

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2023-48664

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.2||HIGH

EPSS-0.16% / 36.04%

||

7 Day CHG~0.00%

Published-14 Dec, 2023 | 16:08

Updated-02 Aug, 2024 | 21:37

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

Vendor-Dell Inc.

Product-unisphere_for_powermax_virtual_appliance solutions_enabler_virtual_appliance powermax_os vApp Manager

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-48665

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.2||HIGH

EPSS-0.16% / 36.04%

||

7 Day CHG~0.00%

Published-14 Dec, 2023 | 16:12

Updated-02 Aug, 2024 | 21:37

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

Vendor-Dell Inc.

Product-unisphere_for_powermax_virtual_appliance solutions_enabler_virtual_appliance powermax_os vApp Manager,

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-48662

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.2||HIGH

EPSS-0.16% / 36.04%

||

7 Day CHG~0.00%

Published-14 Dec, 2023 | 15:59

Updated-02 Aug, 2024 | 21:37

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

Vendor-Dell Inc.

Product-unisphere_for_powermax_virtual_appliance solutions_enabler_virtual_appliance powermax_os vApp Manager

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-48663

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.2||HIGH

EPSS-0.15% / 34.95%

||

7 Day CHG~0.00%

Published-14 Dec, 2023 | 16:03

Updated-21 May, 2025 | 14:36

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

Vendor-Dell Inc.

Product-unisphere_for_powermax_virtual_appliance solutions_enabler_virtual_appliance powermax_os vApp Manager

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-48667

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.2||HIGH

EPSS-0.03% / 10.16%

||

7 Day CHG~0.00%

Published-14 Dec, 2023 | 15:40

Updated-02 Aug, 2024 | 21:37

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker.

Vendor-Dell Inc.

Product-powerprotect_data_domain dd9400 powerprotect_data_protection dp5900 apex_protection_storage powerprotect_data_domain_management_center emc_data_domain_os dd6400 dd3300 dp4400 dd6900 dd9900 PowerProtect DD

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-28064

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-3.5||LOW

EPSS-0.12% / 30.39%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 10:57

Updated-07 Nov, 2024 | 20:52

Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.

Vendor-Dell Inc.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-53296

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-2.7||LOW

EPSS-0.21% / 43.95%

||

7 Day CHG~0.00%

Published-01 Feb, 2025 | 03:56

Updated-12 Feb, 2025 | 20:51

Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

Vendor-Dell Inc.

Product-data_domain_operating_system PowerProtect DD

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-21573

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-7.2||HIGH

EPSS-0.05% / 14.42%

||

7 Day CHG~0.00%

Published-24 Jun, 2021 | 17:00

Updated-17 Sep, 2024 | 01:11

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

Vendor-Dell Inc.

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-48014

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.12% / 30.84%

||

7 Day CHG~0.00%

Published-25 Sep, 2025 | 15:08

Updated-16 Jan, 2026 | 17:08

Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3 contain an Out-of-bounds Write vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

Vendor-Dell Inc.

Product-bsafe_micro-edition-suite BSAFE Micro Edition Suite

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-21574

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-7.2||HIGH

EPSS-0.09% / 25.27%

||

7 Day CHG~0.00%

Published-24 Jun, 2021 | 17:00

Updated-16 Sep, 2024 | 21:08

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

Vendor-Dell Inc.

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-21572

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-7.2||HIGH

EPSS-0.05% / 14.42%

||

7 Day CHG~0.00%

Published-24 Jun, 2021 | 17:00

Updated-16 Sep, 2024 | 19:30

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

Vendor-Dell Inc.

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2022-34424

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.39% / 60.33%

||

7 Day CHG~0.00%

Published-28 Sep, 2022 | 20:30

Updated-20 May, 2025 | 20:28

Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans.

Vendor-Dell Inc.

Product-smartfabric_os10 Dell Networking OS10

CWE ID-CWE-787

Out-of-bounds Write

CVE-2022-34454

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.13% / 31.50%

||

7 Day CHG~0.00%

Published-10 Feb, 2023 | 09:48

Updated-24 Mar, 2025 | 18:35

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2022-32493

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.04% / 13.35%

||

7 Day CHG~0.00%

Published-12 Oct, 2022 | 19:25

Updated-15 May, 2025 | 15:35

Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2022-31226

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-7.1||HIGH

EPSS-0.06% / 18.81%

||

7 Day CHG~0.00%

Published-12 Sep, 2022 | 18:35

Updated-16 Sep, 2024 | 23:05

Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.

Vendor-Dell Inc.

Product-precision_3660_tower inspiron_16_plus_7620_firmware inspiron_7420 xps_17_9720_firmware inspiron_5620 optiplex_7400 vostro_3910 optiplex_7000 vostro_7620_firmware inspiron_7420_firmware optiplex_5000_firmware precision_3660_tower_firmware optiplex_7000_oem optiplex_5000 inspiron_7620_firmware chengming_3900 optiplex_3000 inspiron_5420 chengming_3900_firmware xps_17_9720 vostro_3910_firmware precision_5770 inspiron_16_plus_7620 inspiron_14_plus_7420 vostro_3710_firmware vostro_5320 vostro_5620_firmware vostro_7620 optiplex_3000_thin_client inspiron_5620_firmware optiplex_5400 inspiron_5320_firmware vostro_5620 precision_5770_firmware inspiron_14_plus_7420_firmware optiplex_5400_firmware optiplex_3000_thin_client_firmware optiplex_3000_firmware optiplex_7000_firmware inspiron_5320 inspiron_3910 vostro_3710 vostro_5320_firmware optiplex_7400_firmware inspiron_3910_firmware inspiron_5420_firmware precision_3460_small_form_factor_firmware optiplex_7000_oem_firmware precision_3460_small_form_factor inspiron_7620 CPG BIOS

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2026-26951

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.01% / 2.60%

||

7 Day CHG-0.00%

Published-20 Apr, 2026 | 16:44

Updated-28 Apr, 2026 | 21:04

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

Vendor-Dell Inc.

Product-powerprotect_dp_series_appliance data_domain_operating_system PowerProtect Data Domain

CWE ID-CWE-121

Stack-based Buffer Overflow

CVE-2021-21554

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-6.1||MEDIUM

EPSS-0.05% / 15.60%

||

7 Day CHG~0.00%

Published-14 Jun, 2021 | 19:10

Updated-16 Sep, 2024 | 16:42

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Vendor-Dell Inc.

Product-poweredge_r740_firmware poweredge_r940xa poweredge_mx740c_firmware precision_7920_firmware poweredge_r640_firmware precision_7920 poweredge_r940xa_firmware poweredge_r640 poweredge_r840 poweredge_mx840c poweredge_mx740c poweredge_r940_firmware poweredge_r840_firmware poweredge_r740xd_firmware poweredge_r940 poweredge_r740 poweredge_mx840c_firmware poweredge_r740xd PowerEdge BIOS Intel 15G

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-21540

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-5.9||MEDIUM

EPSS-0.52% / 67.00%

||

7 Day CHG~0.00%

Published-30 Apr, 2021 | 20:55

Updated-16 Sep, 2024 | 20:01

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload.

Vendor-Dell Inc.

Product-idrac9_firmware Integrated Dell Remote Access Controller (iDRAC)

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-21556

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-6.1||MEDIUM

EPSS-0.05% / 15.60%

||

7 Day CHG~0.00%

Published-14 Jun, 2021 | 19:10

Updated-17 Sep, 2024 | 01:40

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Vendor-Dell Inc.

Product-poweredge_r740_firmware poweredge_r940xa poweredge_mx740c_firmware poweredge_r640_firmware poweredge_r940xa_firmware poweredge_r640 poweredge_t640_firmware poweredge_r840 poweredge_mx840c poweredge_t640 poweredge_mx740c poweredge_r940_firmware poweredge_r840_firmware poweredge_r740xd_firmware poweredge_r940 poweredge_r740 poweredge_mx840c_firmware poweredge_r740xd PowerEdge BIOS Intel 15G

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-21555

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-6.1||MEDIUM

EPSS-0.06% / 18.72%

||

7 Day CHG~0.00%

Published-14 Jun, 2021 | 19:10

Updated-16 Sep, 2024 | 22:29

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Vendor-Dell Inc.

Product-poweredge_r740_firmware poweredge_r940xa poweredge_mx740c_firmware poweredge_r640_firmware poweredge_r940xa_firmware poweredge_r640 poweredge_t640_firmware poweredge_r840 poweredge_mx840c poweredge_t640 poweredge_mx740c poweredge_r940_firmware poweredge_r840_firmware poweredge_r740xd_firmware poweredge_r940 poweredge_r740 poweredge_mx840c_firmware poweredge_r740xd PowerEdge BIOS Intel 15G

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2022-34400

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-7.1||HIGH

EPSS-0.05% / 16.06%

||

7 Day CHG~0.00%

Published-01 Feb, 2023 | 04:24

Updated-27 Mar, 2025 | 14:10

Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.

Vendor-Dell Inc.

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2022-34401

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.06% / 19.25%

||

7 Day CHG~0.00%

Published-18 Jan, 2023 | 05:51

Updated-03 Apr, 2025 | 19:42

Dell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

Product-g15_5525_firmware alienware_m17_r5_firmware alienware_m15_a6_firmware g15_5525 alienware_m15_a6 alienware_m17_r5 CPG BIOS

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2022-34403

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.05% / 16.63%

||

7 Day CHG~0.00%

Published-01 Feb, 2023 | 05:19

Updated-26 Mar, 2025 | 18:54

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2022-26860

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.05% / 16.63%

||

7 Day CHG~0.00%

Published-06 Sep, 2022 | 20:15

Updated-27 May, 2026 | 13:02

Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in SMM.

Vendor-Dell Inc.

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-5344

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-7||HIGH

EPSS-4.12% / 88.84%

||

7 Day CHG~0.00%

Published-31 Mar, 2020 | 21:30

Updated-17 Sep, 2024 | 02:02

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.

Vendor-Dell Inc.

Product-idrac9_firmware idrac8_firmware idrac7 idrac7_firmware idrac9 idrac8 Integrated Dell Remote Access Controller (iDRAC)

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-30102

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-5.5||MEDIUM

EPSS-0.07% / 20.46%

||

7 Day CHG~0.00%

Published-08 May, 2025 | 17:40

Updated-16 May, 2025 | 15:38

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to denial of service.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-46643

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-2.3||LOW

EPSS-0.01% / 0.40%

||

7 Day CHG-0.00%

Published-09 Jan, 2026 | 16:07

Updated-05 Feb, 2026 | 13:26

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain a Heap-based Buffer Overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.

Vendor-Dell Inc.

Product-data_domain_operating_system PowerProtect Data Domain with Data Domain Operating System (DD OS) Feature Release PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024 PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2025 PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-45375

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-4.4||MEDIUM

EPSS-0.02% / 6.02%

||

7 Day CHG~0.00%

Published-07 Oct, 2025 | 19:00

Updated-14 Oct, 2025 | 20:08

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain a Stack-based Buffer Overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.

Vendor-Dell Inc.

Product-data_domain_operating_system PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023 PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024 PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2025

CWE ID-CWE-121

Stack-based Buffer Overflow

CVE-2025-43910

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-2.3||LOW

EPSS-0.02% / 6.02%

||

7 Day CHG~0.00%

Published-07 Oct, 2025 | 19:16

Updated-14 Oct, 2025 | 20:16

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain a Stack-based Buffer Overflow vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.

Vendor-Dell Inc.

Product-data_domain_operating_system PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023 PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024 PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2025

CWE ID-CWE-121

Stack-based Buffer Overflow

CVE-2023-25537

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-6.1||MEDIUM

EPSS-0.06% / 18.05%

||

7 Day CHG+0.01%

Published-22 May, 2023 | 10:48

Updated-21 Jan, 2025 | 15:07

Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.

Vendor-Dell Inc.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-3729

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-2.4||LOW

EPSS-0.12% / 29.95%

||

7 Day CHG~0.00%

Published-30 Sep, 2019 | 21:48

Updated-16 Sep, 2024 | 23:26

RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access could potentially exploit this vulnerability to cause a crash in the library of the affected system.

Vendor-Dell Inc.

Product-bsafe_micro-edition-suite RSA BSAFE MES

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2019-3705

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-8.1||HIGH

EPSS-2.10% / 84.41%

||

7 Day CHG~0.00%

Published-26 Apr, 2019 | 18:22

Updated-16 Sep, 2024 | 23:25

Buffer Overflow Vulnerability

Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.

Vendor-Dell Inc.

Product-idrac9_firmware idrac7_firmware idrac6_firmware idrac8_firmware iDRAC

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-26479

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-3.1||LOW

EPSS-0.57% / 68.93%

||

7 Day CHG~0.00%

Published-10 Apr, 2025 | 02:32

Updated-15 Jul, 2025 | 16:15

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-25050

Matching Score-6

Assigner-Talos

View Details

Matching Score-6

Assigner-Talos

CVSS Score-8.8||HIGH

EPSS-0.09% / 25.37%

||

7 Day CHG~0.00%

Published-13 Jun, 2025 | 21:03

Updated-26 Feb, 2026 | 17:50

Dell ControlVault3/ControlVault3 Plus cv_upgrade_sensor_firmware out-of-bounds write vulnerability

An out-of-bounds write vulnerability exists in the cv_upgrade_sensor_firmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an out-of-bounds write. An attacker can issue an API call to trigger this vulnerability.

Vendor-Broadcom Inc.Dell Inc.

Product-ControlVault3 ControlVault3 Plus BCM5820X

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-24922

Matching Score-6

Assigner-Talos

View Details

Matching Score-6

Assigner-Talos

CVSS Score-8.8||HIGH

EPSS-0.09% / 26.13%

||

7 Day CHG~0.00%

Published-13 Jun, 2025 | 20:51

Updated-26 Feb, 2026 | 17:50

Dell ControlVault3/ControlVault3 Plus securebio_identify stack-based buffer overflow vulnerability

A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cv_object can lead to a arbitrary code execution. An attacker can issue an API call to trigger this vulnerability.

Vendor-Broadcom Inc.Dell Inc.

Product-ControlVault3 ControlVault3 Plus BCM5820X

CWE ID-CWE-121

Stack-based Buffer Overflow

CVE-2024-38490

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-5.8||MEDIUM

EPSS-0.04% / 13.23%

||

7 Day CHG~0.00%

Published-01 Aug, 2024 | 07:19

Updated-02 Aug, 2024 | 13:54

Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.

Vendor-Dell Inc.

Product-emc_idrac_service_module iDRAC Service Module (iSM)emc_idrac_service_module

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-38489

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-3.1||LOW

EPSS-0.04% / 12.65%

||

7 Day CHG~0.00%

Published-01 Aug, 2024 | 07:15

Updated-02 Aug, 2024 | 13:54

Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event.

Vendor-Dell Inc.

Product-emc_idrac_service_module iDRAC Service Module (iSM)

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-32855

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-3.8||LOW

EPSS-0.06% / 19.04%

||

7 Day CHG~0.00%

Published-25 Jun, 2024 | 04:06

Updated-04 Feb, 2025 | 17:21

Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

Vendor-Dell Inc.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-28970

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-4.7||MEDIUM

EPSS-0.05% / 14.59%

||

7 Day CHG~0.00%

Published-12 Jun, 2024 | 06:51

Updated-18 Sep, 2024 | 13:04

Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.

Vendor-Dell Inc.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-29176

Matching Score-6

Assigner-Dell

View Details

Matching Score-6

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-0.60% / 69.84%

||

7 Day CHG~0.00%

Published-26 Jun, 2024 | 02:37

Updated-30 Oct, 2024 | 14:15

Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

Vendor-Dell Inc.

Product-dd9400 data_domain_operating_system dm5500 apex_protection_storage dd9410 dd6400 dd9910 dd3300 dd6900 dd9900 PowerProtect DD powerprotect_dd

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-36347

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs