ByteOS Network

Type	CWE ID	Description
CWE	CWE-321	CWE-321: Use of Hard-coded Cryptographic Key

Version	Base score	Base severity	Vector
3.1	8.2	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Hyperlink	Resource
https://www.dell.com/support/kbdoc/en-us/000194083/dsa-2021-260	x_refsource_MISC

Hyperlink	Resource
https://www.dell.com/support/kbdoc/en-us/000194083/dsa-2021-260	x_refsource_MISC x_transferred

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	8.2	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary	2.0	7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE ID	Type	Source
CWE-321	Primary	security_alert@emc.com

Hyperlink	Source	Resource
https://www.dell.com/support/kbdoc/en-us/000194083/dsa-2021-260	security_alert@emc.com	Patch Vendor Advisory

CVE-2016-0911

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.35% / 56.70%

||

7 Day CHG-0.32%

Published-19 Jun, 2016 | 20:00

Updated-12 Apr, 2025 | 10:46

EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root privileges.

Vendor-n/a Dell Inc.

Product-emc_data_domain_os n/a

CVE-2023-28033

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.01%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 09:37

Updated-08 Nov, 2024 | 15:14

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-25961

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.06% / 17.29%

||

7 Day CHG~0.00%

Published-28 Mar, 2024 | 18:00

Updated-09 Jan, 2025 | 16:48

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS

CWE ID-CWE-269

Improper Privilege Management

CVE-2024-25967

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.08% / 23.30%

||

7 Day CHG~0.00%

Published-14 May, 2024 | 06:44

Updated-09 Jan, 2025 | 15:51

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS powerscale_onefs

CWE ID-CWE-250

Execution with Unnecessary Privileges

CVE-2023-28061

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.01%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 09:19

Updated-08 Nov, 2024 | 16:51

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-46756

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.05% / 14.53%

||

7 Day CHG~0.00%

Published-01 Feb, 2023 | 05:37

Updated-27 Mar, 2025 | 13:25

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

Vendor-Dell Inc.

Product-vxrail_manager VxRail HCI

CWE ID-CWE-668

Exposure of Resource to Wrong Sphere

CVE-2023-28054

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.01%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 09:06

Updated-08 Nov, 2024 | 15:13

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36343

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.85%

||

7 Day CHG~0.00%

Published-24 Jan, 2022 | 20:10

Updated-16 Sep, 2024 | 16:44

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36279

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 10.03%

||

7 Day CHG~0.00%

Published-16 Aug, 2021 | 22:00

Updated-16 Sep, 2024 | 23:05

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CVE-2021-36324

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.85%

||

7 Day CHG~0.00%

Published-12 Nov, 2021 | 22:15

Updated-16 Sep, 2024 | 18:13

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36323

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.85%

||

7 Day CHG~0.00%

Published-12 Nov, 2021 | 22:15

Updated-17 Sep, 2024 | 02:02

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36283

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.85%

||

7 Day CHG~0.00%

Published-28 Sep, 2021 | 19:20

Updated-16 Sep, 2024 | 16:58

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36325

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.85%

||

7 Day CHG~0.00%

Published-12 Nov, 2021 | 22:15

Updated-16 Sep, 2024 | 20:31

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36317

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.04% / 12.18%

||

7 Day CHG~0.00%

Published-21 Dec, 2021 | 17:05

Updated-16 Sep, 2024 | 16:42

Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Vendor-Dell Inc.

Product-emc_powerprotect_data_protection_appliance emc_avamar_server Avamar

CWE ID-CWE-256

Plaintext Storage of a Password

CWE ID-CWE-522

Insufficiently Protected Credentials

CVE-2021-36290

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.11% / 30.42%

||

7 Day CHG~0.00%

Published-08 Apr, 2022 | 19:50

Updated-16 Sep, 2024 | 16:53

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges.

Vendor-Dell Inc.

Product-vnxe1600 vnx5600 vnx5400 vnx5800 vnx_vg10 emc_unity_operating_environment vnx5200 vnx_vg50 vnx7600 vnx8000 VNX2

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CWE ID-CWE-269

Improper Privilege Management

CVE-2024-0158

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.04% / 13.11%

||

7 Day CHG~0.00%

Published-02 Jul, 2024 | 06:20

Updated-01 Aug, 2024 | 17:41

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36315

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.8||MEDIUM

EPSS-0.04% / 12.73%

||

7 Day CHG~0.00%

Published-12 Nov, 2021 | 22:15

Updated-17 Sep, 2024 | 00:31

Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity.

Vendor-Dell Inc.

CVE-2020-5378

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.8||MEDIUM

EPSS-0.05% / 13.48%

||

7 Day CHG~0.00%

Published-02 Sep, 2020 | 20:55

Updated-17 Sep, 2024 | 01:51

Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

Vendor-Dell Inc.

Product-g7_17_7790_bios g7_17_7790 CPG BIOS

CWE ID-CWE-416

Use After Free

CVE-2018-15782

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.7||HIGH

EPSS-0.04% / 8.82%

||

7 Day CHG~0.00%

Published-16 Jan, 2019 | 20:00

Updated-17 Sep, 2024 | 03:38

DSA-2018-226: RSA® Authentication Manager Relative Path Traversal Vulnerability

The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system.

Vendor-Dell Inc.RSA Security LLC

Product-authentication_manager RSA Authentication Manager

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2022-45095

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.07% / 23.07%

||

7 Day CHG~0.00%

Published-01 Feb, 2023 | 04:45

Updated-27 Mar, 2025 | 13:24

Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2025-36600

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.02% / 2.37%

||

7 Day CHG~0.00%

Published-08 Jul, 2025 | 14:17

Updated-18 Aug, 2025 | 18:55

Dell Client Platform BIOS contains an Improper Access Control Applied to Mirrored or Aliased Memory Regions vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Vendor-Dell Inc.

Product-latitude_12_rugged_extreme_7214_firmware latitude_12_rugged_extreme_7214 Client Platform BIOS

CWE ID-CWE-1257

Improper Access Control Applied to Mirrored or Aliased Memory Regions

CVE-2018-1203

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-1.08% / 76.95%

||

7 Day CHG~0.00%

Published-26 Mar, 2018 | 18:00

Updated-16 Sep, 2024 | 19:20

In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.

Vendor-Dell Inc.

Product-emc_isilon_onefs Isilon OneFS

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CVE-2018-1185

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-1.52% / 80.49%

||

7 Day CHG~0.00%

Published-03 Feb, 2018 | 01:00

Updated-05 Aug, 2024 | 03:51

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.

Vendor-n/a Dell Inc.

Product-emc_recoverpoint emc_recoverpoint_for_virtual_machines EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2018-1204

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.95% / 75.40%

||

7 Day CHG~0.00%

Published-26 Mar, 2018 | 18:00

Updated-16 Sep, 2024 | 17:42

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.

Vendor-Dell Inc.

Product-emc_isilon_onefs Isilon OneFS

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2018-11077

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.30% / 53.09%

||

7 Day CHG+0.07%

Published-26 Nov, 2018 | 20:00

Updated-17 Sep, 2024 | 03:06

Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.

Vendor-VMware (Broadcom Inc.)Dell Inc.

Product-emc_integrated_data_protection_appliance emc_avamar vsphere_data_protection Integrated Data Protection Appliance Avamar

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-39251

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 8.26%

||

7 Day CHG~0.00%

Published-22 Dec, 2023 | 17:55

Updated-02 Aug, 2024 | 18:02

Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.

CWE ID-CWE-20

Improper Input Validation

CVE-2018-11072

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.08% / 23.45%

||

7 Day CHG~0.00%

Published-02 Oct, 2018 | 13:00

Updated-16 Sep, 2024 | 19:57

Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges.

Vendor-Dell Inc.

Product-digital_delivery Dell Digital Delivery

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2025-30098

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.05% / 13.63%

||

7 Day CHG~0.00%

Published-04 Aug, 2025 | 14:42

Updated-12 Aug, 2025 | 03:55

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Vendor-Dell Inc.

Product-PowerProtect Data Domain LTS 2023 PowerProtect Data Domain Feature Release PowerProtect Data Domain LTS2024

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2025-30096

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.05% / 13.63%

||

7 Day CHG~0.00%

Published-04 Aug, 2025 | 14:32

Updated-12 Aug, 2025 | 03:55

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Vendor-Dell Inc.

Product-PowerProtect Data Domain LTS 2023 PowerProtect Data Domain Feature Release PowerProtect Data Domain LTS2024

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2025-30097

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.05% / 13.63%

||

7 Day CHG~0.00%

Published-04 Aug, 2025 | 14:38

Updated-12 Aug, 2025 | 03:55

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges

Vendor-Dell Inc.

Product-PowerProtect Data Domain LTS 2023 PowerProtect Data Domain Feature Release PowerProtect Data Domain LTS2024

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2018-1184

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.25% / 47.87%

||

7 Day CHG~0.00%

Published-03 Feb, 2018 | 01:00

Updated-05 Aug, 2024 | 03:51

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges.

Vendor-n/a Dell Inc.

Product-emc_recoverpoint emc_recoverpoint_for_virtual_machines EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-21522

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.04% / 12.09%

||

7 Day CHG~0.00%

Published-28 Sep, 2021 | 19:20

Updated-17 Sep, 2024 | 03:23

Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.

Vendor-Dell Inc.

CWE ID-CWE-255

Not Available

CVE-2021-21547

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.02% / 3.65%

||

7 Day CHG~0.00%

Published-30 Apr, 2021 | 21:10

Updated-16 Sep, 2024 | 18:34

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Vendor-Dell Inc.

Product-unity_operating_environment unityvsa_operating_environment unity_xt_operating_environment Unity

CWE ID-CWE-312

Cleartext Storage of Sensitive Information

CVE-2021-21518

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 9.49%

||

7 Day CHG~0.00%

Published-12 Mar, 2021 | 20:10

Updated-16 Sep, 2024 | 19:31

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

Vendor-Dell Inc.

Product-supportassist_for_business_pcs supportassist_for_home_pcs supportassist_client_promanage Dell SupportAssist Client

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2021-21590

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.12% / 31.25%

||

7 Day CHG~0.00%

Published-12 Jul, 2021 | 15:40

Updated-16 Sep, 2024 | 20:57

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Vendor-Dell Inc.

Product-emc_unity_operating_environment emc_unityvsa_operating_environment emc_unity_xt_operating_environment Unity

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE ID-CWE-522

Insufficiently Protected Credentials

CVE-2021-21595

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.19% / 40.57%

||

7 Day CHG~0.00%

Published-16 Aug, 2021 | 22:00

Updated-17 Sep, 2024 | 00:30

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2021-21557

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.1||HIGH

EPSS-0.04% / 11.68%

||

7 Day CHG~0.00%

Published-14 Jun, 2021 | 19:10

Updated-16 Sep, 2024 | 17:02

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-125

Out-of-bounds Read

CVE-2021-21552

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.2||MEDIUM

EPSS-0.14% / 34.59%

||

7 Day CHG~0.00%

Published-21 May, 2021 | 20:05

Updated-16 Sep, 2024 | 23:46

Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system.

Vendor-Microsoft Corporation Dell Inc.

Product-wyse_5070_thin_client wyse_5470_all-in-one_thin_client wyse_5470_thin_client windows_10 Wyse Windows Embedded (WES)

CWE ID-CWE-863

Incorrect Authorization

CVE-2021-21554

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.1||MEDIUM

EPSS-0.05% / 14.66%

||

7 Day CHG~0.00%

Published-14 Jun, 2021 | 19:10

Updated-16 Sep, 2024 | 16:42

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-21555

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.1||MEDIUM

EPSS-0.15% / 36.31%

||

7 Day CHG~0.00%

Published-14 Jun, 2021 | 19:10

Updated-16 Sep, 2024 | 22:29

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-21535

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.4||HIGH

EPSS-0.03% / 8.06%

||

7 Day CHG~0.00%

Published-30 Apr, 2021 | 17:40

Updated-16 Sep, 2024 | 23:35

Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system.

Vendor-Dell Inc.

Product-hybrid_client Dell Hybrid Client (DHC)

CWE ID-CWE-306

Missing Authentication for Critical Function

CVE-2021-21527

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.05% / 16.73%

||

7 Day CHG~0.00%

Published-06 May, 2021 | 12:40

Updated-16 Sep, 2024 | 18:28

Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-21526

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.03% / 5.93%

||

7 Day CHG~0.00%

Published-20 Apr, 2021 | 16:45

Updated-17 Sep, 2024 | 00:06

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-21599

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.30% / 52.58%

||

7 Day CHG~0.00%

Published-16 Aug, 2021 | 22:00

Updated-17 Sep, 2024 | 03:19

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-21591

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.12% / 31.25%

||

7 Day CHG~0.00%

Published-12 Jul, 2021 | 15:40

Updated-17 Sep, 2024 | 03:48

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Vendor-Dell Inc.

Product-emc_unity_operating_environment emc_unityvsa_operating_environment emc_unity_xt_operating_environment Unity

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE ID-CWE-522

Insufficiently Protected Credentials

CVE-2021-21558

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.06% / 18.86%

||

7 Day CHG~0.00%

Published-08 Jun, 2021 | 18:05

Updated-16 Sep, 2024 | 21:08

Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain.

Vendor-Dell Inc.

Product-emc_networker NetWorker

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2021-21550

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.05% / 16.73%

||

7 Day CHG~0.00%

Published-06 May, 2021 | 12:40

Updated-16 Sep, 2024 | 20:01

Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-21553

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.03% / 7.77%

||

7 Day CHG~0.00%

Published-02 Aug, 2021 | 23:45

Updated-17 Sep, 2024 | 03:54

Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS

CWE ID-CWE-286

Incorrect User Management

CVE-2022-34409

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 8.38%

||

7 Day CHG~0.00%

Published-16 Mar, 2023 | 11:26

Updated-26 Feb, 2025 | 18:57

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Vendor-Dell Inc.

Product-r750xa_firmware t430_firmware r6515_firmware t350_firmware fc430_firmware m630_firmware t550_firmware r430 nx3330 r750xa c6420 r6515 fc430 r530_firmware r930_firmware r450 r650_firmware r6415 t130_firmware c6520_firmware t440 xe7420 m630 r640_firmware r740 r550_firmware c4130_firmware r830 r940xa r7515_firmware t340_firmware r240_firmware r630_firmware nx3230 fc640_firmware m830p r250 fc630_firmware r940xa_firmware xe2420_firmware nx3340 t640_firmware r940_firmware xe7440 r230_firmware m830_firmware c4140_firmware c6320_firmware xr12_firmware m640p r750 fc630 r730xd_firmware r7415 r550 r6415_firmware r340 xe8545 r650 nx430_firmware fc640 r630 c4130 r740xd2_firmware r7425_firmware r240 c6420_firmware t330_firmware mx740c r7425 r330_firmware c6525 t140 r750xs_firmware r330 nx430 r640 nx440_firmware mx840c m630p nx3340_firmware r750xs t630 m640 c6320 r430_firmware r650xs r350 t150_firmware r750_firmware t150 r6525 mx840c_firmware r740_firmware r450_firmware nx3240_firmware c4140 t630_firmware t340 t130 t430 r440_firmware r530 dss8440_firmware mx740c_firmware r250_firmware r940 r340_firmware r7415_firmware r840 r730 nx3240 m830 m640p_firmware xe8545_firmware r440 r740xd2 r7525_firmware r6525_firmware r730xd r540 r230 mx750c_firmware r840_firmware r740xd_firmware r7525 xe2420 xr11_firmware dss8440 xr11 m630p_firmware fc830 r350_firmware t550 xr12 nx3330_firmware mx750c nx440 t640 r830_firmware r540_firmware m830p_firmware t350 fc830_firmware t140_firmware xe7440_firmware r730_firmware xr2 m640_firmware r740xd r7515 t330 c6525_firmware xe7420_firmware r650xs_firmware t440_firmware xr2_firmware r930 nx3230_firmware c6520 PowerEdge Platform

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2022-34412

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 8.38%

||

7 Day CHG~0.00%

Published-16 Mar, 2023 | 11:33

Updated-26 Feb, 2025 | 19:15

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Vendor-Dell Inc.

Product-xe7440 m630p_firmware dss8440_firmware r740xd_firmware xr12_firmware r430_firmware m640 r350 r350_firmware c6320_firmware r6525_firmware mx840c dss8440 t430 nx3240_firmware r6525 r550 r750_firmware t640 c4130_firmware fc430_firmware c6320 r230 nx430_firmware c6420_firmware r6515_firmware nx3230 t330 t630_firmware xr2_firmware fc640_firmware mx740c c6525_firmware r440 r840 t130 xr2 r750xs r750xa_firmware r440_firmware t550_firmware r240_firmware r730_firmware c4130 r830 r240 r930_firmware r530 t430_firmware r540_firmware t630 fc630 m630 t340 r7415_firmware nx3230_firmware c6520_firmware nx3240 t140 r250 xr11_firmware r340_firmware nx430 r6515 xr11 xe2420 t150_firmware xe8545_firmware r540 fc830 r940xa nx3330 c4140_firmware mx750c nx440 r750xa xe7440_firmware xe7420 r940xa_firmware r7425 r7525_firmware r7525 r740_firmware c6420 r930 m830p t440_firmware fc630_firmware m830 t440 r730xd_firmware m630p fc830_firmware r740xd r630_firmware nx3340_firmware r430 m640_firmware t350_firmware r6415_firmware m830_firmware c6525 xe7420_firmware r650_firmware r740 r340 c6520 m830p_firmware r750 mx750c_firmware t150 xe2420_firmware r650xs_firmware m640p_firmware r7425_firmware t140_firmware r640 xr12 r630 fc430 r640_firmware r730xd r7415 nx3340 r650xs c4140 r740xd2 r830_firmware t550 r750xs_firmware nx3330_firmware r330_firmware mx840c_firmware r230_firmware m640p r940_firmware t130_firmware r940 r650 r840_firmware r530_firmware r7515 r250_firmware t340_firmware r730 r330 t640_firmware r450_firmware t350 xe8545 nx440_firmware r6415 r740xd2_firmware r550_firmware r7515_firmware t330_firmware r450 fc640 mx740c_firmware m630_firmware PowerEdge Platform

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2021-43587

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs