Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-24415

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-11 Mar, 2022 | 21:45
Updated At-17 Sep, 2024 | 02:48
Rejected At-
Credits

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:11 Mar, 2022 | 21:45
Updated At:17 Sep, 2024 | 02:48
Rejected At:
▼CVE Numbering Authority (CNA)

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Affected Products
Vendor
Dell Inc.Dell
Product
CPG BIOS
Versions
Affected
  • From unspecified before 1.16 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-119CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
Type: CWE
CWE ID: CWE-119
Description: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
Metrics
VersionBase scoreBase severityVector
3.18.2HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053
x_refsource_MISC
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053
x_refsource_MISC
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:11 Mar, 2022 | 22:15
Updated At:30 Jun, 2023 | 18:32

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.2HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Dell Inc.
dell
>>alienware_13_r3_firmware>>Versions before 1.16.1(exclusive)
cpe:2.3:o:dell:alienware_13_r3_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_13_r3>>-
cpe:2.3:h:dell:alienware_13_r3:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_15_r3_firmware>>Versions before 1.16.1(exclusive)
cpe:2.3:o:dell:alienware_15_r3_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_15_r3>>-
cpe:2.3:h:dell:alienware_15_r3:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_15_r4_firmware>>Versions before 1.17.0(exclusive)
cpe:2.3:o:dell:alienware_15_r4_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_15_r4>>-
cpe:2.3:h:dell:alienware_15_r4:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_17_r4_firmware>>Versions before 1.16.1(exclusive)
cpe:2.3:o:dell:alienware_17_r4_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_17_r4>>-
cpe:2.3:h:dell:alienware_17_r4:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_17_r5_firmware>>Versions before 1.17.0(exclusive)
cpe:2.3:o:dell:alienware_17_r5_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_17_r5>>-
cpe:2.3:h:dell:alienware_17_r5:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_area_51m_r1_firmware>>Versions before 1.18.0(exclusive)
cpe:2.3:o:dell:alienware_area_51m_r1_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_area_51m_r1>>-
cpe:2.3:h:dell:alienware_area_51m_r1:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_area_51m_r2_firmware>>Versions before 1.13.0(exclusive)
cpe:2.3:o:dell:alienware_area_51m_r2_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_area_51m_r2>>-
cpe:2.3:h:dell:alienware_area_51m_r2:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_aurora_r8_firmware>>Versions before 1.0.20(exclusive)
cpe:2.3:o:dell:alienware_aurora_r8_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_aurora_r8>>-
cpe:2.3:h:dell:alienware_aurora_r8:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_m15_r2_firmware>>Versions before 1.12.0(exclusive)
cpe:2.3:o:dell:alienware_m15_r2_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_m15_r2>>-
cpe:2.3:h:dell:alienware_m15_r2:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_m15_r3_firmware>>Versions before 1.14.0(exclusive)
cpe:2.3:o:dell:alienware_m15_r3_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_m15_r3>>-
cpe:2.3:h:dell:alienware_m15_r3:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_m15_r4_firmware>>Versions before 1.8.0(exclusive)
cpe:2.3:o:dell:alienware_m15_r4_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_m15_r4>>-
cpe:2.3:h:dell:alienware_m15_r4:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_m17_r2_firmware>>Versions before 1.12.0(exclusive)
cpe:2.3:o:dell:alienware_m17_r2_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_m17_r2>>-
cpe:2.3:h:dell:alienware_m17_r2:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_m17_r3_firmware>>Versions before 1.14.0(exclusive)
cpe:2.3:o:dell:alienware_m17_r3_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_m17_r3>>-
cpe:2.3:h:dell:alienware_m17_r3:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_m17_r4_firmware>>Versions before 1.8.0(exclusive)
cpe:2.3:o:dell:alienware_m17_r4_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_m17_r4>>-
cpe:2.3:h:dell:alienware_m17_r4:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_x15_r1_firmware>>Versions before 1.7.0(exclusive)
cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_x15_r1>>-
cpe:2.3:h:dell:alienware_x15_r1:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_x17_r1_firmware>>Versions before 1.7.0(exclusive)
cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>alienware_x17_r1>>-
cpe:2.3:h:dell:alienware_x17_r1:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>edge_gateway_3000_firmware>>Versions before 1.7.0(exclusive)
cpe:2.3:o:dell:edge_gateway_3000_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>edge_gateway_3000>>-
cpe:2.3:h:dell:edge_gateway_3000:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>edge_gateway_5000_firmware>>Versions before 1.17.0(exclusive)
cpe:2.3:o:dell:edge_gateway_5000_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>edge_gateway_5000>>-
cpe:2.3:h:dell:edge_gateway_5000:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>edge_gateway_5100_firmware>>Versions before 1.17.0(exclusive)
cpe:2.3:o:dell:edge_gateway_5100_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>edge_gateway_5100>>-
cpe:2.3:h:dell:edge_gateway_5100:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>embedded_box_pc_3000_firmware>>Versions before 1.13.0(exclusive)
cpe:2.3:o:dell:embedded_box_pc_3000_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>embedded_box_pc_3000>>-
cpe:2.3:h:dell:embedded_box_pc_3000:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>embedded_box_pc_5000_firmware>>Versions before 1.14.0(exclusive)
cpe:2.3:o:dell:embedded_box_pc_5000_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>embedded_box_pc_5000>>-
cpe:2.3:h:dell:embedded_box_pc_5000:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_14_3473_firmware>>Versions before 1.14.0(exclusive)
cpe:2.3:o:dell:inspiron_14_3473_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_14_3473>>-
cpe:2.3:h:dell:inspiron_14_3473:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_15_3573_firmware>>Versions before 1.14.0(exclusive)
cpe:2.3:o:dell:inspiron_15_3573_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_15_3573>>-
cpe:2.3:h:dell:inspiron_15_3573:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_15_5566_firmware>>Versions before 1.18.0(exclusive)
cpe:2.3:o:dell:inspiron_15_5566_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_15_5566>>-
cpe:2.3:h:dell:inspiron_15_5566:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3277_firmware>>Versions before 1.19.0(exclusive)
cpe:2.3:o:dell:inspiron_3277_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3277>>-
cpe:2.3:h:dell:inspiron_3277:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE-119Secondarysecurity_alert@emc.com
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-119
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053security_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

977Records found
CVE-2020-5384
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.05% / 15.56%
||
7 Day CHG~0.00%
Published-31 Jul, 2020 | 17:45
Updated-16 Sep, 2024 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-multifactor_authentication_agentRSA Authentication Agent for Microsoft Windows
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2020-5376
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 13.54%
||
7 Day CHG~0.00%
Published-02 Sep, 2020 | 20:55
Updated-16 Sep, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_7347_biosinspiron_7347CPG BIOS
CWE ID-CWE-416
Use After Free
CVE-2020-5316
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.42%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 17:00
Updated-17 Sep, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsDell SupportAssist Client
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-43882
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.12%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 13:51
Updated-28 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Unauthorized Access.

Action-Not Available
Vendor-Dell Inc.
Product-ThinOS 10
CWE ID-CWE-283
Unverified Ownership
CVE-2025-43729
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.12%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 14:02
Updated-28 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthorized Access.

Action-Not Available
Vendor-Dell Inc.
Product-ThinOS 10
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-29499
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.16% / 37.54%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 21:30
Updated-17 Sep, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerStore versions prior to 1.0.3.0.5.006 contain an OS Command Injection vulnerability in PowerStore X environment . A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerstorePowerStore
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-38747
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.15%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 19:48
Updated-18 Aug, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_os_recoverySupportAssist OS Recovery
CWE ID-CWE-378
Creation of Temporary File With Insecure Permissions
CVE-2025-38738
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.21%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 14:36
Updated-18 Aug, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SupportAssist for Home PCs Installer exe version(s) 4.8.2.29006 and prior, contain(s) an Incorrect Privilege Assignment vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_home_pcsSupportAssist for Home PCs
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2023-32487
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.60%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 13:28
Updated-08 Oct, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service, code execution and information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-36613
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-2.8||LOW
EPSS-0.01% / 1.58%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 14:46
Updated-18 Aug, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist for Home PCs
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-36612
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.21%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 14:42
Updated-18 Aug, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcsSupportAssist for Business PCs
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-36607
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.50%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 14:12
Updated-15 Aug, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-36600
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.02% / 2.43%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 14:17
Updated-18 Aug, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Platform BIOS contains an Improper Access Control Applied to Mirrored or Aliased Memory Regions vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_12_rugged_extreme_7214_firmwarelatitude_12_rugged_extreme_7214Client Platform BIOS
CWE ID-CWE-1257
Improper Access Control Applied to Mirrored or Aliased Memory Regions
CVE-2020-26193
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.52%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-36606
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.50%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 14:09
Updated-15 Aug, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-36564
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.25%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 14:41
Updated-04 Jun, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-Encryption Admin Utilities
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2020-26194
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.05% / 14.78%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-17 Sep, 2024 | 02:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to compromised cryptographic operations. Note: no non-admin users or roles have these privileges by default.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-36609
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-2.5||LOW
EPSS-0.01% / 1.18%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 18:14
Updated-06 Aug, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains a Use of Hard-coded Password vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Software
CWE ID-CWE-259
Use of Hard-coded Password
CVE-2020-26181
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.04% / 10.10%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsemc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-26191
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.78%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-26186
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.04% / 11.21%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 18:55
Updated-17 Sep, 2024 | 02:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM).

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_5675_firmwareinspiron_5675CPG BIOS
CWE ID-CWE-642
External Control of Critical State Data
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-26192
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.78%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no non-admin users or roles have these privileges by default.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-32753
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 4.00%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 13:46
Updated-11 Jul, 2025 | 12:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, information disclosure, and information tampering.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-30099
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.62%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 14:47
Updated-12 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-PowerProtect Data Domain LTS 2023PowerProtect Data Domain Feature ReleasePowerProtect Data Domain LTS2024
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-39256
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.10%
||
7 Day CHG~0.00%
Published-02 Dec, 2023 | 04:18
Updated-02 Aug, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product installation and upgrade, leading to privilege escalation on the system.

Action-Not Available
Vendor-Dell Inc.
Product-rugged_control_centerRugged Control Center (RCC)
CWE ID-CWE-284
Improper Access Control
CVE-2023-28072
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.11%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 15:38
Updated-30 Sep, 2024 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. A local malicious user could potentially send specially crafted requests to the .NET Remoting server to run arbitrary code on the system.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-27688
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.34%
||
7 Day CHG~0.00%
Published-18 Mar, 2025 | 15:55
Updated-01 Jul, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_3420optiplex_3000_thin_clientlatitude_5440wyse_5470_all-in-one_thin_clientoptiplex_7420_all-in-onelatitude_5450latitude_3440optiplex_5400_all-in-oneoptiplex_7410_all-in-onewyse_5070_thin_clientthinoswyse_5470_mobile_thin_clientWyse Proprietary OS (Modern ThinOS)
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-39257
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.10%
||
7 Day CHG~0.00%
Published-02 Dec, 2023 | 04:22
Updated-02 Aug, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product installation repair is performed, leading to privilege escalation on the system.

Action-Not Available
Vendor-Dell Inc.
Product-rugged_control_centerRugged Control Center (RCC)
CWE ID-CWE-284
Improper Access Control
CVE-2025-27689
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.84%
||
7 Day CHG~0.00%
Published-12 Jun, 2025 | 20:36
Updated-16 Jun, 2025 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-iDRAC Tools
CWE ID-CWE-284
Improper Access Control
CVE-2019-3717
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.07%
||
7 Day CHG~0.00%
Published-05 Aug, 2019 | 16:38
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en for versions affected by this vulnerability.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_3567precision_t5810_firmwareg7_7590inspiron_3470latitude_e7270vostro_3468xps_9560inspiron_5458precision_7920_firmwarevenue_7140_firmwareinspiron_7570vostro_3669precision_7820_firmwareinspiron_3476_firmwarevostro_5568_firmwareinspiron_7373latitude_e5550optiplex_7040_firmwarelatitude_5179latitude_7380_firmwarelatitude_7370latitude_7370_firmwarexps_9575_firmwareinspiron_5570wyse_7040latitude_e5270precision_3420wyse_5070inspiron_5368_firmwarelatitude_5490inspiron_5579latitude_5590latitude_7390_2-in-1precision_5530_2-in-1inspiron_7567vostro_3070_firmwareprecision_5720_aio_firmwareinspiron_7580_firmwareinspiron_7568_firmwareinspiron_7778_firmwareinspiron_7579precision_7920inspiron_3583precision_7720vostro_5581_firmwareinspiron_7786latitude_3380_firmwareoptiplex_7760_aiolatitude_3150inspiron_7378_firmwareprecision_5530_firmwareoptiplex_5040latitude_e7270_firmwarelatitude_5280_firmwareg5_5587_firmwarelatitude_3180inspiron_3268latitude_7424_rugged_extreme_firmwarelatitude_e5470optiplex_5250_aio_firmwareprecision_t5810optiplex_5050vostro_3667latitude_3460_firmwarelatitude_3470latitude_e7470_firmwareinspiron_7359_firmwareoptiplex_3050_aiog5_5590vostro_5468precision_7720_firmwareinspiron_3476optiplex_3060_firmwareinspiron_3558inspiron_7566_firmwareinspiron_3780latitude_3590_firmwareinspiron_5557latitude_7490_firmwareinspiron_7380_firmwarelatitude_7390_firmwarexps_9350latitude_7250_firmwareprecision_7710precision_5520precision_5720_aiolatitude_5591precision_3520inspiron_7573_firmwareinspiron_5468precision_3620precision_5820inspiron_7572g7_7790inspiron_5758_firmwareinspiron_7572_firmwareinspiron_5767_firmwarelatitude_e5570latitude_3390optiplex_5050_firmwareprecision_7520_firmwareoptiplex_3050latitude_5175_firmwarelatitude_5250xps_9380latitude_7414latitude_7414_firmwarelatitude_e5270_firmwareinspiron_7586optiplex_3040_firmwareoptiplex_7460_aio_firmwareprecision_3630_firmwarevostro_3458_firmwareinspiron_3480_firmwareg5_5590_firmwareprecision_3430inspiron_7466_firmwarexps_7760_firmwareinspiron_5568optiplex_5060_firmwarelatitude_3150_firmwarexps_9250_firmwarelatitude_7285_firmwareinspiron_670latitude_3560inspiron_5567_firmwarelatitude_e7250_firmwarevostro_3581_firmwarelatitude_3470_firmwareinspiron_7778precision_7530_firmwarelatitude_7275vostro_3581latitude_3570vostro_3583_firmwarelatitude_5414latitude_3190_firmwareinspiron_3568optiplex_5260_aioinspiron_3459_firmwarelatitude_7202inspiron_7779_firmwareg3_3779_firmwarevostro_3268_firmwarevostro_3660wyse_7040_firmwareoptiplex_7450_aiolatitude_7390_2-in-1_firmwarechengming_3967inspiron_5457latitude_7480_firmwarexps_9550_firmwarelatitude_3350_firmwarevostro_3568latitude_e5470_firmwarelatitude_7202_firmwarechengming_3977latitude_5285_firmwarelatitude_5288_firmwareinspiron_3568_firmwareinspiron_5559inspiron_5480latitude_3190vostro_5370inspiron_7460inspiron_5580_firmwareoptiplex_7760_aio_firmwarexps_9250latitude_5488latitude_5290_2-in-1_firmwarexps_9360vostro_3669_firmwarevostro_3478inspiron_7569_firmwarelatitude_7380precision_7710_firmwarelatitude_3590inspiron_3580_firmwareinspiron_3781_firmwarelatitude_5550_firmwarevostro_5370_firmwareinspiron_7472_firmwarewyse_5070_firmwarevostro_3670_firmwareinspiron_670_firmwarelatitude_7275_firmwareprecision_7520latitude_5290_2-in-1vostro_3660_firmwarevostro_3583latitude_5491_firmwareinspiron_5482latitude_7290inspiron_3153_firmwareoptiplex_3240_aioinspiron_7560precision_3630latitude_7480latitude_7214_firmwareinspiron_3559_firmwareoptiplex_3060optiplex_5060xps_7760latitude_5420_firmwareinspiron_3468inspiron_7580latitude_5550inspiron_3668inspiron_5770latitude_3450inspiron_3584latitude_3580inspiron_5482_firmwarevostro_5481latitude_7250inspiron_3668_firmwareinspiron_5559_firmwareinspiron_7467precision_3530_firmwareprecision_3930_firmwarelatitude_5285latitude_7212latitude_5580_firmwareinspiron_5480_firmwarelatitude_3189chengming_3967_firmwareoptiplex_xe3_firmwareinspiron_3158vostro_3580inspiron_7566vostro_7570_firmwarevostro_7580latitude_7350_firmwarevostro_3268inspiron_5368vostro_3584optiplex_xe3inspiron_7472latitude_5175precision_3620_firmwareprecision_5510embedded_box_pc_5000inspiron_5379_firmwareinspiron_7370xps_8900latitude_5491inspiron_3580vostro_3267_firmwarevostro_5468_firmwarevostro_3470_firmwareg3_3579inspiron_5557_firmwareinspiron_7386_firmwareinspiron_7773_firmwareoptiplex_7040inspiron_7386xps_9370_firmwareinspiron_5379latitude_7280inspiron_5579_firmwarexps_9343_firmwarexps_9570vostro_3459inspiron_7466inspiron_7373_firmwarelatitude_5480optiplex_7050_firmwarevostro_5471_firmwarelatitude_3379_firmwareinspiron_7773inspiron_7779optiplex_3046vostro_3468_firmwareinspiron_7380xps_9370latitude_7350latitude_3160_firmwareoptiplex_5260_aio_firmwarelatitude_7285inspiron_7570_firmwareinspiron_3559inspiron_7353_firmwareinspiron_5378_firmwareprecision_3420_firmwareinspiron_5459_firmwarevostro_3459_firmwareprecision_7510_firmwareinspiron_5481precision_t7810_firmwareprecision_5530_2-in-1_firmwarexps_9550inspiron_5567inspiron_7786_firmwareinspiron_7569inspiron_3458optiplex_7450_aio_firmwarelatitude_e5450inspiron_3576xps_9350_firmwarevostro_3668_firmwareinspiron_5578latitude_3160latitude_7214inspiron_3781inspiron_3576_firmwareprecision_3430_firmwareinspiron_5468_firmwarelatitude_3550_firmwareg7_7588_firmwarelatitude_3570_firmwareoptiplex_3050_firmwareoptiplex_3050_aio_firmwarevostro_3568_firmwareg3_3579_firmwarelatitude_3480_firmwarelatitude_3189_firmwarexps_9570_firmwarelatitude_7389optiplex_7440_aio_firmwarelatitude_3560_firmwareinspiron_5570_firmwarelatitude_5290latitude_5289_firmwarechengming_3980_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530g7_7588xps_9380_firmwareinspiron_3470_firmwarelatitude_5590_firmwarelatitude_3350vostro_5481_firmwareinspiron_5370latitude_5250_firmwareinspiron_7467_firmwareoptiplex_7460_aioinspiron_7577_firmwarevostro_3267inspiron_3481_firmwareprecision_5530inspiron_7577optiplex_5250_aiolatitude_7212_firmwareinspiron_5582optiplex_7440_aioinspiron_3584_firmwarelatitude_3450_firmwareinspiron_3459precision_t7910_firmwareprecision_3930inspiron_3480inspiron_3583_firmwareinspiron_5770_firmwareinspiron_7586_firmwarelatitude_3490inspiron_3153latitude_e5450_firmwareinspiron_5568_firmwarelatitude_5420latitude_3180_firmwareinspiron_3558_firmwarevostro_3580_firmwareinspiron_3581_firmwarexps_8900_firmwarevostro_5471latitude_3490_firmwareinspiron_5759_firmwarevostro_5581vostro_3668inspiron_5566inspiron_7378inspiron_5558xps_9343latitude_7280_firmwareg7_7790_firmwareinspiron_5758vostro_3670latitude_5280latitude_5179_firmwareinspiron_3467latitude_e5570_firmwarexps_9560_firmwareinspiron_7460_firmwareoptiplex_3240_aio_firmwarexps_9360_firmwareoptiplex_3046_firmwarelatitude_3380inspiron_5580latitude_5289latitude_5480_firmwarelatitude_e7450_firmwareinspiron_5582_firmwareinspiron_7368latitude_3460precision_7820inspiron_7359precision_5510_firmwareinspiron_5558_firmwarelatitude_e5550_firmwareinspiron_7579_firmwareinspiron_3468_firmwarelatitude_3480inspiron_5459latitude_5490_firmwarelatitude_5591_firmwareinspiron_5378vostro_3070latitude_e7450inspiron_5481_firmwareprecision_5520_firmwarelatitude_5580latitude_3379inspiron_7573vostro_3584_firmwareinspiron_5457_firmwareinspiron_3268_firmwarevostro_3478_firmwarevostro_3480precision_3520_firmwareinspiron_3567_firmwarelatitude_3550chengming_3980inspiron_7567_firmwarelatitude_5450precision_t7810vostro_3458optiplex_7060inspiron_7560_firmwareinspiron_3467_firmwarelatitude_5290_firmwarelatitude_7424_rugged_extremeprecision_t7910g5_5587latitude_3580_firmwarevostro_3470inspiron_7353latitude_7390optiplex_3040vostro_7570venue_7140latitude_5450_firmwarelatitude_7290_firmwareprecision_7530inspiron_5370_firmwarelatitude_3390_firmwarechengming_3977_firmwarexps_9575vostro_3480_firmwareprecision_7510latitude_e5250g7_7590_firmwarelatitude_e5250_firmwareembedded_box_pc_5000_firmwareoptiplex_7050inspiron_3458_firmwarevostro_7580_firmwareprecision_3510_firmwareprecision_3510inspiron_7370_firmwareinspiron_5458_firmwarelatitude_5414_firmwarelatitude_7490inspiron_5759latitude_7389_firmwarelatitude_5288inspiron_5566_firmwareinspiron_5767inspiron_3158_firmwareoptiplex_7060_firmwareinspiron_7368_firmwareg3_3779latitude_e7470precision_5820_firmwareoptiplex_5040_firmwareinspiron_5578_firmwareinspiron_3581vostro_5568vostro_3667_firmwareinspiron_7568latitude_e7250latitude_5488_firmwareDell Client Commercial and Consumer platforms
CVE-2019-3735
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.03% / 8.03%
||
7 Day CHG~0.00%
Published-20 Jun, 2019 | 21:43
Updated-17 Sep, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsDell SupportAssist for Home PCsDell SupportAssist for Business PCs
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-3744
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.61%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 19:13
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryAlienware Digital DeliveryDell Digital Delivery
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2019-3716
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.60%
||
7 Day CHG~0.00%
Published-13 Mar, 2019 | 22:00
Updated-16 Sep, 2024 | 22:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Exposure Vulnerability

RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-archer_grc_platformRSA Archer
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-3767
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.08%
||
7 Day CHG~0.00%
Published-14 Oct, 2019 | 17:10
Updated-17 Sep, 2024 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems.

Action-Not Available
Vendor-Dell Inc.
Product-imageassistImageAssist
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2019-3763
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.05% / 14.62%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 19:17
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.

Action-Not Available
Vendor-Dell Inc.
Product-rsa_identity_governance_and_lifecyclersa_via_lifecycle_and_governanceRSA Via Lifecycle and GovernanceRSA Identity Governance and Lifecycle
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-39259
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.04% / 13.06%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 09:02
Updated-12 Aug, 2024 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.

Action-Not Available
Vendor-Dell Inc.
Product-os_recovery_toolDell OS Recovery Tool
CWE ID-CWE-284
Improper Access Control
CVE-2023-39253
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 6.93%
||
7 Day CHG~0.00%
Published-23 Nov, 2023 | 06:20
Updated-02 Aug, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.

Action-Not Available
Vendor-Dell Inc.
Product-os_recovery_toolDell OS Recovery Tool
CWE ID-CWE-284
Improper Access Control
CVE-2019-3742
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.55%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 19:12
Updated-17 Sep, 2024 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an executable with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryAlienware Digital DeliveryDell Digital Delivery
CVE-2019-3727
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 10.23%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 15:45
Updated-17 Sep, 2024 | 03:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS command injection vulnerability

Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root.

Action-Not Available
Vendor-Dell Inc.
Product-emc_recoverpointrecoverpoint_for_virtual_machinesRecoverPoint
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-3704
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.39%
||
7 Day CHG~0.00%
Published-07 Feb, 2019 | 19:00
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.

Action-Not Available
Vendor-Dell Inc.
Product-emc_vnx2_firmwareemc_vnx2VNX Control Station in Dell EMC VNX2 OE for File
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-39250
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.39%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 15:16
Updated-09 Oct, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.

Action-Not Available
Vendor-Dell Inc.
Product-replay_manager_for_vmwarestorage_integration_tools_for_vmwarestorage_vsphere_client_pluginDell Storage Integration Tools for VMware (DSITV), Dell Storage vSphere Client Plugin (DSVCP), Replay Manager for VMware (RMSV)
CWE ID-CWE-540
Inclusion of Sensitive Information in Source Code
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2025-26331
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.59%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 08:06
Updated-01 Jul, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_3420optiplex_3000_thin_clientlatitude_5440wyse_5470_all-in-one_thin_clientoptiplex_7420_all-in-onelatitude_5450latitude_3440optiplex_5400_all-in-oneoptiplex_7410_all-in-onewyse_5070_thin_clientthinoswyse_5470_mobile_thin_clientWyse Proprietary OS (Modern ThinOS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-48837
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.79%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 03:31
Updated-18 Nov, 2024 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Softwaresmartfabric_os10
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2022-32489
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.06% / 17.51%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 19:25
Updated-15 May, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5401vostro_5391_firmwareinspiron_3470latitude_e7270inspiron_7570vostro_3669inspiron_5590_firmwareinspiron_5477_firmwareg7_17_7790_firmwareoptiplex_3280_aio_firmwarelatitude_7380_firmwarevostro_3888xps_13_9370inspiron_5570inspiron_7490vostro_3888_firmwarelatitude_e5270precision_7540wyse_7040_thin_clientwyse_5070inspiron_5490_firmwarealienware_area_51m_r1_firmwarelatitude_5590optiplex_5080latitude_5511latitude_7390_2-in-1latitude_7214_rugged_extreme_firmwareprecision_5530_2-in-1inspiron_7580_firmwarealienware_x14_firmwarealienware_m15_r1_firmwareprecision_7720vostro_5581_firmwarealienware_m17_r3_firmwarelatitude_5300alienware_x14precision_5530_firmwareoptiplex_5050alienware_aurora_r11latitude_7300optiplex_3050_aioprecision_3620_toweroptiplex_5055_firmwareprecision_3431_toweroptiplex_3060_firmwareinspiron_7000inspiron_3782latitude_3590_firmwarelatitude_7490_firmwarealienware_m15_r2latitude_5310_2-in-1_firmwareinspiron_7490_firmwarexps_8950precision_5720_aiolatitude_7400latitude_5591inspiron_3471latitude_3390optiplex_5050_firmwareprecision_7520_firmwareoptiplex_7071_firmwareinspiron_7586optiplex_3040_firmwareoptiplex_5070g5_5000optiplex_3280_aioxps_15_9575_2-in-1inspiron_5491_2-in-1_firmwareoptiplex_3090_firmwarexps_13_9370_firmwarevostro_3581_firmwarevostro_3581latitude_9410inspiron_7777optiplex_7070optiplex_7080_firmwarelatitude_5420_rugged_firmwareinspiron_5491_aio_firmwarelatitude_5310vostro_5391latitude_3301inspiron_5594latitude_5420_ruggedvostro_3268_firmwarealienware_aurora_r8inspiron_7000_firmwarelatitude_7220_rugged_extreme_tabletalienware_x15_r1latitude_7390_2-in-1_firmwarelatitude_5495inspiron_5400latitude_7480_firmwarelatitude_e5470_firmwarevostro_5591vostro_5090latitude_3190latitude_7220ex_rugged_extreme_tablet_firmwarealienware_aurora_r8_firmwareinspiron_5580_firmwareinspiron_3881_firmwarelatitude_5488latitude_7380optiplex_5480_all-in-one_firmwareprecision_3540alienware_aurora_r11_firmwarealienware_x17_r2_firmwareinspiron_3580_firmwareinspiron_3781_firmwarewyse_5070_firmwarevostro_3670_firmwarelatitude_7214_rugged_extremeinspiron_3280_firmwarelatitude_3310latitude_7414_rugged_extreme_firmwarelatitude_5290_2-in-1precision_7520wyse_5470_all-in-one_firmwareinspiron_5482precision_7820_toweroptiplex_3090latitude_7290latitude_7212_rugged_extreme_tablet_firmwarealienware_area_51m_r1precision_7540_firmwareinspiron_3582inspiron_7700_aiolatitude_7480vostro_3401_firmwareinspiron_7391_firmwarevostro_3881wyse_5470_firmwareedge_gateway_5000_firmwareinspiron_5593inspiron_7580vostro_5390_firmwareinspiron_5770alienware_m17_r2_firmwarelatitude_3580precision_5820_tower_firmwareinspiron_3493_firmwarelatitude_3190_2-in-1_firmwareinspiron_5480_firmwareinspiron_3590latitude_7210_2-in-1optiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268optiplex_7070_firmwarevostro_3584optiplex_xe3precision_5510latitude_3301_firmwareinspiron_7370vostro_3481_firmwareinspiron_3502latitude_5491optiplex_7040inspiron_7386alienware_aurora_r12optiplex_5480_all-in-oneinspiron_5591_2-in-1_firmwarelatitude_5400alienware_aurora_r13_firmwarelatitude_5410inspiron_7373_firmwareprecision_3541xps_8940optiplex_7050_firmwareprecision_7730_firmwarelatitude_3379_firmwarelatitude_5401_firmwareprecision_3551alienware_m17_r3precision_5820_towerprecision_7730inspiron_7380precision_3640_tower_firmwarelatitude_7275_2-in-1_firmwareg7_17_7790embedded_box_pc_3000inspiron_7570_firmwarelatitude_5400_firmwareinspiron_7391alienware_m17_r4vostro_3671_firmwareoptiplex_7460_all_in_one_firmwareprecision_3440precision_7510_firmwareg5_5000_firmwareoptiplex_7470_all-in-oneinspiron_5680_firmwarealienware_m15_r3_firmwareinspiron_3671_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwareinspiron_3781optiplex_3050_firmwarealienware_aurora_r10_firmwareinspiron_7590_firmwareinspiron_7791_firmwareprecision_7740_firmwareinspiron_15_3567alienware_m15_r2_firmwarelatitude_7389vostro_3681inspiron_5570_firmwareprecision_7920_towerlatitude_7400_2-in-1_firmwareinspiron_3481inspiron_3780_firmwareinspiron_3582_firmwarelatitude_5411_firmwareinspiron_3470_firmwareinspiron_3593optiplex_7070_ultraprecision_7740inspiron_3481_firmwareprecision_5530latitude_7275_2-in-1latitude_7310_firmwareinspiron_3790_firmwarexps_13_7390_firmwarelatitude_9510inspiron_5770_firmwareinspiron_7586_firmwarelatitude_3180_firmwarevostro_3681_firmwarealienware_m17_r1_firmwarevostro_3580_firmwareinspiron_3581_firmwarelatitude_9510_firmwarelatitude_3490_firmwarelatitude_5300_2-in-1_firmwarevostro_3668vostro_3670edge_gateway_3000latitude_5280inspiron_5490inspiron_3501_firmwarelatitude_5300_firmwarewyse_7040_thin_client_firmwareinspiron_3880inspiron_5580latitude_5480_firmwareinspiron_3277precision_3930_rackprecision_7550vostro_3490inspiron_5391inspiron_5598inspiron_3482xps_7590_firmwareinspiron_15_2-in-1_5582_firmwareoptiplex_3080alienware_m17_r1latitude_3480inspiron_3782_firmwarexps_13_9300_firmwarealienware_m15_r4optiplex_7460_all_in_onevostro_3671inspiron_7591latitude_7310inspiron_7790inspiron_7790_firmwarelatitude_3379vostro_3584_firmwareoptiplex_7480_all-in-onechengming_3990_firmwareprecision_3520_firmwareinspiron_5594_firmwarechengming_3980precision_3551_firmwareoptiplex_7070_ultra_firmwareinspiron_7700_aio_firmwareoptiplex_7060latitude_5290_firmwareinspiron_15_2-in-1_5582latitude_7424_rugged_extremeoptiplex_7480_all-in-one_firmwareg5_5090_firmwarelatitude_7390g3_15_3590latitude_3390_firmwareprecision_3240_compactprecision_7750_firmwarealienware_aurora_r12_firmwarelatitude_5285_2-in-1_firmwareprecision_7510vostro_3401chengming_3991_firmwarevostro_3480_firmwarevostro_7590_firmwarealienware_aurora_r10precision_3510_firmwareinspiron_7370_firmwarelatitude_7389_firmwareoptiplex_7470_all-in-one_firmwarelatitude_e7470precision_3630_tower_firmwareinspiron_3581inspiron_5400_firmwarelatitude_5488_firmwareinspiron_5583precision_3541_firmwareinspiron_5591_2-in-1alienware_m15_r1alienware_x15_r2inspiron_5680vostro_3881_firmwareinspiron_7373latitude_7200_2-in-1latitude_5511_firmwarevostro_3490_firmwareoptiplex_7040_firmwareinspiron_5493precision_3550latitude_7370latitude_7370_firmwarexps_13_7390_2-in-1_firmwareoptiplex_5070_firmwarealienware_aurora_r13latitude_3310_2-in-1inspiron_5390_firmwarelatitude_5490alienware_m17_r2vostro_3070_firmwareinspiron_7390_firmwareprecision_5720_aio_firmwarexps_7590latitude_3190_2-in-1optiplex_7071edge_gateway_5000vostro_3481inspiron_7786latitude_9410_firmwarevostro_7590latitude_e7270_firmwarelatitude_5280_firmwarelatitude_3180latitude_5300_2-in-1latitude_7424_rugged_extreme_firmwarelatitude_e5470optiplex_3070_firmwarelatitude_7410_firmwarevostro_3667alienware_x15_r2_firmwarelatitude_e7470_firmwareoptiplex_5260_all-in-oneprecision_7720_firmwarelatitude_5310_2-in-1inspiron_5491_aioinspiron_3780inspiron_7380_firmwarelatitude_7390_firmwarelatitude_5500_firmwareprecision_7710latitude_5410_firmwarevostro_5090_firmwarexps_13_7390g3_15_5590_firmwareinspiron_3502_firmwareinspiron_5584precision_3520inspiron_7573_firmwarelatitude_5495_firmwarelatitude_e5570inspiron_3880_firmwareg5_5090optiplex_3050precision_7820_tower_firmwareoptiplex_5055optiplex_5080_firmwarelatitude_e5270_firmwareinspiron_5493_firmwarevostro_3471inspiron_3480_firmwarealienware_m15_r3optiplex_5060_firmwarevostro_3590vostro_5390vostro_5590_firmwareprecision_7530_firmwarealienware_m17_r4_firmwarealienware_x17_r1inspiron_3790vostro_3583_firmwarelatitude_3190_firmwareinspiron_5494g7_17_7590g3_3779_firmwarexps_13_9300latitude_5500precision_7550_firmwareinspiron_5477chengming_3991inspiron_5480xps_8950_firmwarelatitude_5290_2-in-1_firmwareinspiron_3471_firmwarevostro_3669_firmwareinspiron_7791latitude_5501latitude_7400_firmwareprecision_7710_firmwarelatitude_3590vostro_3501chengming_3990vostro_3583alienware_x17_r2latitude_5491_firmwarevostro_5880_firmwareinspiron_3493optiplex_3060optiplex_5060latitude_5285_2-in-1chengming_3988_firmwareinspiron_5482_firmwarewyse_5470_all-in-oneinspiron_5583_firmwarelatitude_5580_firmwareinspiron_3477_firmwarelatitude_3189xps_15_9575_2-in-1_firmwarevostro_3580precision_7750inspiron_14_3467_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwareinspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579inspiron_7386_firmwareoptiplex_7080alienware_aurora_r9alienware_area_51m_r2_firmwarealienware_m15_r4_firmwareg3_15_5590latitude_5480optiplex_3046latitude_5414_rugged_firmwarelatitude_7300_firmwarealienware_x15_r1_firmwarelatitude_5510wyse_5470vostro_3501_firmwareinspiron_3593_firmwareinspiron_5481inspiron_5494_firmwareprecision_3440_firmwareprecision_5530_2-in-1_firmwarealienware_x17_r1_firmwarexps_8930inspiron_7786_firmwarelatitude_3310_2-in-1_firmwarelatitude_7410inspiron_3590_firmwarelatitude_5501_firmwarexps_13_7390_2-in-1latitude_5411optiplex_7450_firmwareoptiplex_7450xps_13_9365_2-in-1optiplex_3050_aio_firmwareinspiron_15_3567_firmwareg3_3579_firmwareg7_17_7590_firmwarelatitude_3480_firmwarelatitude_3189_firmwarevostro_3590_firmwareinspiron_5498inspiron_7591_firmwarelatitude_5290latitude_5289_firmwarechengming_3980_firmwareinspiron_5491_2-in-1latitude_3120_firmwarelatitude_5590_firmwareinspiron_5590vostro_3267inspiron_14_3467g3_15_3590_firmwareinspiron_3671inspiron_5498_firmwareprecision_5540inspiron_3480latitude_3490precision_3930_rack_firmwareinspiron_3670inspiron_3793_firmwareprecision_3430_tower_firmwareinspiron_7390latitude_3300_firmwarelatitude_7400_2-in-1precision_3640_towervostro_5581inspiron_3490latitude_7210_2-in-1_firmwarelatitude_5510_firmwareinspiron_3670_firmwarelatitude_7212_rugged_extreme_tabletlatitude_e5570_firmwarelatitude_7220_rugged_extreme_tablet_firmwareprecision_3540_firmwareinspiron_7777_firmwareoptiplex_3046_firmwareinspiron_3482_firmwarelatitude_5289precision_3431_tower_firmwarevostro_3471_firmwareoptiplex_3080_firmwareprecision_5510_firmwareprecision_3420_towerinspiron_3881xps_13_9380latitude_7220ex_rugged_extreme_tabletlatitude_7414_rugged_extremeprecision_3420_tower_firmwarealienware_area_51m_r2latitude_5490_firmwarelatitude_5591_firmwareinspiron_3501latitude_5310_firmwarevostro_3070inspiron_3793precision_3430_towerinspiron_5481_firmwarechengming_3988xps_15_7590inspiron_3477latitude_3300latitude_5580precision_3620_tower_firmwareinspiron_5584_firmwareedge_gateway_3000_firmwareinspiron_3277_firmwareinspiron_5401_firmwareinspiron_7573precision_5540_firmwarevostro_5590xps_8940_firmwarelatitude_3120vostro_3480optiplex_5260_all-in-one_firmwareinspiron_5593_firmwarelatitude_7200_2-in-1_firmwarevostro_3582_firmwareprecision_3630_towerlatitude_3580_firmwareinspiron_5598_firmwarevostro_3470latitude_5414_ruggedalienware_aurora_r9_firmwareoptiplex_3070inspiron_3280optiplex_3040latitude_7290_firmwareprecision_7530xps_8930_firmwarexps_13_9365_2-in-1_firmwareinspiron_5391_firmwarexps_15_7590_firmwareembedded_box_pc_5000_firmwareoptiplex_7050inspiron_3490_firmwareprecision_3510xps_13_9380_firmwarelatitude_7490inspiron_5390optiplex_7060_firmwareprecision_3240_compact_firmwareg3_3779inspiron_5401vostro_3582vostro_3667_firmwareprecision_7920_tower_firmwarevostro_5591_firmwareCPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2025-24379
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.85%
||
7 Day CHG-0.03%
Published-28 Mar, 2025 | 02:09
Updated-08 Jul, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-18579
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-0.23% / 45.34%
||
7 Day CHG~0.00%
Published-16 Dec, 2019 | 19:45
Updated-16 Sep, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt (and PCIe behind TBT) pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's system can obtain read or write access to main memory via a DMA attack during platform boot.

Action-Not Available
Vendor-Dell Inc.
Product-xps_7390_firmwarexps_7390CPG BIOS
CWE ID-CWE-16
Not Available
CVE-2019-18577
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 28.94%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 20:30
Updated-16 Sep, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access.

Action-Not Available
Vendor-Dell Inc.
Product-xtremio_management_serverXtremIO
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-24377
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.83%
||
7 Day CHG-0.03%
Published-28 Mar, 2025 | 02:16
Updated-08 Jul, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-28073
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.01% / 0.85%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 10:42
Updated-04 Dec, 2024 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5530precision_3570_firmwarelatitude_5530_firmwareprecision_3570CPG BIOS
CWE ID-CWE-287
Improper Authentication
CVE-2025-24386
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.85%
||
7 Day CHG-0.03%
Published-28 Mar, 2025 | 02:19
Updated-08 Jul, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 19
  • 20
  • Next
Details not found