Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-24418

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-26 May, 2022 | 15:20
Updated At-17 Sep, 2024 | 02:27
Rejected At-
Credits

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:26 May, 2022 | 15:20
Updated At:17 Sep, 2024 | 02:27
Rejected At:
▼CVE Numbering Authority (CNA)

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Affected Products
Vendor
Dell Inc.Dell
Product
CPG BIOS
Versions
Affected
  • From unspecified before 1.10.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20: Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20: Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095
x_refsource_MISC
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095
x_refsource_MISC
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:26 May, 2022 | 16:15
Updated At:07 Jun, 2022 | 17:04

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Dell Inc.
dell
>>dell_g5_5505_firmware>>Versions before 1.10.0(exclusive)
cpe:2.3:o:dell:dell_g5_5505_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>dell_g5_5505>>-
cpe:2.3:h:dell:dell_g5_5505:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_22-3275_firmware>>Versions before 1.8.0(exclusive)
cpe:2.3:o:dell:inspiron_22-3275_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_22-3275>>-
cpe:2.3:h:dell:inspiron_22-3275:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_24-3475_firmware>>Versions before 1.8.0(exclusive)
cpe:2.3:o:dell:inspiron_24-3475_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_24-3475>>-
cpe:2.3:h:dell:inspiron_24-3475:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_27_7775_firmware>>Versions before 2.15.0(exclusive)
cpe:2.3:o:dell:inspiron_27_7775_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_27_7775>>-
cpe:2.3:h:dell:inspiron_27_7775:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3180_firmware>>Versions before 1.4.4(exclusive)
cpe:2.3:o:dell:inspiron_3180_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3180>>-
cpe:2.3:h:dell:inspiron_3180:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3185_firmware>>Versions before 1.4.4(exclusive)
cpe:2.3:o:dell:inspiron_3185_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3185>>-
cpe:2.3:h:dell:inspiron_3185:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3195_firmware>>Versions before 1.4.1(exclusive)
cpe:2.3:o:dell:inspiron_3195_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3195>>-
cpe:2.3:h:dell:inspiron_3195:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3505_firmware>>Versions before 1.5.0(exclusive)
cpe:2.3:o:dell:inspiron_3505_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3505>>-
cpe:2.3:h:dell:inspiron_3505:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3515_firmware>>Versions before 1.4.0(exclusive)
cpe:2.3:o:dell:inspiron_3515_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3515>>-
cpe:2.3:h:dell:inspiron_3515:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3585_firmware>>Versions before 1.6.0(exclusive)
cpe:2.3:o:dell:inspiron_3585_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3585>>-
cpe:2.3:h:dell:inspiron_3585:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3595_firmware>>Versions before 1.2.1(exclusive)
cpe:2.3:o:dell:inspiron_3595_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3595>>-
cpe:2.3:h:dell:inspiron_3595:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3785_firmware>>Versions before 1.6.0(exclusive)
cpe:2.3:o:dell:inspiron_3785_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3785>>-
cpe:2.3:h:dell:inspiron_3785:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5405_firmware>>Versions before 1.6.0(exclusive)
cpe:2.3:o:dell:inspiron_5405_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5405>>-
cpe:2.3:h:dell:inspiron_5405:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5415_firmware>>Versions before 1.7.1(exclusive)
cpe:2.3:o:dell:inspiron_5415_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5415>>-
cpe:2.3:h:dell:inspiron_5415:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5485_firmware>>Versions before 2.7.0(exclusive)
cpe:2.3:o:dell:inspiron_5485_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5485>>-
cpe:2.3:h:dell:inspiron_5485:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5505_firmware>>Versions before 1.6.0(exclusive)
cpe:2.3:o:dell:inspiron_5505_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5505>>-
cpe:2.3:h:dell:inspiron_5505:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5515_firmware>>Versions before 1.7.1(exclusive)
cpe:2.3:o:dell:inspiron_5515_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5515>>-
cpe:2.3:h:dell:inspiron_5515:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5575_firmware>>Versions before 1.5.0(exclusive)
cpe:2.3:o:dell:inspiron_5575_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5575>>-
cpe:2.3:h:dell:inspiron_5575:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5585_firmware>>Versions before 2.7.0(exclusive)
cpe:2.3:o:dell:inspiron_5585_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5585>>-
cpe:2.3:h:dell:inspiron_5585:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5675_firmware>>Versions before 1.5.0(exclusive)
cpe:2.3:o:dell:inspiron_5675_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5675>>-
cpe:2.3:h:dell:inspiron_5675:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5775_firmware>>Versions before 1.5.0(exclusive)
cpe:2.3:o:dell:inspiron_5775_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5775>>-
cpe:2.3:h:dell:inspiron_5775:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_7375_firmware>>Versions before 1.6.0(exclusive)
cpe:2.3:o:dell:inspiron_7375_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_7375>>-
cpe:2.3:h:dell:inspiron_7375:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_7405_firmware>>Versions before 1.7.0(exclusive)
cpe:2.3:o:dell:inspiron_7405_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_7405>>-
cpe:2.3:h:dell:inspiron_7405:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_7415_firmware>>Versions before 1.7.1(exclusive)
cpe:2.3:o:dell:inspiron_7415_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_7415>>-
cpe:2.3:h:dell:inspiron_7415:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>vostro_3405_firmware>>Versions before 1.5.0(exclusive)
cpe:2.3:o:dell:vostro_3405_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>vostro_3405>>-
cpe:2.3:h:dell:vostro_3405:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE-20Secondarysecurity_alert@emc.com
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095security_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

734Records found
CVE-2022-34377
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-1.9||LOW
EPSS-0.02% / 3.50%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 19:55
Updated-26 Mar, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-r750xa_firmwaret430_firmwarer6515_firmwaret350_firmwarefc430_firmwarem630_firmwaret550_firmwarer430nx3330r750xac6420r6515fc430r530_firmwarer930_firmwarer450r650_firmwarer6415t130_firmwarec6520_firmwaret440xe7420m630r640_firmwarer740r550_firmwarec4130_firmwarer830r940xar7515_firmwaret340_firmwarer240_firmwarer630_firmwarenx3230fc640_firmwarem830pr250fc630_firmwarer940xa_firmwarexe2420_firmwarenx3340t640_firmwarer940_firmwarexe7440r230_firmwarem830_firmwarec4140_firmwarec6320_firmwarexr12_firmwarem640pr750fc630r730xd_firmwarer7415r550r6415_firmwarer340xe8545r650nx430_firmwarefc640r630c4130r740xd2_firmwarer7425_firmwarer240c6420_firmwaret330_firmwaremx740cr7425r330_firmwarec6525t140r750xs_firmwarer330nx430r640nx440_firmwaremx840cm630pnx3340_firmwarer750xst630m640c6320r430_firmwarer650xsr350t150_firmwarer750_firmwaret150r6525mx840c_firmwarer740_firmwarer450_firmwarenx3240_firmwarec4140t630_firmwaret340t130t430r440_firmwarer530dss8440_firmwaremx740c_firmwarer250_firmwarer940r340_firmwarer7415_firmwarer840r730nx3240m830m640p_firmwarexe8545_firmwarer440r740xd2r7525_firmwarer6525_firmwarer730xdr540r230mx750c_firmwarer840_firmwarer740xd_firmwarer7525xe2420xr11_firmwaredss8440xr11m630p_firmwarefc830r350_firmwaret550xr12nx3330_firmwaremx750cnx440t640r830_firmwarer540_firmwarem830p_firmwaret350fc830_firmwaret140_firmwarexe7440_firmwarer730_firmwarexr2m640_firmwarer740xdr7515t330c6525_firmwarexe7420_firmwarer650xs_firmwaret440_firmwarexr2_firmwarer930nx3230_firmwarec6520PowerEdge Platform
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-34421
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.45%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 11:57
Updated-26 Feb, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-r750xa_firmwaret430_firmwarer6515_firmwaret350_firmwarefc430_firmwarem630_firmwaret550_firmwarer430nx3330r750xac6420r6515fc430r530_firmwarer930_firmwarer450r650_firmwarer6415t130_firmwarec6520_firmwaret440xe7420m630r640_firmwarer740r550_firmwarec4130_firmwarer830r940xar7515_firmwaret340_firmwarer240_firmwarer630_firmwarenx3230fc640_firmwarem830pr250fc630_firmwarer940xa_firmwarexe2420_firmwarenx3340t640_firmwarer940_firmwarexe7440r230_firmwarem830_firmwarec4140_firmwarec6320_firmwarexr12_firmwarem640pr750fc630r730xd_firmwarer7415r550r6415_firmwarer340xe8545r650nx430_firmwarefc640r630c4130r740xd2_firmwarer7425_firmwarer240c6420_firmwaret330_firmwaremx740cr7425r330_firmwarec6525t140r750xs_firmwarer330nx430r640nx440_firmwaremx840cm630pnx3340_firmwarer750xst630m640c6320r430_firmwarer650xsr350t150_firmwarer750_firmwaret150r6525mx840c_firmwarer740_firmwarer450_firmwarenx3240_firmwarec4140t630_firmwaret340t130t430r440_firmwarer530dss8440_firmwaremx740c_firmwarer250_firmwarer940r340_firmwarer7415_firmwarer840r730nx3240m830m640p_firmwarexe8545_firmwarer440r740xd2r7525_firmwarer6525_firmwarer730xdr540r230mx750c_firmwarer840_firmwarer740xd_firmwarer7525xe2420xr11_firmwaredss8440xr11m630p_firmwarefc830r350_firmwaret550xr12nx3330_firmwaremx750cnx440t640r830_firmwarer540_firmwarem830p_firmwaret350fc830_firmwaret140_firmwarexe7440_firmwarer730_firmwarexr2m640_firmwarer740xdr7515t330c6525_firmwarexe7420_firmwarer650xs_firmwaret440_firmwarexr2_firmwarer930nx3230_firmwarec6520PowerEdge Platform
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-34437
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 30.43%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 18:05
Updated-07 May, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-34410
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.45%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 11:29
Updated-26 Feb, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-r750xa_firmwaret430_firmwarer6515_firmwaret350_firmwarefc430_firmwarem630_firmwaret550_firmwarer430nx3330r750xac6420r6515fc430r530_firmwarer930_firmwarer450r650_firmwarer6415t130_firmwarec6520_firmwaret440xe7420m630r640_firmwarer740r550_firmwarec4130_firmwarer830r940xar7515_firmwaret340_firmwarer240_firmwarer630_firmwarenx3230fc640_firmwarem830pr250fc630_firmwarer940xa_firmwarexe2420_firmwarenx3340t640_firmwarer940_firmwarexe7440r230_firmwarem830_firmwarec4140_firmwarec6320_firmwarexr12_firmwarem640pr750fc630r730xd_firmwarer7415r550r6415_firmwarer340xe8545r650nx430_firmwarefc640r630c4130r740xd2_firmwarer7425_firmwarer240c6420_firmwaret330_firmwaremx740cr7425r330_firmwarec6525t140r750xs_firmwarer330nx430r640nx440_firmwaremx840cm630pnx3340_firmwarer750xst630m640c6320r430_firmwarer650xsr350t150_firmwarer750_firmwaret150r6525mx840c_firmwarer740_firmwarer450_firmwarenx3240_firmwarec4140t630_firmwaret340t130t430r440_firmwarer530dss8440_firmwaremx740c_firmwarer250_firmwarer940r340_firmwarer7415_firmwarer840r730nx3240m830m640p_firmwarexe8545_firmwarer440r740xd2r7525_firmwarer6525_firmwarer730xdr540r230mx750c_firmwarer840_firmwarer740xd_firmwarer7525xe2420xr11_firmwaredss8440xr11m630p_firmwarefc830r350_firmwaret550xr12nx3330_firmwaremx750cnx440t640r830_firmwarer540_firmwarem830p_firmwaret350fc830_firmwaret140_firmwarexe7440_firmwarer730_firmwarexr2m640_firmwarer740xdr7515t330c6525_firmwarexe7420_firmwarer650xs_firmwaret440_firmwarexr2_firmwarer930nx3230_firmwarec6520PowerEdge Platform
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-34415
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.45%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 11:44
Updated-26 Feb, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-r750xa_firmwaret430_firmwarer6515_firmwaret350_firmwarefc430_firmwarem630_firmwaret550_firmwarer430nx3330r750xac6420r6515fc430r530_firmwarer930_firmwarer450r650_firmwarer6415t130_firmwarec6520_firmwaret440xe7420m630r640_firmwarer740r550_firmwarec4130_firmwarer830r940xar7515_firmwaret340_firmwarer240_firmwarer630_firmwarenx3230fc640_firmwarem830pr250fc630_firmwarer940xa_firmwarexe2420_firmwarenx3340t640_firmwarer940_firmwarexe7440r230_firmwarem830_firmwarec4140_firmwarec6320_firmwarexr12_firmwarem640pr750fc630r730xd_firmwarer7415r550r6415_firmwarer340xe8545r650nx430_firmwarefc640r630c4130r740xd2_firmwarer7425_firmwarer240c6420_firmwaret330_firmwaremx740cr7425r330_firmwarec6525t140r750xs_firmwarer330nx430r640nx440_firmwaremx840cm630pnx3340_firmwarer750xst630m640c6320r430_firmwarer650xsr350t150_firmwarer750_firmwaret150r6525mx840c_firmwarer740_firmwarer450_firmwarenx3240_firmwarec4140t630_firmwaret340t130t430r440_firmwarer530dss8440_firmwaremx740c_firmwarer250_firmwarer940r340_firmwarer7415_firmwarer840r730nx3240m830m640p_firmwarexe8545_firmwarer440r740xd2r7525_firmwarer6525_firmwarer730xdr540r230mx750c_firmwarer840_firmwarer740xd_firmwarer7525xe2420xr11_firmwaredss8440xr11m630p_firmwarefc830r350_firmwaret550xr12nx3330_firmwaremx750cnx440t640r830_firmwarer540_firmwarem830p_firmwaret350fc830_firmwaret140_firmwarexe7440_firmwarer730_firmwarexr2m640_firmwarer740xdr7515t330c6525_firmwarexe7420_firmwarer650xs_firmwaret440_firmwarexr2_firmwarer930nx3230_firmwarec6520PowerEdge Platform
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-34412
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.45%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 11:33
Updated-26 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-xe7440m630p_firmwaredss8440_firmwarer740xd_firmwarexr12_firmwarer430_firmwarem640r350r350_firmwarec6320_firmwarer6525_firmwaremx840cdss8440t430nx3240_firmwarer6525r550r750_firmwaret640c4130_firmwarefc430_firmwarec6320r230nx430_firmwarec6420_firmwarer6515_firmwarenx3230t330t630_firmwarexr2_firmwarefc640_firmwaremx740cc6525_firmwarer440r840t130xr2r750xsr750xa_firmwarer440_firmwaret550_firmwarer240_firmwarer730_firmwarec4130r830r240r930_firmwarer530t430_firmwarer540_firmwaret630fc630m630t340r7415_firmwarenx3230_firmwarec6520_firmwarenx3240t140r250xr11_firmwarer340_firmwarenx430r6515xr11xe2420t150_firmwarexe8545_firmwarer540fc830r940xanx3330c4140_firmwaremx750cnx440r750xaxe7440_firmwarexe7420r940xa_firmwarer7425r7525_firmwarer7525r740_firmwarec6420r930m830pt440_firmwarefc630_firmwarem830t440r730xd_firmwarem630pfc830_firmwarer740xdr630_firmwarenx3340_firmwarer430m640_firmwaret350_firmwarer6415_firmwarem830_firmwarec6525xe7420_firmwarer650_firmwarer740r340c6520m830p_firmwarer750mx750c_firmwaret150xe2420_firmwarer650xs_firmwarem640p_firmwarer7425_firmwaret140_firmwarer640xr12r630fc430r640_firmwarer730xdr7415nx3340r650xsc4140r740xd2r830_firmwaret550r750xs_firmwarenx3330_firmwarer330_firmwaremx840c_firmwarer230_firmwarem640pr940_firmwaret130_firmwarer940r650r840_firmwarer530_firmwarer7515r250_firmwaret340_firmwarer730r330t640_firmwarer450_firmwaret350xe8545nx440_firmwarer6415r740xd2_firmwarer550_firmwarer7515_firmwaret330_firmwarer450fc640mx740c_firmwarem630_firmwarePowerEdge Platform
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-34419
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.45%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 11:54
Updated-26 Feb, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-r750xa_firmwaret430_firmwarer6515_firmwaret350_firmwarefc430_firmwarem630_firmwaret550_firmwarer430nx3330r750xac6420r6515fc430r530_firmwarer930_firmwarer450r650_firmwarer6415t130_firmwarec6520_firmwaret440xe7420m630r640_firmwarer740r550_firmwarec4130_firmwarer830r940xar7515_firmwaret340_firmwarer240_firmwarer630_firmwarenx3230fc640_firmwarem830pr250fc630_firmwarer940xa_firmwarexe2420_firmwarenx3340t640_firmwarer940_firmwarexe7440r230_firmwarem830_firmwarec4140_firmwarec6320_firmwarexr12_firmwarem640pr750fc630r730xd_firmwarer7415r550r6415_firmwarer340xe8545r650nx430_firmwarefc640r630c4130r740xd2_firmwarer7425_firmwarer240c6420_firmwaret330_firmwaremx740cr7425r330_firmwarec6525t140r750xs_firmwarer330nx430r640nx440_firmwaremx840cm630pnx3340_firmwarer750xst630m640c6320r430_firmwarer650xsr350t150_firmwarer750_firmwaret150r6525mx840c_firmwarer740_firmwarer450_firmwarenx3240_firmwarec4140t630_firmwaret340t130t430r440_firmwarer530dss8440_firmwaremx740c_firmwarer250_firmwarer940r340_firmwarer7415_firmwarer840r730nx3240m830m640p_firmwarexe8545_firmwarer440r740xd2r7525_firmwarer6525_firmwarer730xdr540r230mx750c_firmwarer840_firmwarer740xd_firmwarer7525xe2420xr11_firmwaredss8440xr11m630p_firmwarefc830r350_firmwaret550xr12nx3330_firmwaremx750cnx440t640r830_firmwarer540_firmwarem830p_firmwaret350fc830_firmwaret140_firmwarexe7440_firmwarer730_firmwarexr2m640_firmwarer740xdr7515t330c6525_firmwarexe7420_firmwarer650xs_firmwaret440_firmwarexr2_firmwarer930nx3230_firmwarec6520PowerEdge Platform
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-34423
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.45%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 12:21
Updated-26 Feb, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-r750xa_firmwaret430_firmwarer6515_firmwaret350_firmwarefc430_firmwarem630_firmwaret550_firmwarer430nx3330r750xac6420r6515fc430r530_firmwarer930_firmwarer450r650_firmwarer6415t130_firmwarec6520_firmwaret440xe7420m630r640_firmwarer740r550_firmwarec4130_firmwarer830r940xar7515_firmwaret340_firmwarer240_firmwarer630_firmwarenx3230fc640_firmwarem830pr250fc630_firmwarer940xa_firmwarexe2420_firmwarenx3340t640_firmwarer940_firmwarexe7440r230_firmwarem830_firmwarec4140_firmwarec6320_firmwarexr12_firmwarem640pr750fc630r730xd_firmwarer7415r550r6415_firmwarer340xe8545r650nx430_firmwarefc640r630c4130r740xd2_firmwarer7425_firmwarer240c6420_firmwaret330_firmwaremx740cr7425r330_firmwarec6525t140r750xs_firmwarer330nx430r640nx440_firmwaremx840cm630pnx3340_firmwarer750xst630m640c6320r430_firmwarer650xsr350t150_firmwarer750_firmwaret150r6525mx840c_firmwarer740_firmwarer450_firmwarenx3240_firmwarec4140t630_firmwaret340t130t430r440_firmwarer530dss8440_firmwaremx740c_firmwarer250_firmwarer940r340_firmwarer7415_firmwarer840r730nx3240m830m640p_firmwarexe8545_firmwarer440r740xd2r7525_firmwarer6525_firmwarer730xdr540r230mx750c_firmwarer840_firmwarer740xd_firmwarer7525xe2420xr11_firmwaredss8440xr11m630p_firmwarefc830r350_firmwaret550xr12nx3330_firmwaremx750cnx440t640r830_firmwarer540_firmwarem830p_firmwaret350fc830_firmwaret140_firmwarexe7440_firmwarer730_firmwarexr2m640_firmwarer740xdr7515t330c6525_firmwarexe7420_firmwarer650xs_firmwaret440_firmwarexr2_firmwarer930nx3230_firmwarec6520PowerEdge Platform
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-34422
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.45%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 11:58
Updated-26 Feb, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-r750xa_firmwaret430_firmwarer6515_firmwaret350_firmwarefc430_firmwarem630_firmwaret550_firmwarer430nx3330r750xac6420r6515fc430r530_firmwarer930_firmwarer450r650_firmwarer6415t130_firmwarec6520_firmwaret440xe7420m630r640_firmwarer740r550_firmwarec4130_firmwarer830r940xar7515_firmwaret340_firmwarer240_firmwarer630_firmwarenx3230fc640_firmwarem830pr250fc630_firmwarer940xa_firmwarexe2420_firmwarenx3340t640_firmwarer940_firmwarexe7440r230_firmwarem830_firmwarec4140_firmwarec6320_firmwarexr12_firmwarem640pr750fc630r730xd_firmwarer7415r550r6415_firmwarer340xe8545r650nx430_firmwarefc640r630c4130r740xd2_firmwarer7425_firmwarer240c6420_firmwaret330_firmwaremx740cr7425r330_firmwarec6525t140r750xs_firmwarer330nx430r640nx440_firmwaremx840cm630pnx3340_firmwarer750xst630m640c6320r430_firmwarer650xsr350t150_firmwarer750_firmwaret150r6525mx840c_firmwarer740_firmwarer450_firmwarenx3240_firmwarec4140t630_firmwaret340t130t430r440_firmwarer530dss8440_firmwaremx740c_firmwarer250_firmwarer940r340_firmwarer7415_firmwarer840r730nx3240m830m640p_firmwarexe8545_firmwarer440r740xd2r7525_firmwarer6525_firmwarer730xdr540r230mx750c_firmwarer840_firmwarer740xd_firmwarer7525xe2420xr11_firmwaredss8440xr11m630p_firmwarefc830r350_firmwaret550xr12nx3330_firmwaremx750cnx440t640r830_firmwarer540_firmwarem830p_firmwaret350fc830_firmwaret140_firmwarexe7440_firmwarer730_firmwarexr2m640_firmwarer740xdr7515t330c6525_firmwarexe7420_firmwarer650xs_firmwaret440_firmwarexr2_firmwarer930nx3230_firmwarec6520PowerEdge Platform
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-34450
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 17.68%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:56
Updated-24 Mar, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root.

Action-Not Available
Vendor-Dell Inc.
Product-powerpath_management_appliancePowerPath Management Appliance
CWE ID-CWE-183
Permissive List of Allowed Inputs
CVE-2021-43587
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.03% / 8.11%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:05
Updated-17 Sep, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerpath_management_appliancePowerPath Management Appliance
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2016-0911
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.35% / 56.71%
||
7 Day CHG-0.32%
Published-19 Jun, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root privileges.

Action-Not Available
Vendor-n/aDell Inc.
Product-emc_data_domain_osn/a
CVE-2022-31239
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.13% / 32.88%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 18:05
Updated-07 May, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2015-6856
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.62%
||
7 Day CHG~0.00%
Published-08 Jan, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call.

Action-Not Available
Vendor-n/aDell Inc.
Product-pre-boot_authentication_drivern/a
CVE-2015-4056
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 18.86%
||
7 Day CHG~0.00%
Published-21 Feb, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access.

Action-Not Available
Vendor-n/aDell Inc.
Product-vce_vision_intelligent_operationsn/a
CVE-2015-2890
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-6||MEDIUM
EPSS-0.43% / 61.67%
||
7 Day CHG~0.00%
Published-01 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.

Action-Not Available
Vendor-n/aDell Inc.
Product-latitude_e6420_xfrlatitude_e5420latitude_e4310bioslatitude_e6420_atgprecision_t5600latitude_e5520precision_t5600_xlprecision_t1600precision_mobile_m4500optiplex_390precision_mobile_m4600latitude_e5410optiplex_990latitude_xt3latitude_e6320latitude_e6510precision_t3600optiplex_790latitude_e6410_atglatitude_e5510precision_mobile_m6600latitude_e6220latitude_e6520n/a
CVE-2021-36293
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.13% / 33.35%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 19:50
Updated-17 Sep, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-vnxe1600vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-36279
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.10%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 22:00
Updated-16 Sep, 2024 | 23:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-36317
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.24%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:05
Updated-16 Sep, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerprotect_data_protection_applianceemc_avamar_serverAvamar
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-29092
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.95%
||
7 Day CHG~0.00%
Published-10 Jun, 2022 | 20:05
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist Consumer
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-48668
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.04% / 9.48%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 15:45
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_domain_management_center PowerProtect DD
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-29085
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.10% / 28.94%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 21:00
Updated-17 Sep, 2024 | 03:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentunityvsa_operating_environmentunity_xt_operating_environmentUnity
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-21545
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.56%
||
7 Day CHG~0.00%
Published-12 Apr, 2021 | 19:50
Updated-16 Sep, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user.

Action-Not Available
Vendor-Dell Inc.
Product-peripheral_managerDell Peripheral Manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-21547
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 3.68%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 21:10
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentunityvsa_operating_environmentunity_xt_operating_environmentUnity
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-21553
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.84%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 23:45
Updated-17 Sep, 2024 | 03:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-286
Incorrect User Management
CVE-2021-21527
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.05% / 16.80%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:40
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21555
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 36.31%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 19:10
Updated-16 Sep, 2024 | 22:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r740_firmwarepoweredge_r940xapoweredge_mx740c_firmwarepoweredge_r640_firmwarepoweredge_r940xa_firmwarepoweredge_r640poweredge_t640_firmwarepoweredge_r840poweredge_mx840cpoweredge_t640poweredge_mx740cpoweredge_r940_firmwarepoweredge_r840_firmwarepoweredge_r740xd_firmwarepoweredge_r940poweredge_r740poweredge_mx840c_firmwarepoweredge_r740xdPowerEdge BIOS Intel 15G
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21556
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.70%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 19:10
Updated-17 Sep, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r740_firmwarepoweredge_r940xapoweredge_mx740c_firmwarepoweredge_r640_firmwarepoweredge_r940xa_firmwarepoweredge_r640poweredge_t640_firmwarepoweredge_r840poweredge_mx840cpoweredge_t640poweredge_mx740cpoweredge_r940_firmwarepoweredge_r840_firmwarepoweredge_r740xd_firmwarepoweredge_r940poweredge_r740poweredge_mx840c_firmwarepoweredge_r740xdPowerEdge BIOS Intel 15G
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21589
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.7||MEDIUM
EPSS-0.04% / 11.97%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 15:40
Updated-17 Sep, 2024 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user could potentially exploit this vulnerability to escalate privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentemc_unity_xt_operating_environmentUnity
CVE-2021-21572
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.04% / 9.99%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 17:00
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

Action-Not Available
Vendor-Dell Inc.
Product-optiplex_7090_uffxps_15_9510_firmwareinspiron_7500_firmwareinspiron_7300_firmwarelatitude_3520g5_5500precision_17_m5750_firmwareprecision_3561_firmwarexps_17_9710_firmwareg7_7500precision_7560vostro_3881_firmwarelatitude_5511_firmwareprecision_3550inspiron_3891_firmwarevostro_3888vostro_3888_firmwarelatitude_7420_firmwareinspiron_5501vostro_5501_firmwarelatitude_9420optiplex_5090_tower_firmwareprecision_3650_mt_firmwareoptiplex_5080inspiron_5400_aioinspiron_5502latitude_5511inspiron_7501precision_5550inspiron_7300_2-in-1xps_17_9700vostro_3400inspiron_3891xps_13_9305vostro_5310g3_3500latitude_9410_firmwareinspiron_7300_2-in-1_firmwareinspiron_7706_2-in-1_firmwareg15_5511_firmwarelatitude_7410_firmwarelatitude_7320latitude_5310_2-in-1optiplex_7090_tower_firmwarelatitude_3420inspiron_15_7510_firmwareinspiron_14_5418_firmwareg5_5500_firmwareinspiron_7506_firmwarelatitude_5410_firmwarelatitude_5310_2-in-1_firmwareinspiron_5409vostro_3890latitude_3510precision_3560_firmwarevostro_5401_firmwareinspiron_3880_firmwareinspiron_5310_firmwareinspiron_5406_2n1inspiron_5501_firmwareoptiplex_5080_firmwarexps_17_9700_firmwareinspiron_15_7510latitude_3420_firmwarevostro_14_5410latitude_7320_detachable_firmwarelatitude_9410optiplex_7080_firmwarelatitude_5310xps_15_9500inspiron_5508_firmwareprecision_3450precision_7550_firmwareoptiplex_7090_uff_firmwarechengming_3991precision_5560inspiron_5400_aio_firmwareinspiron_7501_firmwareg15_5510_firmwareinspiron_3881_firmwarelatitude_5521precision_17_m5750vostro_3501latitude_7520vostro_15_5510inspiron_5406_2n1_firmwareprecision_3450_firmwarechengming_3990inspiron_5301g7_7700_firmwareoptiplex_7090_towervostro_5880_firmwarexps_17_9710inspiron_5402inspiron_7700_aiovostro_3881vostro_5401latitude_5420_firmwareprecision_3561latitude_5520latitude_3410_firmwarevostro_5300inspiron_7400_firmwarelatitude_3320vostro_5301precision_3650_mtxps_15_9510latitude_7210_2-in-1inspiron_5410_2-in-1_firmwarevostro_5880precision_7750alienware_m15_r6_firmwareinspiron_5410_2-in-1latitude_3320_firmwarelatitude_9520_firmwareprecision_5560_firmwarevostro_3690_firmwareoptiplex_7080g15_5510latitude_5520_firmwareinspiron_15_5518vostro_7500_firmwarelatitude_5410inspiron_5310precision_3551latitude_5320_2-in-1_firmwareinspiron_7610vostro_5301_firmwarelatitude_5421vostro_5890latitude_9420_firmwarexps_13_2in1_9310latitude_5510inspiron_5400_2-in-1inspiron_5401_aio_firmwareinspiron_7610_firmwarelatitude_5320_2-in-1vostro_5300_firmwarevostro_3501_firmwareinspiron_5400_2-in-1_firmwareoptiplex_7780_all-in-one_firmwareprecision_3440xps_13_2in1_9310_firmwareprecision_3440_firmwarevostro_5402precision_3640_firmwareinspiron_7500_2-in-1_firmwarelatitude_5320precision_3550_firmwarelatitude_7410vostro_3690optiplex_3280_all-in-one_firmwarexps_15_9500_firmwarelatitude_5411inspiron_5300_firmwareprecision_7760vostro_7500optiplex_7490_all-in-oneinspiron_7306_2-in-1_firmwarevostro_3500_firmwarelatitude_7320_detachablelatitude_9520inspiron_5509optiplex_3090_uffoptiplex_5090_towervostro_3681latitude_7420inspiron_5300inspiron_7706_2-in-1inspiron_5508precision_5550_firmwarevostro_15_7510g7_7500_firmwarelatitude_5411_firmwarelatitude_3120_firmwarelatitude_3510_firmwareinspiron_15_5518_firmwareinspiron_5301_firmwareinspiron_5408_firmwarelatitude_7310_firmwareinspiron_7306_2-in-1xps_13_9310_firmwarelatitude_9510optiplex_3280_all-in-onelatitude_7520_firmwareprecision_5760_firmwarelatitude_5420inspiron_7300inspiron_5402_firmwarevostro_3681_firmwareprecision_7560_firmwarevostro_5890_firmwarelatitude_9510_firmwareoptiplex_5490_aio_firmwareprecision_7760_firmwarexps_13_9305_firmwarelatitude_7210_2-in-1_firmwarexps_13_9310vostro_15_7510_firmwarelatitude_5510_firmwareg7_7700vostro_5502inspiron_7506optiplex_7780_all-in-oneinspiron_5408inspiron_3501_firmwarevostro_5502_firmwareinspiron_3880g3_3500_firmwareoptiplex_3080_firmwarelatitude_3410precision_7550vostro_5402_firmwareoptiplex_7490_all-in-one_firmwareinspiron_3881vostro_14_5410_firmwarelatitude_5320_firmwareoptiplex_3080inspiron_3501latitude_5310_firmwarealienware_m15_r6vostro_3890_firmwareoptiplex_5490_aiolatitude_7310latitude_5421_firmwareinspiron_7500g15_5511optiplex_3090_uff_firmwareprecision_5760inspiron_5401_firmwarevostro_15_5510_firmwarevostro_5501optiplex_7480_all-in-onechengming_3990_firmwarelatitude_7320_firmwarelatitude_3120precision_3560inspiron_5401_aioprecision_3551_firmwareprecision_3640inspiron_7700_aio_firmwarevostro_3400_firmwarevostro_5310_firmwareinspiron_5509_firmwareoptiplex_7480_all-in-one_firmwarevostro_3500precision_7750_firmwareinspiron_5502_firmwarelatitude_3520_firmwarechengming_3991_firmwareinspiron_14_5418inspiron_5409_firmwareinspiron_7400inspiron_7500_2-in-1latitude_5521_firmwareinspiron_5401BIOSConnect
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21552
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.2||MEDIUM
EPSS-0.14% / 34.60%
||
7 Day CHG~0.00%
Published-21 May, 2021 | 20:05
Updated-16 Sep, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system.

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-wyse_5070_thin_clientwyse_5470_all-in-one_thin_clientwyse_5470_thin_clientwindows_10Wyse Windows Embedded (WES)
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-21535
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.4||HIGH
EPSS-0.03% / 8.13%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 17:40
Updated-16 Sep, 2024 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system.

Action-Not Available
Vendor-Dell Inc.
Product-hybrid_clientDell Hybrid Client (DHC)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-21599
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.22% / 44.47%
||
7 Day CHG-0.08%
Published-16 Aug, 2021 | 22:00
Updated-17 Sep, 2024 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21574
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.20%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 17:00
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

Action-Not Available
Vendor-Dell Inc.
Product-optiplex_7090_uffxps_15_9510_firmwareinspiron_7500_firmwareinspiron_7300_firmwarelatitude_3520g5_5500precision_17_m5750_firmwareprecision_3561_firmwarexps_17_9710_firmwareg7_7500precision_7560vostro_3881_firmwarelatitude_5511_firmwareprecision_3550inspiron_3891_firmwarevostro_3888vostro_3888_firmwarelatitude_7420_firmwareinspiron_5501vostro_5501_firmwarelatitude_9420optiplex_5090_tower_firmwareprecision_3650_mt_firmwareoptiplex_5080inspiron_5400_aioinspiron_5502latitude_5511inspiron_7501precision_5550inspiron_7300_2-in-1xps_17_9700vostro_3400inspiron_3891xps_13_9305vostro_5310g3_3500latitude_9410_firmwareinspiron_7300_2-in-1_firmwareinspiron_7706_2-in-1_firmwareg15_5511_firmwarelatitude_7410_firmwarelatitude_7320latitude_5310_2-in-1optiplex_7090_tower_firmwarelatitude_3420inspiron_15_7510_firmwareinspiron_14_5418_firmwareg5_5500_firmwareinspiron_7506_firmwarelatitude_5410_firmwarelatitude_5310_2-in-1_firmwareinspiron_5409vostro_3890latitude_3510precision_3560_firmwarevostro_5401_firmwareinspiron_3880_firmwareinspiron_5310_firmwareinspiron_5406_2n1inspiron_5501_firmwareoptiplex_5080_firmwarexps_17_9700_firmwareinspiron_15_7510latitude_3420_firmwarevostro_14_5410latitude_7320_detachable_firmwarelatitude_9410optiplex_7080_firmwarelatitude_5310xps_15_9500inspiron_5508_firmwareprecision_3450precision_7550_firmwareoptiplex_7090_uff_firmwarechengming_3991precision_5560inspiron_5400_aio_firmwareinspiron_7501_firmwareg15_5510_firmwareinspiron_3881_firmwarelatitude_5521precision_17_m5750vostro_3501latitude_7520vostro_15_5510inspiron_5406_2n1_firmwareprecision_3450_firmwarechengming_3990inspiron_5301g7_7700_firmwareoptiplex_7090_towervostro_5880_firmwarexps_17_9710inspiron_5402inspiron_7700_aiovostro_3881vostro_5401latitude_5420_firmwareprecision_3561latitude_5520latitude_3410_firmwarevostro_5300inspiron_7400_firmwarelatitude_3320vostro_5301precision_3650_mtxps_15_9510latitude_7210_2-in-1inspiron_5410_2-in-1_firmwarevostro_5880precision_7750alienware_m15_r6_firmwareinspiron_5410_2-in-1latitude_3320_firmwarelatitude_9520_firmwareprecision_5560_firmwarevostro_3690_firmwareoptiplex_7080g15_5510latitude_5520_firmwareinspiron_15_5518vostro_7500_firmwarelatitude_5410inspiron_5310precision_3551latitude_5320_2-in-1_firmwareinspiron_7610vostro_5301_firmwarelatitude_5421vostro_5890latitude_9420_firmwarexps_13_2in1_9310latitude_5510inspiron_5400_2-in-1inspiron_5401_aio_firmwareinspiron_7610_firmwarelatitude_5320_2-in-1vostro_5300_firmwarevostro_3501_firmwareinspiron_5400_2-in-1_firmwareoptiplex_7780_all-in-one_firmwareprecision_3440xps_13_2in1_9310_firmwareprecision_3440_firmwarevostro_5402precision_3640_firmwareinspiron_7500_2-in-1_firmwarelatitude_5320precision_3550_firmwarelatitude_7410vostro_3690optiplex_3280_all-in-one_firmwarexps_15_9500_firmwarelatitude_5411inspiron_5300_firmwareprecision_7760vostro_7500optiplex_7490_all-in-oneinspiron_7306_2-in-1_firmwarevostro_3500_firmwarelatitude_7320_detachablelatitude_9520inspiron_5509optiplex_3090_uffoptiplex_5090_towervostro_3681latitude_7420inspiron_5300inspiron_7706_2-in-1inspiron_5508precision_5550_firmwarevostro_15_7510g7_7500_firmwarelatitude_5411_firmwarelatitude_3120_firmwarelatitude_3510_firmwareinspiron_15_5518_firmwareinspiron_5301_firmwareinspiron_5408_firmwarelatitude_7310_firmwareinspiron_7306_2-in-1xps_13_9310_firmwarelatitude_9510optiplex_3280_all-in-onelatitude_7520_firmwareprecision_5760_firmwarelatitude_5420inspiron_7300inspiron_5402_firmwarevostro_3681_firmwareprecision_7560_firmwarevostro_5890_firmwarelatitude_9510_firmwareoptiplex_5490_aio_firmwareprecision_7760_firmwarexps_13_9305_firmwarelatitude_7210_2-in-1_firmwarexps_13_9310vostro_15_7510_firmwarelatitude_5510_firmwareg7_7700vostro_5502inspiron_7506optiplex_7780_all-in-oneinspiron_5408inspiron_3501_firmwarevostro_5502_firmwareinspiron_3880g3_3500_firmwareoptiplex_3080_firmwarelatitude_3410precision_7550vostro_5402_firmwareoptiplex_7490_all-in-one_firmwareinspiron_3881vostro_14_5410_firmwarelatitude_5320_firmwareoptiplex_3080inspiron_3501latitude_5310_firmwarealienware_m15_r6vostro_3890_firmwareoptiplex_5490_aiolatitude_7310latitude_5421_firmwareinspiron_7500g15_5511optiplex_3090_uff_firmwareprecision_5760inspiron_5401_firmwarevostro_15_5510_firmwarevostro_5501optiplex_7480_all-in-onechengming_3990_firmwarelatitude_7320_firmwarelatitude_3120precision_3560inspiron_5401_aioprecision_3551_firmwareprecision_3640inspiron_7700_aio_firmwarevostro_3400_firmwarevostro_5310_firmwareinspiron_5509_firmwareoptiplex_7480_all-in-one_firmwarevostro_3500precision_7750_firmwareinspiron_5502_firmwarelatitude_3520_firmwarechengming_3991_firmwareinspiron_14_5418inspiron_5409_firmwareinspiron_7400inspiron_7500_2-in-1latitude_5521_firmwareinspiron_5401BIOSConnect
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21573
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.05% / 13.31%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 17:00
Updated-17 Sep, 2024 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

Action-Not Available
Vendor-Dell Inc.
Product-optiplex_7090_uffxps_15_9510_firmwareinspiron_7500_firmwareinspiron_7300_firmwarelatitude_3520g5_5500precision_17_m5750_firmwareprecision_3561_firmwarexps_17_9710_firmwareg7_7500precision_7560vostro_3881_firmwarelatitude_5511_firmwareprecision_3550inspiron_3891_firmwarevostro_3888vostro_3888_firmwarelatitude_7420_firmwareinspiron_5501vostro_5501_firmwarelatitude_9420optiplex_5090_tower_firmwareprecision_3650_mt_firmwareoptiplex_5080inspiron_5400_aioinspiron_5502latitude_5511inspiron_7501precision_5550inspiron_7300_2-in-1xps_17_9700vostro_3400inspiron_3891xps_13_9305vostro_5310g3_3500latitude_9410_firmwareinspiron_7300_2-in-1_firmwareinspiron_7706_2-in-1_firmwareg15_5511_firmwarelatitude_7410_firmwarelatitude_7320latitude_5310_2-in-1optiplex_7090_tower_firmwarelatitude_3420inspiron_15_7510_firmwareinspiron_14_5418_firmwareg5_5500_firmwareinspiron_7506_firmwarelatitude_5410_firmwarelatitude_5310_2-in-1_firmwareinspiron_5409vostro_3890latitude_3510precision_3560_firmwarevostro_5401_firmwareinspiron_3880_firmwareinspiron_5310_firmwareinspiron_5406_2n1inspiron_5501_firmwareoptiplex_5080_firmwarexps_17_9700_firmwareinspiron_15_7510latitude_3420_firmwarevostro_14_5410latitude_7320_detachable_firmwarelatitude_9410optiplex_7080_firmwarelatitude_5310xps_15_9500inspiron_5508_firmwareprecision_3450precision_7550_firmwareoptiplex_7090_uff_firmwarechengming_3991precision_5560inspiron_5400_aio_firmwareinspiron_7501_firmwareg15_5510_firmwareinspiron_3881_firmwarelatitude_5521precision_17_m5750vostro_3501latitude_7520vostro_15_5510inspiron_5406_2n1_firmwareprecision_3450_firmwarechengming_3990inspiron_5301g7_7700_firmwareoptiplex_7090_towervostro_5880_firmwarexps_17_9710inspiron_5402inspiron_7700_aiovostro_3881vostro_5401latitude_5420_firmwareprecision_3561latitude_5520latitude_3410_firmwarevostro_5300inspiron_7400_firmwarelatitude_3320vostro_5301precision_3650_mtxps_15_9510latitude_7210_2-in-1inspiron_5410_2-in-1_firmwarevostro_5880precision_7750alienware_m15_r6_firmwareinspiron_5410_2-in-1latitude_3320_firmwarelatitude_9520_firmwareprecision_5560_firmwarevostro_3690_firmwareoptiplex_7080g15_5510latitude_5520_firmwareinspiron_15_5518vostro_7500_firmwarelatitude_5410inspiron_5310precision_3551latitude_5320_2-in-1_firmwareinspiron_7610vostro_5301_firmwarelatitude_5421vostro_5890latitude_9420_firmwarexps_13_2in1_9310latitude_5510inspiron_5400_2-in-1inspiron_5401_aio_firmwareinspiron_7610_firmwarelatitude_5320_2-in-1vostro_5300_firmwarevostro_3501_firmwareinspiron_5400_2-in-1_firmwareoptiplex_7780_all-in-one_firmwareprecision_3440xps_13_2in1_9310_firmwareprecision_3440_firmwarevostro_5402precision_3640_firmwareinspiron_7500_2-in-1_firmwarelatitude_5320precision_3550_firmwarelatitude_7410vostro_3690optiplex_3280_all-in-one_firmwarexps_15_9500_firmwarelatitude_5411inspiron_5300_firmwareprecision_7760vostro_7500optiplex_7490_all-in-oneinspiron_7306_2-in-1_firmwarevostro_3500_firmwarelatitude_7320_detachablelatitude_9520inspiron_5509optiplex_3090_uffoptiplex_5090_towervostro_3681latitude_7420inspiron_5300inspiron_7706_2-in-1inspiron_5508precision_5550_firmwarevostro_15_7510g7_7500_firmwarelatitude_5411_firmwarelatitude_3120_firmwarelatitude_3510_firmwareinspiron_15_5518_firmwareinspiron_5301_firmwareinspiron_5408_firmwarelatitude_7310_firmwareinspiron_7306_2-in-1xps_13_9310_firmwarelatitude_9510optiplex_3280_all-in-onelatitude_7520_firmwareprecision_5760_firmwarelatitude_5420inspiron_7300inspiron_5402_firmwarevostro_3681_firmwareprecision_7560_firmwarevostro_5890_firmwarelatitude_9510_firmwareoptiplex_5490_aio_firmwareprecision_7760_firmwarexps_13_9305_firmwarelatitude_7210_2-in-1_firmwarexps_13_9310vostro_15_7510_firmwarelatitude_5510_firmwareg7_7700vostro_5502inspiron_7506optiplex_7780_all-in-oneinspiron_5408inspiron_3501_firmwarevostro_5502_firmwareinspiron_3880g3_3500_firmwareoptiplex_3080_firmwarelatitude_3410precision_7550vostro_5402_firmwareoptiplex_7490_all-in-one_firmwareinspiron_3881vostro_14_5410_firmwarelatitude_5320_firmwareoptiplex_3080inspiron_3501latitude_5310_firmwarealienware_m15_r6vostro_3890_firmwareoptiplex_5490_aiolatitude_7310latitude_5421_firmwareinspiron_7500g15_5511optiplex_3090_uff_firmwareprecision_5760inspiron_5401_firmwarevostro_15_5510_firmwarevostro_5501optiplex_7480_all-in-onechengming_3990_firmwarelatitude_7320_firmwarelatitude_3120precision_3560inspiron_5401_aioprecision_3551_firmwareprecision_3640inspiron_7700_aio_firmwarevostro_3400_firmwarevostro_5310_firmwareinspiron_5509_firmwareoptiplex_7480_all-in-one_firmwarevostro_3500precision_7750_firmwareinspiron_5502_firmwarelatitude_3520_firmwarechengming_3991_firmwareinspiron_14_5418inspiron_5409_firmwareinspiron_7400inspiron_7500_2-in-1latitude_5521_firmwareinspiron_5401BIOSConnect
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21591
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.12% / 31.25%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 15:40
Updated-17 Sep, 2024 | 03:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-21590
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.12% / 31.25%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 15:40
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-21595
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.14% / 34.19%
||
7 Day CHG-0.05%
Published-16 Aug, 2021 | 22:00
Updated-17 Sep, 2024 | 00:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-21518
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.56%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 20:10
Updated-16 Sep, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcssupportassist_client_promanageDell SupportAssist Client
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-44279
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.70%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 15:22
Updated-01 Oct, 2024 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_domainpowerprotect_data_protectiondd9400dp5900apex_protection_storagepowerprotect_data_domain_management_centeremc_data_domain_osdd6400dd3300dd9900dd6900dp4400PowerProtect DDpowerprotect_data_domain
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-44278
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 24.21%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 15:17
Updated-02 Aug, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_domainpowerprotect_data_protectiondd9400dp5900apex_protection_storagepowerprotect_data_domain_management_centerdd6400emc_data_domain_osdd3300dd9900dd6900dp4400PowerProtect DD
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-26860
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 20:15
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in SMM.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5401vostro_5391_firmwareoptiplex_7770_all-in-onexps_15_9510_firmwareinspiron_3470latitude_e7270inspiron_7300_firmwarelatitude_3520vostro_3468precision_3561_firmwareinspiron_7570vostro_3669xps_17_9710_firmwareg5_15_5587inspiron_5590_firmwareprecision_7560g7_17_7790_firmwarelatitude_5179latitude_7380_firmwarevostro_3888xps_13_9370inspiron_5570inspiron_7490vostro_3888_firmwarelatitude_e5270precision_7540wyse_7040_thin_clientwyse_5070latitude_9420inspiron_5490_firmwarelatitude_5590optiplex_5080inspiron_5502latitude_5511latitude_7390_2-in-1inspiron_7501precision_5530_2-in-1inspiron_7300_2-in-1precision_5550xps_17_9700inspiron_7580_firmwareprecision_7720vostro_5581_firmwarelatitude_5300vostro_3400latitude_3380_firmwareoptiplex_7760_aiog3_3500precision_5530_firmwareoptiplex_5040vostro_15_7580optiplex_5050latitude_7320latitude_3470inspiron_15_gaming_7577latitude_7300optiplex_7090optiplex_3050_aioprecision_3620_towervostro_5468g7_17_7700_firmwarexps_13_9360optiplex_5055_firmwareprecision_3431_toweroptiplex_3060_firmwareinspiron_5490_aio_firmwareinspiron_7000latitude_3420latitude_3590_firmwarelatitude_7490_firmwarevostro_5491_firmwareprecision_5520latitude_5310_2-in-1_firmwareinspiron_7490_firmwareinspiron_5409latitude_7400latitude_5591optiplex_5270_all-in-one_firmwareinspiron_3471inspiron_3511_firmwarelatitude_3390optiplex_5050_firmwareprecision_7520_firmwareoptiplex_7071_firmwarelatitude_5175_firmwareinspiron_7586optiplex_3040_firmwarelatitude_3400optiplex_5070latitude_3420_firmwareg5_5000inspiron_13_5378_firmwarexps_15_9575_2-in-1inspiron_5491_2-in-1_firmwarelatitude_7285_firmwareoptiplex_3090_firmwareoptiplex_3240_all-in-onexps_13_9370_firmwarevostro_3581_firmwareinspiron_7506_2-in-1_firmwarelatitude_7320_detachable_firmwarevostro_3581latitude_9410optiplex_7070latitude_3570optiplex_7080_firmwarelatitude_5420_rugged_firmwareinspiron_5491_aio_firmwareinspiron_15_5578_firmwarelatitude_5310vostro_5391latitude_3301inspiron_5594latitude_5420_ruggedoptiplex_7090_ultra_firmwarevostro_3268_firmwarevostro_3660inspiron_7000_firmwarelatitude_7220_rugged_extreme_tabletprecision_3450inspiron_5510latitude_7390_2-in-1_firmwarelatitude_5495inspiron_5400latitude_7480_firmwarevostro_3568latitude_e5470_firmwarevostro_5591vostro_5090precision_5560latitude_3190vostro_5370latitude_7220ex_rugged_extreme_tablet_firmwareinspiron_5580_firmwareinspiron_3881_firmwarelatitude_5488latitude_5521vostro_3478latitude_7380optiplex_5480_all-in-one_firmwareprecision_3540inspiron_3910inspiron_7510_firmwareinspiron_3580_firmwarelatitude_7520inspiron_3781_firmwarevostro_5370_firmwarewyse_5070_firmwarevostro_3670_firmwareinspiron_15_gaming_7577_firmwarelatitude_3310latitude_7414_rugged_extreme_firmwarelatitude_5290_2-in-1precision_7520vostro_3660_firmwarewyse_5470_all-in-one_firmwareinspiron_5482precision_7820_toweroptiplex_3090latitude_7290vostro_5410latitude_7212_rugged_extreme_tablet_firmwareinspiron_5402precision_7540_firmwareinspiron_7700_aiolatitude_7480vostro_3401_firmwareinspiron_7391_firmwarevostro_3881vostro_5401edge_gateway_5000_firmwareinspiron_5593wyse_5470_firmwarelatitude_5420_firmwareprecision_3561inspiron_7580vostro_5390_firmwareinspiron_5770latitude_3580vostro_5300precision_5820_tower_firmwareinspiron_3493_firmwarelatitude_3190_2-in-1_firmwarevostro_5301xps_15_9510inspiron_5480_firmwareinspiron_3590latitude_7210_2-in-1optiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268optiplex_7070_firmwarealienware_m15_r6_firmwareoptiplex_5270_all-in-oneinspiron_5410_2-in-1optiplex_xe3vostro_3584precision_5510latitude_3301_firmwareinspiron_7370vostro_3481_firmwarelatitude_5491latitude_9520_firmwareprecision_5560_firmwarevostro_5468_firmwarevostro_3690_firmwareoptiplex_7040inspiron_7386latitude_5520_firmwareoptiplex_5090optiplex_5480_all-in-oneinspiron_5591_2-in-1_firmwarelatitude_7280latitude_5400latitude_5410inspiron_7373_firmwareprecision_3541xps_8940optiplex_7050_firmwareprecision_7730_firmwarelatitude_3379_firmwarelatitude_5401_firmwareprecision_3551vostro_5491precision_5820_towerprecision_7730inspiron_7380precision_3640_tower_firmwareinspiron_7610latitude_7275_2-in-1_firmwarevostro_5301_firmwareg7_17_7790vostro_5890embedded_box_pc_3000inspiron_5400_2-in-1latitude_7285inspiron_7570_firmwarelatitude_5400_firmwareinspiron_7610_firmwareoptiplex_7770_all-in-one_firmwareinspiron_5400_2-in-1_firmwareinspiron_7391vostro_3671_firmwareprecision_3440vostro_5402optiplex_7090_ultrag5_5000_firmwareoptiplex_7470_all-in-oneoptiplex_7460_firmwareoptiplex_5250_firmwareinspiron_3576inspiron_3671_firmwareinspiron_7500_2-in-1_firmwareinspiron_5510_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwarevostro_15_7580_firmwarelatitude_7214inspiron_3781vostro_3690inspiron_3576_firmwareinspiron_5300_firmwareg7_7588_firmwarelatitude_3570_firmwareoptiplex_3050_firmwareoptiplex_7490_all-in-onevostro_7500inspiron_7590_firmwareinspiron_7791_firmwarevostro_3568_firmwareprecision_7740_firmwareinspiron_15_3567latitude_7389vostro_3681inspiron_5570_firmwareprecision_7920_towerlatitude_7400_2-in-1_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530g7_7588latitude_5411_firmwarelatitude_3510_firmwareinspiron_3470_firmwareinspiron_3593optiplex_7070_ultrainspiron_5370precision_7740xps_13_9365inspiron_3481_firmwareprecision_5530latitude_7275_2-in-1latitude_7310_firmwareoptiplex_7440_aioinspiron_15_5579_firmwareinspiron_7306_2-in-1xps_13_9310_firmwareinspiron_3790_firmwarelatitude_9510optiplex_3280_all-in-oneinspiron_5770_firmwareinspiron_7586_firmwareprecision_5760_firmwarelatitude_3180_firmwarevostro_3681_firmwarevostro_3580_firmwareinspiron_3581_firmwareinspiron_17_7773latitude_9510_firmwarevostro_5890_firmwareinspiron_3910_firmwareinspiron_5406_2-in-1optiplex_5490_aio_firmwareprecision_7760_firmwarelatitude_3490_firmwarelatitude_5300_2-in-1_firmwareinspiron_3511vostro_3668xps_13_9305_firmwareinspiron_5410latitude_7280_firmwarevostro_5502vostro_3670edge_gateway_3000latitude_5280latitude_5179_firmwareoptiplex_7780_all-in-oneinspiron_5490inspiron_15_5578inspiron_3501_firmwarelatitude_5300_firmwarewyse_7040_thin_client_firmwareinspiron_3880inspiron_5580latitude_5480_firmwareprecision_3930_rackprecision_7550vostro_3490inspiron_5391g5_15_5590_firmwareinspiron_5598latitude_5320_firmwarexps_7590_firmwareoptiplex_3080latitude_3480precision_5750latitude_rugged_5430vostro_3671inspiron_7591latitude_7310inspiron_7790latitude_5421_firmwareinspiron_7500inspiron_7790_firmwareg15_5511latitude_3379precision_5760vostro_3584_firmwareoptiplex_7480_all-in-onechengming_3990_firmwarevostro_3478_firmwareprecision_3520_firmwareinspiron_5594_firmwarechengming_3980precision_3551_firmwareoptiplex_7070_ultra_firmwareinspiron_7700_aio_firmwarevostro_3400_firmwarevostro_5310_firmwareoptiplex_7060latitude_5290_firmwarelatitude_7424_rugged_extremeinspiron_13_5379_firmwareoptiplex_7480_all-in-one_firmwareg5_5090_firmwareoptiplex_3240_all-in-one_firmwarelatitude_7390vostro_3500g3_15_3590latitude_3390_firmwareprecision_3240_compactinspiron_14_3476precision_7750_firmwarelatitude_3520_firmwarelatitude_5285_2-in-1_firmwareinspiron_5490_aiovostro_3401chengming_3991_firmwarevostro_3480_firmwarevostro_7590_firmwareprecision_3510_firmwareinspiron_7400inspiron_7370_firmwareprecision_3650_tower_firmwarelatitude_7389_firmwareinspiron_7500_2-in-1optiplex_7470_all-in-one_firmwarevostro_3510latitude_e7470precision_3630_tower_firmwareoptiplex_5040_firmwarexps_13_9310_2-in-1inspiron_3581inspiron_13_7378vostro_5568inspiron_5400_firmwareinspiron_15_5566_firmwarelatitude_5424_ruggedlatitude_5488_firmwareinspiron_5583inspiron_7500_firmwareprecision_3541_firmwareinspiron_5591_2-in-1g5_5500g5_15_5587_firmwareinspiron_15_7572inspiron_7506_2-in-1vostro_5568_firmwareg7_7500precision_3650_towerinspiron_7373latitude_7200_2-in-1latitude_5511_firmwarevostro_3490_firmwarevostro_3881_firmwareoptiplex_7040_firmwareinspiron_5493precision_3550inspiron_3891_firmwarelatitude_7370_firmwarelatitude_7370optiplex_3090_ultra_firmwarelatitude_7420_firmwareoptiplex_5070_firmwareinspiron_5501vostro_5501_firmwarelatitude_3310_2-in-1inspiron_5390_firmwareoptiplex_3090_ultralatitude_5490vostro_3070_firmwareinspiron_7390_firmwarexps_7590latitude_3190_2-in-1optiplex_7071edge_gateway_5000vostro_3481inspiron_3891inspiron_7786vostro_5310xps_13_9305latitude_9410_firmwarevostro_7590latitude_e7270_firmwarelatitude_5280_firmwarelatitude_3180inspiron_7300_2-in-1_firmwareinspiron_7706_2-in-1_firmwarelatitude_5300_2-in-1latitude_7424_rugged_extreme_firmwarelatitude_e5470optiplex_7090_firmwareoptiplex_3070_firmwareg15_5511_firmwarelatitude_7410_firmwarevostro_3667latitude_e7470_firmwareoptiplex_5260_all-in-oneprecision_7720_firmwarelatitude_5310_2-in-1vostro_3910inspiron_5491_aioinspiron_13_5378inspiron_3780inspiron_7380_firmwareg5_5500_firmwarelatitude_rugged_7330_firmwarelatitude_7390_firmwarelatitude_5500_firmwareprecision_7710latitude_5410_firmwarevostro_5090_firmwarelatitude_3400_firmwarevostro_3890latitude_3510precision_3560_firmwareinspiron_5584precision_3520inspiron_17_7773_firmwareinspiron_7573_firmwarelatitude_5495_firmwarelatitude_e5570vostro_5401_firmwareinspiron_3880_firmwareinspiron_5310_firmwareinspiron_5501_firmwareg5_5090optiplex_3050precision_7820_tower_firmwareoptiplex_5055optiplex_5080_firmwarelatitude_e5270_firmwareinspiron_5493_firmwarevostro_3471xps_17_9700_firmwareinspiron_3480_firmwareoptiplex_5060_firmwarevostro_3590vostro_5390vostro_3578vostro_5590_firmwarelatitude_3470_firmwareprecision_7530_firmwareinspiron_3790vostro_3583_firmwareinspiron_15_5566latitude_3190_firmwareinspiron_5494xps_15_9500latitude_5500inspiron_15_5582inspiron_5508_firmwareprecision_7550_firmwarelatitude_3500_firmwarechengming_3991latitude_5288_firmwareinspiron_7501_firmwareinspiron_5480optiplex_7760_aio_firmwareg15_5510_firmwarevostro_7510_firmwarelatitude_5290_2-in-1_firmwareinspiron_3471_firmwarevostro_3669_firmwarevostro_7510inspiron_7791latitude_5501latitude_7400_firmwareprecision_7710_firmwarelatitude_3590vostro_3501precision_3450_firmwareinspiron_7472_firmwarechengming_3990inspiron_5301vostro_3583latitude_5491_firmwarevostro_5880_firmwarexps_17_9710inspiron_3493precision_5750_firmwarelatitude_7214_firmwarexps_13_9365_firmwareoptiplex_3060optiplex_5060latitude_5285_2-in-1chengming_3988_firmwareinspiron_5482_firmwarelatitude_3410_firmwarelatitude_5520inspiron_7510vostro_5481wyse_5470_all-in-oneinspiron_7400_firmwareprecision_3530_firmwarelatitude_3320inspiron_5583_firmwarexps_13_9310_2-in-1_firmwarelatitude_5580_firmwarelatitude_3189inspiron_5410_2-in-1_firmwarexps_15_9575_2-in-1_firmwarevostro_3580precision_7750inspiron_7472latitude_5175inspiron_14_3467_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarelatitude_3320_firmwareinspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579inspiron_7386_firmwareoptiplex_7080vostro_3578_firmwareg15_5510vostro_7500_firmwarelatitude_5480inspiron_5310vostro_5510_firmwarevostro_5471_firmwareinspiron_14_3476_firmwareoptiplex_3046vostro_3468_firmwarelatitude_5414_rugged_firmwarelatitude_5424_rugged_firmwarelatitude_rugged_7330inspiron_15_5582_firmwarelatitude_7300_firmwarelatitude_5421latitude_9420_firmwarelatitude_5510g7_17_7700inspiron_5401_aio_firmwarevostro_5300_firmwarewyse_5470optiplex_5090_firmwarevostro_3501_firmwareinspiron_3593_firmwareoptiplex_7780_all-in-one_firmwarevostro_3710_firmwareinspiron_5481inspiron_5494_firmwareprecision_3440_firmwareprecision_5530_2-in-1_firmwarexps_27_7760inspiron_7786_firmwarelatitude_3310_2-in-1_firmwareinspiron_15_5579latitude_5320latitude_7410inspiron_3590_firmwarelatitude_5501_firmwarexps_27_7760_firmwareoptiplex_3280_all-in-one_firmwarexps_15_9500_firmwarelatitude_5411precision_7760optiplex_7450_firmwareinspiron_7306_2-in-1_firmwareoptiplex_7450vostro_3500_firmwareoptiplex_3050_aio_firmwareinspiron_15_3567_firmwareg3_3579_firmwarelatitude_7320_detachableinspiron_5509latitude_3480_firmwarelatitude_3189_firmwarelatitude_9520xps_13_9360_firmwarevostro_3590_firmwareinspiron_5406_2-in-1_firmwareinspiron_5498optiplex_7440_aio_firmwarelatitude_7420inspiron_7591_firmwarelatitude_5290inspiron_5300inspiron_7706_2-in-1inspiron_5508latitude_5289_firmwareprecision_5550_firmwarechengming_3980_firmwareinspiron_5491_2-in-1g7_7500_firmwarelatitude_3120_firmwarelatitude_5590_firmwareinspiron_15_7572_firmwareinspiron_5590vostro_5481_firmwarevostro_5490inspiron_5301_firmwarevostro_3267inspiron_14_3467g3_15_3590_firmwareinspiron_3671inspiron_5408_firmwareinspiron_5498_firmwareprecision_5540vostro_5490_firmwareinspiron_3480latitude_7520_firmwarelatitude_3490precision_3930_rack_firmwarevostro_3710inspiron_3670latitude_5420inspiron_7300inspiron_3793_firmwareinspiron_5402_firmwareinspiron_7390precision_3430_tower_firmwareprecision_7560_firmwarelatitude_3300_firmwarevostro_5471latitude_7400_2-in-1precision_3640_towervostro_5510inspiron_3490vostro_5581latitude_7210_2-in-1_firmwarelatitude_rugged_5430_firmwarexps_13_9310latitude_5510_firmwarevostro_3510_firmwareinspiron_3670_firmwarevostro_15_7570inspiron_5410_firmwarelatitude_7212_rugged_extreme_tabletlatitude_e5570_firmwareinspiron_5408latitude_7220_rugged_extreme_tablet_firmwarevostro_5410_firmwarevostro_5502_firmwareprecision_3540_firmwareoptiplex_3046_firmwarelatitude_3380latitude_5289g3_3500_firmwareprecision_3431_tower_firmwarevostro_3471_firmwareoptiplex_3080_firmwarelatitude_3410precision_5510_firmwarevostro_5402_firmwareprecision_3420_towerg5_15_5590optiplex_7490_all-in-one_firmwareinspiron_3881xps_13_9380latitude_7220ex_rugged_extreme_tabletlatitude_7414_rugged_extremeprecision_3420_tower_firmwarelatitude_5490_firmwarelatitude_5591_firmwareinspiron_3501latitude_5310_firmwarelatitude_3500vostro_3070inspiron_3793precision_3430_towerinspiron_5481_firmwarealienware_m15_r6precision_5520_firmwarevostro_3890_firmwareoptiplex_5490_aiochengming_3988xps_15_7590latitude_3300latitude_5580precision_3620_tower_firmwareinspiron_5584_firmwareedge_gateway_3000_firmwareprecision_5540_firmwareinspiron_5401_firmwareinspiron_7573vostro_5501vostro_5590xps_8940_firmwarelatitude_7320_firmwarelatitude_3120vostro_3480precision_3560inspiron_5401_aiooptiplex_5260_all-in-one_firmwareinspiron_5509_firmwareinspiron_5593_firmwarelatitude_7200_2-in-1_firmwareprecision_3630_towerlatitude_3580_firmwareinspiron_5598_firmwarevostro_3470latitude_5414_ruggedoptiplex_3070inspiron_13_7378_firmwareoptiplex_3040vostro_3910_firmwarelatitude_7290_firmwareprecision_7530inspiron_5370_firmwareinspiron_5391_firmwareinspiron_5502_firmwareoptiplex_7460xps_15_7590_firmwareembedded_box_pc_5000_firmwareoptiplex_7050inspiron_3490_firmwareinspiron_5409_firmwareprecision_3510xps_13_9380_firmwareinspiron_13_5379inspiron_5390latitude_5288latitude_7490optiplex_7060_firmwareprecision_3240_compact_firmwarelatitude_5521_firmwareinspiron_5401optiplex_5250vostro_3667_firmwareprecision_7920_tower_firmwarevostro_5591_firmwarevostro_15_7570_firmwareCPG BIOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-26865
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 18.07%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-16 Sep, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_os_recoveryDell OS Recovery Tool
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2022-26868
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.11% / 29.83%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 21:00
Updated-17 Sep, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.

Action-Not Available
Vendor-Dell Inc.
Product-powerstore_xpowerstore_tpowerstoreosPowerStore
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-5385
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.32%
||
7 Day CHG~0.00%
Published-18 Aug, 2020 | 20:40
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionendpoint_security_suite_enterpriseDell Encryption Enterprise
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-5343
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.02% / 3.44%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 18:50
Updated-17 Sep, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder.

Action-Not Available
Vendor-Dell Inc.
Product-os_recovery_image_for_microsoft_windows_10CPG SW
CWE ID-CWE-277
Insecure Inherited Permissions
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-5342
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.56%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 19:45
Updated-16 Sep, 2024 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryDell Digital Delivery (Cirrus)
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-5361
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.1||MEDIUM
EPSS-0.05% / 15.65%
||
7 Day CHG~0.00%
Published-04 Jan, 2021 | 21:15
Updated-16 Sep, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication.

Action-Not Available
Vendor-Dell Inc.
Product-cpg_biosCPG BIOS
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2020-5384
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.05% / 15.56%
||
7 Day CHG~0.00%
Published-31 Jul, 2020 | 17:45
Updated-16 Sep, 2024 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-multifactor_authentication_agentRSA Authentication Agent for Microsoft Windows
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2020-5376
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 13.54%
||
7 Day CHG~0.00%
Published-02 Sep, 2020 | 20:55
Updated-16 Sep, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_7347_biosinspiron_7347CPG BIOS
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 14
  • 15
  • Next
Details not found