Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-26868

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-02 Jun, 2022 | 21:00
Updated At-17 Sep, 2024 | 04:25
Rejected At-
Credits

Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:02 Jun, 2022 | 21:00
Updated At:17 Sep, 2024 | 04:25
Rejected At:
▼CVE Numbering Authority (CNA)

Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.

Affected Products
Vendor
Dell Inc.Dell
Product
PowerStore
Versions
Affected
  • From unspecified before PowerStore SW v2.1.1.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
3.16.4MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/000196367
x_refsource_MISC
Hyperlink: https://www.dell.com/support/kbdoc/000196367
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/000196367
x_refsource_MISC
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/000196367
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:02 Jun, 2022 | 21:15
Updated At:13 Jun, 2022 | 17:14

Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.4MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Dell Inc.
dell
>>powerstoreos>>Versions from 2.0.0.0(inclusive) to 2.1.1.0(exclusive)
cpe:2.3:o:dell:powerstoreos:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>powerstore_t>>-
cpe:2.3:h:dell:powerstore_t:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>powerstore_x>>-
cpe:2.3:h:dell:powerstore_x:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE-78Secondarysecurity_alert@emc.com
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-78
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/000196367security_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/000196367
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

646Records found
CVE-2023-32486
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 16.81%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 13:24
Updated-08 Oct, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. A low privilege local attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2023-32460
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.05% / 13.23%
||
7 Day CHG~0.00%
Published-08 Dec, 2023 | 05:37
Updated-02 Aug, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r7515poweredge_fc430poweredge_t140_firmwarepoweredge_t560_firmwarepoweredge_xr12poweredge_r7515_firmwarepoweredge_fc630poweredge_r760xa_firmwarepoweredge_xe7420poweredge_mx750c_firmwarepoweredge_r530poweredge_m640_\(pe_vrtx\)poweredge_m830_\(pe_vrtx\)emc_xc_core_xc650_firmwarenx3330emc_nx440_firmwarepoweredge_t630_firmwareemc_xc_core_xc940poweredge_r330dss_8440poweredge_xe7440_firmwarepoweredge_t130poweredge_xe9680poweredge_r430poweredge_r840_firmwarepoweredge_t150_firmwarepoweredge_r830poweredge_m630_\(pe_vrtx\)xc730_hyperconverged_appliancepoweredge_c6320poweredge_r350_firmwarepoweredge_r750_firmwarepoweredge_xr8610tpoweredge_r440poweredge_xr4510cpoweredge_c6615poweredge_m830poweredge_r340poweredge_fc640_firmwarepoweredge_c6320_firmwarepoweredge_r750xspoweredge_t640_firmwarepoweredge_r830_firmwarepoweredge_r740xd2poweredge_t550_firmwarepoweredge_xr7620_firmwarepoweredge_r240_firmwarepoweredge_fc830_firmwarenx3230poweredge_r730xdpoweredge_r230poweredge_t350poweredge_fc630_firmwareemc_xc_core_xc740xd2poweredge_r740poweredge_xr2xc_core_xc660_firmwarexc730xd_hyperconverged_appliancepoweredge_r230_firmwarepoweredge_r440_firmwarepoweredge_t150poweredge_r630_firmwarepoweredge_xe9680_firmwarepoweredge_r650xspoweredge_fc830xc430_hyperconverged_applianceemc_xc_core_xc740xd2_firmwarexc_core_xc760poweredge_r730xd_firmwarepoweredge_c6620_firmwareemc_storage_nx3240poweredge_mx840cemc_xc_core_xc740xd_firmwarepoweredge_mx740cpoweredge_r730poweredge_r7525poweredge_t130_firmwaredss_8440_firmwarepoweredge_r6615_firmwareemc_xc_core_xc750xa_firmwareemc_xc_core_xc640_firmwarepoweredge_fc430_firmwareemc_storage_nx3240_firmwarepoweredge_r540_firmwarepoweredge_r740xdpoweredge_r740_firmwarepoweredge_r6415nx430_firmwareemc_xc_core_xc750poweredge_r760xs_firmwarepoweredge_r740xd2_firmwarepoweredge_r940xaemc_xc_core_xc750xapoweredge_t330_firmwarepoweredge_r7625poweredge_r450_firmwarepoweredge_r640poweredge_r7425poweredge_r7615poweredge_r760xd2poweredge_r750xs_firmwarepoweredge_t440_firmwarepoweredge_r930_firmwarenx430poweredge_hs5620_firmwareemc_xc_core_xc6520poweredge_m830_firmwarepoweredge_r7615_firmwarepoweredge_r250poweredge_r6515_firmwarepoweredge_r240poweredge_hs5610_firmwarepoweredge_r430_firmwareemc_xc_core_xc6520_firmwarepoweredge_xr4510c_firmwarepoweredge_r730_firmwarepoweredge_xr8620t_firmwareemc_xc_core_6420_firmwareemc_xc_core_xc450_firmwarexc630_hyperconverged_appliancepoweredge_m640xc730xd_hyperconverged_appliance_firmwarepoweredge_xr8620tpoweredge_t630poweredge_r750poweredge_r650_firmwarepoweredge_m640_\(pe_vrtx\)_firmwarepoweredge_r930xc_core_xc760_firmwarexc6320_hyperconverged_appliance_firmwarepoweredge_xe8640poweredge_t640poweredge_c6520_firmwareemc_xc_core_xc940_firmwareemc_storage_nx3340_firmwarepoweredge_r550_firmwareemc_xc_core_xc750_firmwarexc6320_hyperconverged_appliancepoweredge_r760xd2_firmwarepoweredge_c4140_firmwarexc_core_xc660poweredge_r250_firmwarepoweredge_r760_firmwarepoweredge_r550poweredge_mx840c_firmwarepoweredge_r660_firmwarepoweredge_c6525_firmwarepoweredge_c6525emc_xc_core_xc650emc_xc_core_xc740xdpoweredge_r6625_firmwarepoweredge_r6415_firmwarepoweredge_m830_\(pe_vrtx\)_firmwarepoweredge_r330_firmwarepoweredge_m630xc730_hyperconverged_appliance_firmwarepoweredge_c6615_firmwareemc_xc_core_xc640poweredge_t430_firmwareemc_xc_core_6420poweredge_xe7420_firmwarepoweredge_c6420_firmwarepoweredge_r7415_firmwarepoweredge_fc640poweredge_xe2420_firmwarepoweredge_r7415poweredge_r660poweredge_c4140poweredge_r940_firmwareemc_xc_core_xcxr2_firmwarepoweredge_xr11_firmwarexc430_hyperconverged_appliance_firmwarepoweredge_r860poweredge_r650poweredge_r650xs_firmwarepoweredge_r740xd_firmwarepoweredge_xr11poweredge_t140poweredge_xr12_firmwarepoweredge_xr8610t_firmwarepoweredge_c6620poweredge_xr4520cpoweredge_r7625_firmwarepoweredge_r760xapoweredge_xe9640_firmwareemc_xc_core_xc7525_firmwarepoweredge_t560emc_xc_core_xcxr2poweredge_mx740c_firmwarepoweredge_xr7620poweredge_xr5610_firmwarepoweredge_r640_firmwarepoweredge_t440nx3330_firmwarepoweredge_xr4520c_firmwarepoweredge_r940xa_firmwarepoweredge_r630poweredge_c4130_firmwarepoweredge_r7525_firmwarepoweredge_t330nx440poweredge_mx760c_firmwarepoweredge_r660xspoweredge_r6525poweredge_xe8545_firmwarepoweredge_c4130poweredge_r6615poweredge_mx760cpoweredge_xe9640poweredge_xe8545emc_xc_core_xc7525poweredge_r940poweredge_r750xapoweredge_r540poweredge_t550poweredge_m640_firmwarepoweredge_r660xs_firmwarepoweredge_hs5620poweredge_t340_firmwarepoweredge_r340_firmwarepoweredge_t430poweredge_xr2_firmwarepoweredge_r6515poweredge_xe2420poweredge_r760poweredge_r530_firmwareemc_xc_core_xc450poweredge_r6525_firmwarepoweredge_mx750cpoweredge_c6420poweredge_xe7440poweredge_r960poweredge_m630_firmwarepoweredge_r350emc_storage_nx3340poweredge_xe8640_firmwarepoweredge_r750xa_firmwarepoweredge_r840poweredge_r960_firmwarepoweredge_r760xspoweredge_c6520poweredge_m630_\(pe_vrtx\)_firmwarepoweredge_t340poweredge_xr5610poweredge_r450poweredge_hs5610poweredge_t350_firmwarexc630_hyperconverged_appliance_firmwarepoweredge_r860_firmwarepoweredge_r6625nx3230_firmwarepoweredge_r7425_firmwarePowerEdge Platform
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-32451
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 6.91%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 07:46
Updated-07 Nov, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation

Action-Not Available
Vendor-Dell Inc.
Product-display_managerDell Display Manager
CWE ID-CWE-272
Least Privilege Violation
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-32479
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.13%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 08:09
Updated-22 Aug, 2024 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-windowssecurity_management_serverencryptionendpoint_security_suite_enterpriseDell Security Management Server (Windows)Dell Endpoint Security Suite EnterpriseDell Encryptionsecurity_management_serverencryptionendpoint_security_suite_enterprise
CWE ID-CWE-284
Improper Access Control
CVE-2023-32476
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 11.30%
||
7 Day CHG~0.00%
Published-20 Jul, 2023 | 13:00
Updated-24 Oct, 2024 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability. An unauthenticated malicious user on the device can access hard coded secrets in javascript files.

Action-Not Available
Vendor-Dell Inc.
Product-hybrid_clientDell Hybrid Client (DHC)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-5343
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.02% / 3.45%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 18:50
Updated-17 Sep, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder.

Action-Not Available
Vendor-Dell Inc.
Product-os_recovery_image_for_microsoft_windows_10CPG SW
CWE ID-CWE-277
Insecure Inherited Permissions
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-28073
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.01% / 0.85%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 10:42
Updated-04 Dec, 2024 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5530precision_3570_firmwarelatitude_5530_firmwareprecision_3570CPG BIOS
CWE ID-CWE-287
Improper Authentication
CVE-2023-28072
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.10%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 15:38
Updated-30 Sep, 2024 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. A local malicious user could potentially send specially crafted requests to the .NET Remoting server to run arbitrary code on the system.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-28070
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 18.56%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 08:05
Updated-30 Jan, 2025 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-284
Improper Access Control
CVE-2020-5384
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.05% / 15.55%
||
7 Day CHG~0.00%
Published-31 Jul, 2020 | 17:45
Updated-16 Sep, 2024 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-multifactor_authentication_agentRSA Authentication Agent for Microsoft Windows
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2023-28066
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.04% / 12.01%
||
7 Day CHG~0.00%
Published-01 Jun, 2023 | 15:40
Updated-08 Jan, 2025 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-os_recovery_toolDell OS Recovery Tool
CWE ID-CWE-284
Improper Access Control
CVE-2023-28051
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.20%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 07:20
Updated-10 Feb, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)
CWE ID-CWE-284
Improper Access Control
CVE-2023-28047
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.85%
||
7 Day CHG~0.00%
Published-20 Apr, 2023 | 06:59
Updated-05 Feb, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges.

Action-Not Available
Vendor-Dell Inc.
Product-display_managerDell Display Manager
CWE ID-CWE-272
Least Privilege Violation
CVE-2023-28079
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.04% / 10.41%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 15:20
Updated-10 Jan, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Dell Inc.
Product-powerpathPowerPath Windows
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2016-8216
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.39% / 58.89%
||
7 Day CHG~0.00%
Published-03 Feb, 2017 | 07:24
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Action-Not Available
Vendor-n/aDell Inc.
Product-emc_data_domain_osEMC Data Domain DD OS EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10
CVE-2021-36343
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.88%
||
7 Day CHG~0.00%
Published-24 Jan, 2022 | 20:10
Updated-16 Sep, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_15_7570_firmwarelatitude_5401optiplex_7770_all-in-oneinspiron_3470latitude_e7270inspiron_7300_firmwarelatitude_3520precision_3561_firmwareinspiron_5590_firmwarelatitude_12_7280_ultrabook_firmwarelatitude_5179latitude_7380_firmwareinspiron_5570inspiron_7490latitude_14_rugged_5414latitude_e5270alienware_15_r3_firmwarelatitude_9420inspiron_5490_firmwarealienware_area_51m_r1_firmwarelatitude_5590optiplex_5080inspiron_5400_aioinspiron_5502latitude_5511dell_g7_7590_firmwareinspiron_7501inspiron_7300_2-in-1inspiron_7777_aioprecision_5530_2-in-1precision_5550inspiron_7580_firmwarealienware_m15_r1_firmwaredell_g5_5000_firmwarealienware_m17_r3_firmwarelatitude_5300latitude_3380_firmwareoptiplex_7760_aioprecision_5530_firmwareoptiplex_5040latitude_rugged_5420inspiron_13_7370_firmwareoptiplex_5050alienware_aurora_r11latitude_7320latitude_3470inspiron_15_gaming_7577latitude_7300optiplex_3050_aioprecision_3620_towerprecision_3431_toweroptiplex_3060_firmwareinspiron_5490_aio_firmwarelatitude_3420inspiron_3782latitude_3590_firmwarelatitude_7490_firmwarealienware_m15_r2latitude_13_7370_ultrabooklatitude_12_rugged_tablet_7212_firmwareprecision_5520inspiron_7490_firmwareinspiron_5409precision_5720_aiolatitude_7400latitude_5591optiplex_5270_all-in-one_firmwareinspiron_5477_aio_firmwaredell_g3_3579inspiron_3471inspiron_3511_firmwareinspiron_13_7000_firmwarelatitude_3390optiplex_5050_firmwareoptiplex_7071_firmwareinspiron_14_5410latitude_5175_firmwareinspiron_13_7370inspiron_7586optiplex_3040_firmwarelatitude_3400optiplex_5070dell_g15_5510_firmwarelatitude_3420_firmwareinspiron_13_5378_firmwareinspiron_5491_2-in-1_firmwareinspiron_3277_aio_firmwareoptiplex_3090_firmwareoptiplex_3240_all-in-oneinspiron_7506_2-in-1_firmwarelatitude_7320_detachable_firmwarelatitude_9410optiplex_7070latitude_3570dell_g7_7700_firmwareoptiplex_7080_firmwareinspiron_5491_aio_firmwareinspiron_15_5578_firmwarelatitude_5310latitude_rugged_7424_firmwarelatitude_3301inspiron_5594alienware_aurora_r8alienware_x15_r1precision_3450latitude_7480_firmwareinspiron_7777_aio_firmwareoptiplex_7090_uff_firmwarelatitude_e5470_firmwarechengming_3977latitude_3190inspiron_3510_firmwarelatitude_13_7390_2-in-1_firmwarealienware_aurora_r8_firmwareinspiron_5580_firmwareinspiron_3881_firmwarelatitude_rugged_7424latitude_5488latitude_5521latitude_7380optiplex_5480_all-in-one_firmwareprecision_3540alienware_aurora_r11_firmwareinspiron_7510_firmwareinspiron_3580_firmwarelatitude_7520inspiron_3781_firmwareinspiron_15_gaming_7577_firmwareinspiron_3510inspiron_3280_firmwarelatitude_3310latitude_7414_rugged_extreme_firmwarelatitude_5290_2-in-1inspiron_5482precision_7820_toweroptiplex_3090latitude_7290dell_g3_3500_firmwarealienware_area_51m_r1inspiron_5402inspiron_3582inspiron_7700_aiolatitude_7480inspiron_7391_firmwareinspiron_5593latitude_5420_firmwareprecision_3561inspiron_7580inspiron_3668inspiron_5770alienware_m17_r2_firmwarelatitude_3580precision_5820_tower_firmwareinspiron_3668_firmwareinspiron_3493_firmwarelatitude_3190_2-in-1_firmwareinspiron_5480_firmwareinspiron_3590latitude_7210_2-in-1inspiron_3472latitude_3551optiplex_xe3_firmwareinspiron_7590optiplex_7070_firmwareoptiplex_5270_all-in-oneoptiplex_xe3precision_5510latitude_3301_firmwareinspiron_3502latitude_5491latitude_9520_firmwareoptiplex_7040inspiron_7386alienware_aurora_r12latitude_5520_firmwareoptiplex_5480_all-in-oneinspiron_5591_2-in-1_firmwarelatitude_5400latitude_5410precision_3541optiplex_7050_firmwarelatitude_3379_firmwarelatitude_5401_firmwarealienware_m17_r3precision_5820_towerinspiron_3477_aio_firmwareinspiron_7380inspiron_7610latitude_7275_2-in-1_firmwaredell_g7_7588dell_g3_3779inspiron_5400_2-in-1dell_g7_7790_firmwareoptiplex_7770_all-in-one_firmwarelatitude_5400_firmwareinspiron_7610_firmwareinspiron_5400_2-in-1_firmwareinspiron_7391alienware_m17_r4optiplex_7460_all_in_one_firmwarelatitude_rugged_7220ex_firmwareprecision_3440optiplex_7470_all-in-oneoptiplex_5250_firmwareinspiron_5680_firmwarealienware_m15_r3_firmwareinspiron_3576inspiron_3671_firmwareinspiron_7500_2-in-1_firmwareprecision_3550_firmwarelatitude_3310_firmwareinspiron_3781inspiron_3576_firmwareinspiron_5300_firmwareinspiron_3472_firmwarelatitude_3570_firmwareoptiplex_3050_firmwareinspiron_7590_firmwareinspiron_7791_firmwaredell_g7_7588_firmwareoptiplex_5090_towerinspiron_15_3567alienware_m15_r2_firmwareprecision_7920_towerdell_g7_7500_firmwareinspiron_5570_firmwarelatitude_7400_2-in-1_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530inspiron_3582_firmwarelatitude_5411_firmwarelatitude_3510_firmwareinspiron_3470_firmwareinspiron_3593inspiron_5370inspiron_15_5518_firmwarelatitude_13_7370_ultrabook_firmwareinspiron_3481_firmwareprecision_5530latitude_7275_2-in-1dell_g15_5511latitude_7310_firmwareoptiplex_7440_aioinspiron_15_5579_firmwareinspiron_7306_2-in-1inspiron_3790_firmwarelatitude_9510optiplex_3280_all-in-oneinspiron_5770_firmwareinspiron_7586_firmwaredell_g7_7590latitude_3180_firmwarealienware_m17_r1_firmwareinspiron_3581_firmwareinspiron_17_7773latitude_9510_firmwareinspiron_5406_2-in-1optiplex_5490_aio_firmwaredell_g5_5090latitude_3490_firmwarelatitude_5300_2-in-1_firmwareoptiplex_7070_uffinspiron_3511inspiron_5410inspiron_13_7373_firmwarelatitude_5280latitude_5179_firmwareoptiplex_7780_all-in-oneinspiron_5490inspiron_15_5578inspiron_3501_firmwarelatitude_5300_firmwareinspiron_3880inspiron_5580latitude_5480_firmwareprecision_3930_rackinspiron_5391inspiron_5598inspiron_3482dell_g3_3579_firmwarelatitude_5320_firmwareoptiplex_3080alienware_m17_r1latitude_3480precision_3240_cff_firmwareinspiron_3782_firmwareprecision_5750alienware_m15_r4latitude_rugged_5424_firmwareoptiplex_7460_all_in_oneinspiron_13_7373inspiron_7591inspiron_5477_aiolatitude_7310inspiron_14_5410_firmwareinspiron_7790latitude_5421_firmwareinspiron_7500inspiron_7790_firmwarealienware_13_r3latitude_3379optiplex_7480_all-in-onechengming_3990_firmwareprecision_3520_firmwareinspiron_5594_firmwarechengming_3980inspiron_7700_aio_firmwareoptiplex_7060latitude_5290_firmwareinspiron_13_5379_firmwareoptiplex_7480_all-in-one_firmwareoptiplex_3240_all-in-one_firmwarelatitude_7390latitude_3390_firmwareinspiron_3462_firmwarealienware_aurora_r12_firmwarelatitude_3520_firmwareinspiron_5490_aiolatitude_5285_2-in-1_firmwarechengming_3991_firmwareprecision_3510_firmwareinspiron_7400inspiron_7500_2-in-1dell_g5_5590_firmwareoptiplex_7470_all-in-one_firmwarelatitude_e7470precision_3630_tower_firmwareoptiplex_5040_firmwareinspiron_3581inspiron_13_7378inspiron_15_5566_firmwarelatitude_5488_firmwarealienware_17_r5_firmwareinspiron_3480_aio_firmwareoptiplex_7090_uffinspiron_5583inspiron_7500_firmwareprecision_3541_firmwareinspiron_5591_2-in-1alienware_m15_r1inspiron_15_7572inspiron_7506_2-in-1dell_g7_7587_firmwareinspiron_3476_firmwareinspiron_3480_aioinspiron_5680latitude_7200_2-in-1latitude_5511_firmwareinspiron_15_7573_firmwareoptiplex_7040_firmwareinspiron_5493precision_3550inspiron_3891_firmwarelatitude_7420_firmwareoptiplex_5070_firmwareinspiron_5501alienware_15_r4inspiron_5390_firmwarelatitude_3310_2-in-1optiplex_5090_tower_firmwaredell_g7_7500dell_g3_3590_firmwarelatitude_5490alienware_m17_r2inspiron_7390_firmwareprecision_5720_aio_firmwarelatitude_3190_2-in-1optiplex_7071inspiron_3277_aioinspiron_3891inspiron_7786latitude_9410_firmwarelatitude_5310_2_in_1_firmwarelatitude_12_5289_2-in-1_firmwarelatitude_e7270_firmwarelatitude_5280_firmwarelatitude_3180inspiron_7300_2-in-1_firmwareinspiron_7706_2-in-1_firmwaredell_g7_7790inspiron_3268latitude_12_rugged_extreme_7214_firmwarelatitude_5300_2-in-1latitude_e5470optiplex_3070_firmwarelatitude_7410_firmwarelatitude_12_rugged_tablet_7212latitude_e7470_firmwareoptiplex_5260_all-in-onedell_g3_3500inspiron_3476optiplex_7090_tower_firmwareinspiron_5491_aioinspiron_13_5378inspiron_3780inspiron_7380_firmwareinspiron_3462latitude_7390_firmwaredell_g3_3590latitude_5500_firmwarelatitude_5410_firmwarelatitude_3400_firmwarelatitude_3510precision_3560_firmwareinspiron_3502_firmwareinspiron_5584precision_3520inspiron_17_7773_firmwarelatitude_e5570latitude_13_7389_2-in-1_firmwareinspiron_3880_firmwareinspiron_5310_firmwareinspiron_5501_firmwareoptiplex_3050precision_7820_tower_firmwareoptiplex_5080_firmwareinspiron_15_7570latitude_e5270_firmwareinspiron_5493_firmwarelatitude_rugged_5420_firmwareinspiron_3480_firmwarealienware_m15_r3optiplex_5060_firmwareinspiron_13_7000latitude_3470_firmwarealienware_m17_r4_firmwarealienware_x17_r1inspiron_3790latitude_rugged_5424inspiron_15_5566latitude_3190_firmwareinspiron_5494dell_g3_3779_firmwarelatitude_5500inspiron_15_5582inspiron_5508_firmwarelatitude_3500_firmwaredell_g15_5511_firmwarechengming_3991latitude_5288_firmwareinspiron_5400_aio_firmwareinspiron_5480inspiron_7501_firmwareoptiplex_7760_aio_firmwarelatitude_5290_2-in-1_firmwareinspiron_3471_firmwareinspiron_7791latitude_5501latitude_7400_firmwarelatitude_3590precision_3450_firmwareinspiron_7472_firmwarechengming_3990inspiron_5301optiplex_7090_towerlatitude_5491_firmwareinspiron_3493precision_5750_firmwareoptiplex_3060optiplex_5060latitude_5285_2-in-1chengming_3988_firmwareinspiron_5482_firmwarelatitude_3410_firmwarelatitude_5520inspiron_7510inspiron_7400_firmwareoptiplex_7490_aio_firmwareprecision_3530_firmwarelatitude_3320inspiron_5583_firmwarelatitude_5580_firmwarelatitude_3189precision_3240_cffinspiron_7472latitude_5175inspiron_14_3467_firmwareembedded_box_pc_5000latitude_3320_firmwareinspiron_3580inspiron_7386_firmwareoptiplex_7080alienware_aurora_r9inspiron_15_5518alienware_area_51m_r2_firmwarelatitude_13_7390_2-in-1alienware_m15_r4_firmwarelatitude_5480alienware_15_r3inspiron_5310latitude_14_rugged_5414_firmwareoptiplex_3046latitude_13_7389_2-in-1inspiron_15_5582_firmwarealienware_x15_r1_firmwarelatitude_7300_firmwarelatitude_5421latitude_9420_firmwarelatitude_5510inspiron_5401_aio_firmwareinspiron_3593_firmwareoptiplex_7780_all-in-one_firmwareinspiron_5481inspiron_5494_firmwareprecision_3440_firmwareprecision_5530_2-in-1_firmwarealienware_x17_r1_firmwareinspiron_7786_firmwareprecision_3640_firmwarelatitude_3310_2-in-1_firmwareinspiron_15_5579latitude_5320inspiron_3477_aiolatitude_5310_2_in_1latitude_7410inspiron_3590_firmwarelatitude_5501_firmwareoptiplex_3280_all-in-one_firmwarelatitude_5411latitude_12_rugged_extreme_7214optiplex_7450_firmwareinspiron_7306_2-in-1_firmwareoptiplex_7450optiplex_3050_aio_firmwaredell_g5_5090_firmwaredell_g7_7587inspiron_15_3567_firmwareinspiron_5509latitude_3480_firmwarelatitude_3189_firmwarelatitude_7320_detachablelatitude_9520alienware_17_r5inspiron_15_3573_firmwareinspiron_5406_2-in-1_firmwareinspiron_5498optiplex_7440_aio_firmwarelatitude_7420inspiron_7591_firmwarelatitude_5290inspiron_5300inspiron_7706_2-in-1inspiron_5508precision_5550_firmwarechengming_3980_firmwareinspiron_5491_2-in-1latitude_3120_firmwarelatitude_5590_firmwareinspiron_15_7572_firmwareinspiron_5590inspiron_5301_firmwareinspiron_14_3467inspiron_3671inspiron_5408_firmwareinspiron_5498_firmwareprecision_5540alienware_17_r4inspiron_15_3573inspiron_14_3473inspiron_3480latitude_7520_firmwarelatitude_3490precision_3930_rack_firmwaredell_g5_5590inspiron_3670latitude_5420inspiron_7300inspiron_3793_firmwareinspiron_5402_firmwareinspiron_7390latitude_12_7280_ultrabookprecision_3430_tower_firmwarelatitude_3300_firmwarealienware_15_r4_firmwarelatitude_7400_2-in-1inspiron_3490latitude_7210_2-in-1_firmwarelatitude_5510_firmwareinspiron_3670_firmwareoptiplex_7490_aioinspiron_5410_firmwarelatitude_e5570_firmwareinspiron_5408precision_3540_firmwareoptiplex_3046_firmwareinspiron_3482_firmwarelatitude_12_7285_firmwarelatitude_3380dell_g5_5500precision_3431_tower_firmwaredell_g7_7700optiplex_3080_firmwarelatitude_3410precision_5510_firmwarelatitude_rugged_7220precision_3420_towerinspiron_3881latitude_7414_rugged_extremeprecision_3420_tower_firmwarealienware_area_51m_r2dell_g5_5000latitude_5490_firmwarelatitude_5591_firmwareinspiron_3501alienware_13_r3_firmwarelatitude_3500latitude_5310_firmwareinspiron_3793precision_3430_towerinspiron_5481_firmwareprecision_5520_firmwareoptiplex_5490_aiochengming_3988latitude_3300latitude_5580precision_3620_tower_firmwareinspiron_5584_firmwareprecision_5540_firmwareinspiron_5401_firmwaredell_g5_5500_firmwareinspiron_3268_firmwarelatitude_7320_firmwarelatitude_12_7285latitude_3120latitude_12_5289_2-in-1latitude_rugged_7220_firmwareprecision_3560inspiron_5401_aioprecision_3640alienware_17_r4_firmwareoptiplex_5260_all-in-one_firmwarelatitude_rugged_7220exinspiron_5509_firmwareinspiron_5593_firmwarelatitude_7200_2-in-1_firmwareprecision_3630_towerlatitude_3580_firmwareinspiron_5598_firmwarealienware_aurora_r9_firmwareoptiplex_3070inspiron_13_7378_firmwareinspiron_3280optiplex_3040latitude_7290_firmwareinspiron_5370_firmwarelatitude_3551_firmwarechengming_3977_firmwareinspiron_5391_firmwareinspiron_5502_firmwareembedded_box_pc_5000_firmwareinspiron_15_7573optiplex_7050inspiron_3490_firmwareinspiron_5409_firmwareprecision_3510inspiron_13_5379inspiron_5390latitude_5288latitude_7490optiplex_7060_firmwareoptiplex_7070_uff_firmwarelatitude_5521_firmwareinspiron_5401inspiron_14_3473_firmwareoptiplex_5250precision_7920_tower_firmwaredell_g15_5510CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2023-25543
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.91%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 06:31
Updated-02 Aug, 2024 | 11:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-36290
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.11% / 30.44%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 19:50
Updated-16 Sep, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges.

Action-Not Available
Vendor-Dell Inc.
Product-vnxe1600vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX2
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-25537
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 8.12%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 10:48
Updated-21 Jan, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.

Action-Not Available
Vendor-Dell Inc.
Product-emc_xc_core_6420_firmwareemc_xc_core_xcxr2poweredge_r440_firmwarepoweredge_m640poweredge_mx740c_firmwarepoweredge_xe7420poweredge_r640_firmwarepoweredge_t440emc_xc_core_xc740xd2_firmwarepoweredge_r940xa_firmwareemc_xc_core_xc940emc_storage_nx3240poweredge_mx840cdss_8440poweredge_t640poweredge_mx740cpoweredge_xe7440_firmwareemc_xc_core_xc740xd_firmwareemc_xc_core_xc940_firmwareemc_storage_nx3340_firmwaredss_8440_firmwareemc_xc_core_xc640_firmwarepoweredge_r840_firmwarepoweredge_c4140_firmwarepoweredge_r940poweredge_r540emc_storage_nx3240_firmwarepoweredge_m640_firmwarepoweredge_mx840c_firmwarepoweredge_r540_firmwarepoweredge_r740xdpoweredge_r740_firmwarepoweredge_r440poweredge_r740xd2_firmwareemc_xc_core_xc740xdpoweredge_xr2_firmwarepoweredge_xe2420poweredge_r940xapoweredge_xe7440poweredge_c6420poweredge_fc640_firmwareemc_xc_core_xc640emc_storage_nx3340emc_xc_core_6420poweredge_r640poweredge_t640_firmwarepoweredge_c6420_firmwarepoweredge_r740xd2poweredge_r840poweredge_xe7420_firmwarepoweredge_fc640poweredge_xe2420_firmwarepoweredge_c4140poweredge_r940_firmwarepoweredge_t440_firmwareemc_xc_core_xcxr2_firmwarepoweredge_r740xd_firmwareemc_xc_core_xc740xd2poweredge_r740poweredge_xr2PowerEdge Platform
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25542
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.04% / 10.80%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 06:17
Updated-10 Feb, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-trusted_device_agent Dell Trusted Device Client
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-25941
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.28%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 10:22
Updated-11 Feb, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-24569
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.58%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 12:57
Updated-24 Mar, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-20
Improper Input Validation
CVE-2023-24575
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.90%
||
7 Day CHG~0.00%
Published-21 Feb, 2023 | 04:03
Updated-12 Mar, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system

Action-Not Available
Vendor-Dell Inc.
Product-multifunction_printer_e525w_driver_and_software_suiteDell Multifunction Printer E525w Driver and Software Suite
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2024-33225
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.71%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 15:15
Updated-13 Feb, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtek(r) High Definition Audio Function Driver v6.0.9549.1 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

Action-Not Available
Vendor-n/aDell Inc.
Product-n/arealtek_high_definition_audio_driver
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-15778
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.64%
||
7 Day CHG~0.00%
Published-04 Feb, 2019 | 22:00
Updated-17 Sep, 2024 | 02:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DSA-2019-019: Dell Networking OS10 OS Command Injection Vulnerability

Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI).

Action-Not Available
Vendor-Dell Inc.
Product-networking_os10Dell Networking OS10
CWE ID-CWE-20
Improper Input Validation
CVE-2018-15782
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.7||HIGH
EPSS-0.04% / 8.85%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 20:00
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DSA-2018-226: RSA® Authentication Manager Relative Path Traversal Vulnerability

The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-authentication_managerRSA Authentication Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-23696
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.08% / 24.10%
||
7 Day CHG~0.00%
Published-07 Feb, 2023 | 09:49
Updated-25 Mar, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system.

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_intel_vpro_out_of_bandDell Command Intel vPro Out of Band (DCIV)
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-22572
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.42%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 12:54
Updated-26 Mar, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-22576
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.02% / 2.89%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 09:44
Updated-23 Aug, 2024 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerDell Repository Manager (DRM)repository_manager
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-28961
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 16.99%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 08:25
Updated-03 Feb, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This could lead to further attacks, thus Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_enterpriseDell OpenManage Enterpriseopenmanage_enterprise
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-28068
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.04% / 12.31%
||
7 Day CHG~0.00%
Published-05 May, 2023 | 06:41
Updated-29 Jan, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_monitorDell Command Monitor (DCM)
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-5316
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.43%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 17:00
Updated-17 Sep, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsDell SupportAssist Client
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-5342
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.57%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 19:45
Updated-16 Sep, 2024 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryDell Digital Delivery (Cirrus)
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-45099
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.01%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 05:03
Updated-26 Mar, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-261
Weak Encoding for Password
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-22450
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.4||HIGH
EPSS-0.09% / 25.58%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 07:08
Updated-31 Jan, 2025 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)alienware_command_center
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-22452
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.10% / 28.66%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 13:08
Updated-31 Jan, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitrary code, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-display_and_peripheral_managerDell Display and Peripheral Manager display_manager
CWE ID-CWE-264
Not Available
CVE-2020-29489
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 3.47%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_vsa_operating_environmentemc_unity_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-53289
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.77%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 07:40
Updated-04 Feb, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-thinosWyse Proprietary OS (Modern ThinOS)
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2022-34459
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.10%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 04:28
Updated-27 Mar, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_updatecommand_updateupdateDell Command Update (DCU)
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-34462
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.05% / 15.78%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 06:51
Updated-20 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges.

Action-Not Available
Vendor-Dell Inc.
Product-policy_manager_for_secure_connect_gatewaySecure Connect Gateway (SCG) Policy Manager
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-34443
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.90%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 04:19
Updated-27 Mar, 2025 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint. A Local Low Privilege attacker could potentially exploit this vulnerability, leading to an Escalation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-rugged_control_centerRugged Control Center (RCC)
CWE ID-CWE-20
Improper Input Validation
CVE-2022-34373
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.09% / 25.96%
||
7 Day CHG~0.00%
Published-31 Aug, 2022 | 20:05
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system.

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_integration_suite_for_system_centerCPG SW
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34457
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.07%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 11:38
Updated-03 Apr, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.

Action-Not Available
Vendor-Dell Inc.
Product-command\|configureDell Command Configure (DCC)
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-34387
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 7.10%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:15
Updated-26 Mar, 2025 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist
CWE ID-CWE-377
Insecure Temporary File
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-34396
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.04% / 9.49%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 05:24
Updated-26 Mar, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_server_administratorOpenManage Server Administrator (OMSA)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-34390
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.03% / 5.60%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 19:25
Updated-12 May, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_area-51_r4_firmwarealienware_area-51_r5_firmwarealienware_area-51_r5alienware_area-51_r4CPG BIOS
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2022-33921
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.12% / 31.44%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 19:25
Updated-15 May, 2025 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.

Action-Not Available
Vendor-Dell Inc.
Product-geodriveGeoDrive
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-34384
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.07%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:03
Updated-26 Mar, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcscommand_updatesupportassist_for_home_pcsupdatealienware_updateSupportAssist Client Consumer
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-33919
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.56%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 19:25
Updated-15 May, 2025 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell GeoDrive, versions 2.1 - 2.2, contains an information disclosure vulnerability in GUI. An authenticated non-admin user could potentially exploit this vulnerability and view sensitive information.

Action-Not Available
Vendor-Dell Inc.
Product-geodriveGeoDrive
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-34391
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.02% / 4.30%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 19:25
Updated-16 May, 2025 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_area-51_r4_firmwarealienware_area-51_r5_firmwarealienware_area-51_r5alienware_area-51_r4CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 12
  • 13
  • Next
Details not found