ByteOS

Matching Score-10

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.05% / 15.50%

||

7 Day CHG~0.00%

Published-01 Feb, 2023 | 04:19

Updated-27 Mar, 2025 | 14:11

Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint. A Local Low Privilege attacker could potentially exploit this vulnerability, leading to an Escalation of privileges.

Vendor-Dell Inc.

Product-rugged_control_center Rugged Control Center (RCC)

CWE ID-CWE-20

Improper Input Validation

CVE-2022-32488

Matching Score-10

Assigner-Dell

Matching Score-10

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.05% / 15.14%

||

7 Day CHG~0.00%

Published-12 Oct, 2022 | 19:25

Updated-15 May, 2025 | 15:38

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-32487

Matching Score-10

Assigner-Dell

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.05% / 15.14%

||

7 Day CHG~0.00%

Published-12 Oct, 2022 | 19:25

Updated-15 May, 2025 | 17:48

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-32485

Matching Score-10

Assigner-Dell

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.05% / 15.14%

||

7 Day CHG~0.00%

Published-12 Oct, 2022 | 19:25

Updated-16 May, 2025 | 13:45

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-26864

Matching Score-10

Assigner-Dell

Matching Score-10

Assigner-Dell

CVSS Score-6.3||MEDIUM

EPSS-0.04% / 10.78%

||

7 Day CHG~0.00%

Published-23 Jun, 2022 | 17:55

Updated-16 Sep, 2024 | 20:11

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-26862

Matching Score-10

Assigner-Dell

Matching Score-10

Assigner-Dell

CVSS Score-6.3||MEDIUM

EPSS-0.04% / 10.78%

||

7 Day CHG~0.00%

Published-23 Jun, 2022 | 17:55

Updated-16 Sep, 2024 | 17:49

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2020-26193

Matching Score-10

Assigner-Dell

Matching Score-10

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.13% / 32.72%

||

7 Day CHG~0.00%

Published-09 Feb, 2021 | 21:25

Updated-16 Sep, 2024 | 21:57

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2024-32860

Matching Score-10

Assigner-Dell

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 13.51%

||

7 Day CHG~0.00%

Published-13 Jun, 2024 | 13:00

Updated-16 Aug, 2024 | 16:46

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-32859

Matching Score-10

Assigner-Dell

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 13.51%

||

7 Day CHG~0.00%

Published-13 Jun, 2024 | 12:39

Updated-19 Sep, 2024 | 16:24

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-32858

Matching Score-10

Assigner-Dell

Matching Score-10

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 13.51%

||

7 Day CHG~0.00%

Published-13 Jun, 2024 | 12:48

Updated-24 Sep, 2024 | 17:45

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-28976

Matching Score-10

Assigner-Dell

Matching Score-10

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-0.06% / 18.56%

||

7 Day CHG~0.00%

Published-24 Apr, 2024 | 08:01

Updated-21 Jan, 2025 | 18:50

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the running web application.

Vendor-Dell Inc.

Product-repository_manager Dell Repository Manager (DRM) repository_manager

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2023-24569

Matching Score-10

Assigner-Dell

Matching Score-10

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.05% / 15.50%

||

7 Day CHG~0.00%

Published-10 Feb, 2023 | 12:57

Updated-24 Mar, 2025 | 18:37

Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.

Vendor-Dell Inc.

Product-alienware_command_center Alienware Command Center (AWCC)

CWE ID-CWE-20

Improper Input Validation

CVE-2022-26863

Matching Score-10

Assigner-Dell

Matching Score-10

Assigner-Dell

CVSS Score-6.3||MEDIUM

EPSS-0.04% / 10.78%

||

7 Day CHG~0.00%

Published-23 Jun, 2022 | 17:55

Updated-16 Sep, 2024 | 20:48

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2025-30099

Matching Score-8

Assigner-Dell

Product-data_domain_operating_system PowerProtect Data Domain Feature Release PowerProtect Data Domain LTS2024 PowerProtect Data Domain LTS 2023

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.03% / 9.43%

||

7 Day CHG~0.00%

Published-04 Aug, 2025 | 14:47

Updated-26 Feb, 2026 | 17:49

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Vendor-Dell Inc.

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2025-27689

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.06% / 18.28%

||

7 Day CHG~0.00%

Published-12 Jun, 2025 | 20:36

Updated-26 Feb, 2026 | 17:50

Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Vendor-Dell Inc.

Product-idrac_tools iDRAC Tools

CWE ID-CWE-284

Improper Access Control

CVE-2022-46756

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.07% / 20.12%

||

7 Day CHG~0.00%

Published-01 Feb, 2023 | 05:37

Updated-27 Mar, 2025 | 13:25

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

Vendor-Dell Inc.

Product-vxrail_manager VxRail HCI

CWE ID-CWE-668

Exposure of Resource to Wrong Sphere

CVE-2025-26331

Matching Score-8

Assigner-Dell

Product-latitude_3420 optiplex_3000_thin_client latitude_5440 wyse_5470_all-in-one_thin_client optiplex_7420_all-in-one latitude_5450 latitude_3440 optiplex_5400_all-in-one optiplex_7410_all-in-one wyse_5070_thin_client thinos wyse_5470_mobile_thin_client Wyse Proprietary OS (Modern ThinOS)

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.19% / 41.40%

||

7 Day CHG+0.15%

Published-07 Mar, 2025 | 08:06

Updated-26 Feb, 2026 | 19:09

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Vendor-Dell Inc.

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2022-45099

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.22%

||

7 Day CHG~0.00%

Published-01 Feb, 2023 | 05:03

Updated-26 Mar, 2025 | 20:20

Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise

Vendor-Dell Inc.

CWE ID-CWE-261

Weak Encoding for Password

CWE ID-CWE-276

Incorrect Default Permissions

CVE-2025-24377

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.10% / 27.69%

||

7 Day CHG~0.00%

Published-28 Mar, 2025 | 02:16

Updated-26 Feb, 2026 | 19:09

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

Vendor-Dell Inc.

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2025-24379

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.10% / 27.74%

||

7 Day CHG~0.00%

Published-28 Mar, 2025 | 02:09

Updated-26 Feb, 2026 | 19:09

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Vendor-Dell Inc.

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2025-24378

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.10% / 27.74%

||

7 Day CHG~0.00%

Published-28 Mar, 2025 | 02:12

Updated-26 Feb, 2026 | 19:09

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Vendor-Dell Inc.

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2025-24386

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.10% / 27.74%

||

7 Day CHG~0.00%

Published-28 Mar, 2025 | 02:19

Updated-26 Feb, 2026 | 19:08

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Vendor-Dell Inc.

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-48670

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.04% / 11.94%

||

7 Day CHG~0.00%

Published-22 Dec, 2023 | 15:57

Updated-25 Feb, 2026 | 16:34

Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges.

Vendor-Dell Inc.

Product-supportassist_for_home_pcs SupportAssist Client Consumer

CWE ID-CWE-426

Untrusted Search Path

CVE-2024-53289

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.08% / 22.91%

||

7 Day CHG~0.00%

Published-11 Dec, 2024 | 07:40

Updated-04 Feb, 2025 | 16:13

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Vendor-Dell Inc.

Product-thinos Wyse Proprietary OS (Modern ThinOS)

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2023-44283

Matching Score-8

Assigner-Dell

Product-supportassist_for_business_pcs supportassist_for_home_pcs SupportAssist for Home PCs SupportAssist for Business PCs supportassist_for_business_pcs supportassist_for_home_pcs

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.05% / 15.80%

||

7 Day CHG~0.00%

Published-14 Feb, 2024 | 07:49

Updated-17 Oct, 2024 | 14:29

In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.

Vendor-Dell Inc.

CWE ID-CWE-284

Improper Access Control

CVE-2025-23375

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.06% / 18.28%

||

7 Day CHG~0.00%

Published-28 Apr, 2025 | 14:28

Updated-26 Feb, 2026 | 18:28

Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Vendor-Dell Inc.

Product-powerprotect_data_manager PowerProtect Data Manager

CWE ID-CWE-648

Incorrect Use of Privileged APIs

CVE-2025-22399

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.9||HIGH

EPSS-0.06% / 17.16%

||

7 Day CHG~0.00%

Published-11 Feb, 2025 | 16:24

Updated-06 Dec, 2025 | 00:48

Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request forgery

Vendor-Dell Inc.

Product-utility_configuration_collector_edge UCC Edge

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2021-21503

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.12% / 30.64%

||

7 Day CHG~0.00%

Published-08 Mar, 2021 | 21:44

Updated-17 Sep, 2024 | 03:43

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation.

Vendor-Dell Inc.

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-21531

Matching Score-8

Assigner-Dell

Product-unisphere_for_powermax_virtual_appliance unisphere_for_powermax solutions_enabler_virtual_appliance powermax_os solutions_enabler Unisphere for PowerMax

Matching Score-8

Assigner-Dell

CVSS Score-8.1||HIGH

EPSS-0.14% / 34.84%

||

7 Day CHG~0.00%

Published-30 Apr, 2021 | 21:10

Updated-17 Sep, 2024 | 03:48

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.

Vendor-Dell Inc.

CWE ID-CWE-602

Client-Side Enforcement of Server-Side Security

CWE ID-CWE-669

Incorrect Resource Transfer Between Spheres

CVE-2021-21551

Matching Score-8

Assigner-Dell

Product-xps_13_9370 latitude_7210_2_in_1 wyse_5470 inspiron_7391_2-in-1 precision_7540 latitude_5280_mobile_thin_client optiplex_7460_all-in-one vostro_5300 inspiron_3493 inspiron_7386 latitude_5310 latitude_3301 precision_3541 vostro_14_5468 xps_9530 precision_3530 inspiron_5348 optiplex_5260_all-in-one inspiron_3847 inspiron_7786 vostro_3480 inspiron_3647 inspiron_5770 inspiron_5480 latitude_e7270_mobile_thin_client wyse_5070 vostro_3501 inspiron_14-5459 inspiron_5300 optiplex_7450_all-in-one latitude_12_rugged_tablet_7212 vostro_5880 inspiron_3442 optiplex_3080 precision_t1700 latitude_rugged_5424 vostro_5391 latitude_e6430_atg latitude_3300 optiplex_3090_ultra latitude_5401 latitude_7400_2in1 vostro_3580 chengming_3991 latitude_5420 inspiron_14-3452 latitude_5500 precision_t3610 latitude_5410 inspiron_one_2020 vostro_1450 latitude_5300 inspiron_3168 vostro_14_5471 inspiron_660 vostro_3591 latitude_5280 optiplex_390 precision_7530 inspiron_17_5767 optiplex_5050 inspiron_3580 inspiron_7586 latitude_5590 latitude_3550 latitude_3390 optiplex_5040 precision_3930_rack g7_7500 cheng_ming_3967 inspiron_7490 latitude_7285 latitude_e7270 latitude_e7450 optiplex_5480_aio precision_5820_tower inspiron_17-5759 precision_7740 latitude_e6440 inspiron_1545 latitude_7389 vostro_3900 inspiron_3671 latitude_3560 inspiron_5402 latitude_e7440 alienware_m17xr4 vostro_3491 vostro_5502 latitude_3490 inspiron_5494 vostro_3668 latitude_5288 inspiron_5323 inspiron_3881 inspiron_3490 optiplex_3050_aio inspiron_15z precision_m6600 canvas_27 vostro_7500 latitude_e6330 chengming_3988 g7_7590 inspiron_5521 latitude_14_rugged_5414 optiplex_5250_all-in-one optiplex_7480_aio vostro_5490 vostro_5090 latitude_3480 inspiron_5485_2-in-1 vostro_20_3055 inspiron_7737 latitude_7420 vostro_3471 precision_7920_tower inspiron_5408 latitude_3570 xps_8940 inspiron_3581 precision_5540 latitude_e5570 vostro_3660 xps_15_9500 latitude_12_rugged_extreme_7214 vostro_5491 latitude_5520 vostro_3890 precision_m4700 xps_13_9300 inspiron_3043 xps_9550 vostro_5410 g5_5500 inspiron_15_5566 inspiron_14_7460 inspiron_7300 gaming_g3_3590 latitude_3120 inspiron_5400_2-in-1 precision_t7500 alienware_asm100 precision_7710 vostro_3401 inspiron_7520 alienware_17_51m_r2 inspiron_3481 vostro_3681 precision_3620_tower inspiron_1210 thunderbolt_dock_tb18dc latitude_xt3 latitude_5550 precision_7550 alienware_m14xr2 inspiron_2330 latitude_14_rugged_extreme_7404 thunderbolt_dock_tb16 latitude_5289 inspiron_5576 xps_15_9575_2-in-1 vostro_5480 inspiron_3157 inspiron_3471 g5_5000 inspiron_5590 latitude_3189 inspiron_11-3162 alienware_m15_r4 inspiron_3268 inspiron_15_5567 inspiron_5443 latitude_14_rugged_extreme_7414 xps_13_9310 xps_13_9365_2-in-1 g5_5090 latitude_e5540 optiplex_5060 inspiron_3880 optiplex_xe2 inspiron_7501 latitude_5290 latitude_3400 precision_3430_xl inspiron_7591_2-in-1 precision_m4600 xps_one_2710 inspiron_5520 inspiron_3593 optiplex_3070 latitude_e5440 vostro_3500 optiplex_3240_all-in-one latitude_5175 vostro_3470 vostro_5481 inspiron_3543 latitude_e6320 xps_13_9343 inspiron_7472 precision_17_m5750 inspiron_14_gaming_7466 latitude_3190_2-in-1 latitude_e7250 vostro_3888 inspiron_15_7572 inspiron_7500_2-in-1_black vostro_230 inspiron_7359 inspiron_3668 precision_t5610 vostro_5501 latitude_e5430 precision_3550 wyse_7040_thin_client latitude_7290 optiplex_7071 vostro_3400 chengming_3977 inspiron_5570 optiplex_9010 vostro_3901 inspiron_3790 inspiron_7368 vostro_5581 inspiron_13_5370 latitude_3480_mobile_thin_client latitude_7390 inspiron_7537 optiplex_9030_aio inspiron_5491_2-in-1 inspiron_7300_2-in-1 vostro_3252 vostro_5390 latitude_rugged_extreme_7424 g15_5510 inspiron_1564 optiplex_5055_a-serial precision_3431_tower precision_t7810 vostro_3010 vostro_3267 latitude_e5420 inspiron_5676 inspiron_7558 latitude_rugged_extreme_tablet_7220 latitude_3190 xps_17_9700 inspiron_5584 optiplex_7760_aio latitude_e6540 inspiron_7500 optiplex_3046 xps_7590 dock_wd19 precision_3520 optiplex_7040 precision_5510 inspiron_7706_2-in-1 latitude_5300_2-in-1 precision_3440 vostro_3583 inspiron_5598 precision_t5600 optiplex_xe3 inspiron_7791 optiplex_fx130 precision_t5500 xps_13_9360 inspiron_5548 latitude_5285 inspiron_5749 vostro_13_5370 precision_t3600 latitude_5511 vostro_15_3561 g3_3500 precision_3630_tower vostro_5401 alienware_14 latitude_5285_2-in-1 latitude_5480 precision_3640 vostro_2521 inspiron_660s latitude_7310 inspiron_5498 latitude_5400 inspiron_7580 g5_5587 inspiron_one_19 precision_5530 latitude_7490 optiplex_7770_aio inspiron_5481_2-in-1 inspiron_5482 latitude_3410 optiplex_9020 xps_9350 vostro_3800 inspiron_5591_2-in-1 latitude_e5270 g3_3579 latitude_e6230 inspiron_3781 inspiron_20-3052 precision_7820_tower vostro_15_7570 vostro_20_3052 inspiron_5583 optiplex_7050 precision_t7610 latitude_3460_wyse_tc latitude_5250 inspiron_7548 vostro_3581 latitude_9510 latitude_rugged_5420 optiplex_7090_ultra latitude_3590 inspiron_3252 precision_r5500 inspiron_7591 precision_3420_tower g7_7790 embedded_box_pc_5000 vostro_5591 vostro_5590 optiplex_5055_ryzen_cpu inspiron_15_gaming_7577 inspiron_7790 vostro_3481 inspiron_24-3452 precision_7720 inspiron_24-3455 inspiron_3646 inspiron_3670 inspiron_15_gaming_7567 optiplex_7070_ultra precision_7510 inspiron_3780 xps_15_9570 vostro_3690 inspiron_14_5468 optiplex_5055_ryzen_apu latitude_e7470 latitude_3150 alienware_m18xr2 precision_3240_cff inspiron_3584 optiplex_7080 vostro_270 precision_t5810 xps_15_9560 optiplex_5055 vostro_3584 inspiron_1122 inspiron_7306_2-in-1 dock_wd15 inspiron_7391 optiplex_7020 inspiron_5490_aio vostro_3905 inspiron_5409 inspiron_15-5559 optiplex_5080 inspiron_5401 precision_5520 precision_m6700 inspiron_3520 latitude_5490 precision_3510 precision_5530_2-in-1 xps_8900 xps_13_9310_2-in-1 precision_t7910 latitude_3500 vostro_3490 precision_7520 optiplex_3020 precision_3560 inspiron_5423 optiplex_3030_aio vostro_1550 vostro_3671 xps_12_9250 inspiron_7590_2-in-1 inspiron_7746 latitude_12_7285 inspiron_5448 vostro_15_5568 latitude_e5470 optiplex_790 precision_3540 latitude_7275 optiplex_7010 latitude_3580 precision_t3500 inspiron_15_gaming_7566 optiplex_990 precision_3430_tower chengming_3980 latitude_rugged_7424 vostro_220s latitude_3470 vostro_5301 latitude_5310_2-in-1 vostro_3070 inspiron_5501 latitude_5200 xps_13_7390_2-in-1 xps_27_7760 latitude_3310_2-in-1 inspiron_5491_aio latitude_7480 inspiron_5400_aio inspiron_5493 inspiron_7437 optiplex_fx170 alienware_asm100r2 latitude_7410 xps_13_9380 inspiron_15-3552 inspiron_3443 inspiron_5509 latitude_5320 precision_5820_xl_tower optiplex_3040 inspiron_3470 latitude_7520 inspiron_5406_2-in-1 optiplex latitude_3380 g7_7700 inspiron_3793 inspiron_5301 inspiron_3891 vostro_3902 inspiron_15-5565 vostro_3900g inspiron_3437 inspiron_5490 inspiron_3583 latitude_9410 latitude_3340 optiplex_7070 inspiron_3542 inspiron_620 inspiron_5391 latitude_e6220 chengming_3990 vostro_15_7580 latitude_3350 precision_5550 inspiron_3421 vostro_3560 inspiron_7380 latitude_5290_2-in-1 latitude_7400 precision_7730 vostro_5890 g3_3779 latitude_7350 inspiron_3048 inspiron_3655 inspiron_3501 inspiron_5537 latitude_3180 latitude_7200_2-in-1 vostro_3669 vostro_3670 vostro_3881 inspiron_3480 latitude_e5530 wyse_5470_all-in-one inspiron_5577 precision_7820_xl_tower inspiron_580s optiplex_7060 latitude_3450 alienware_area_51 latitude_5495 latitude_5488 inspiron_15_7560 inspiron_3521 optiplex_7440_aio inspiron_5390 inspiron_3537 inspiron_5594 vostro_14-5459 inspiron_7506_2-in-1 latitude_3160 inspiron_3656 optiplex_3050 latitude_5501 inspiron_5508 latitude_5580 vostro_260 xps_13_9305 inspiron_7590 xps_13_7390 optiplex_3280_aio inspiron_24-5475 latitude_7370 precision_7920_xl_tower optiplex_5070 optiplex_5270_aio latitude_5450 latitude_5179 optiplex_3011_aio latitude_5510 inspiron_7559 latitude_7390_2-in-1 optiplex_3010 precision_7750 vostro_7590 precision_5720_aio vostro_14_3458 inspiron_14_gaming_7467 latitude_7280 latitude_e6530 vostro_3667 optiplex_3060 inspiron_7720 latitude_3510 vostro_270s inspiron_3147 g5_5590 latitude_3460 inspiron_3590 g7_7588 latitude_3310 latitude_rugged_extreme_tablet_7220ex latitude_7380 vostro_14-3446 vostro_3590 inspiron_5737 inspiron_5580 inspiron_5593 latitude_5411 precision_3930_xl_rack latitude_3330 latitude_e7240 latitude_3440 optiplex_780 inspiron_5543 chengming_3967 inspiron_7700 optiplex_7780_aio vostro_3268 inspiron_7500_2-in-1_silver inspiron_7390 latitude_5491 inspiron_15_5582_2-in-1 vostro_470 vostro_5402 inspiron_7400 latitude_7300 latitude_5591 precision_3551 xps_8700 latitude_7320 precision_t7600 latitude_e7270_wyse_tc dbutil inspiron_5502 latitude_e6430 dbutil dbutil Driver

Matching Score-8

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-66.91% / 98.56%

||

7 Day CHG-2.73%

Published-04 May, 2021 | 15:15

Updated-28 Oct, 2025 | 14:05

Known KEV||Action Due Date - 2022-04-21||Apply updates per vendor instructions.

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Vendor-Dell Inc.

CWE ID-CWE-782

Exposed IOCTL with Insufficient Access Control

CVE-2021-21545

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 10.84%

||

7 Day CHG~0.00%

Published-12 Apr, 2021 | 19:50

Updated-16 Sep, 2024 | 17:44

Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user.

Vendor-Dell Inc.

Product-peripheral_manager Dell Peripheral Manager

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2025-22480

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7||HIGH

EPSS-0.07% / 20.12%

||

7 Day CHG~0.00%

Published-13 Feb, 2025 | 16:04

Updated-24 Sep, 2025 | 14:45

Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges.

Vendor-Dell Inc.

Product-supportassist_os_recovery Dell SupportAssist OS Recovery

CWE ID-CWE-59

Improper Link Resolution Before File Access ('Link Following')

CWE ID-CWE-61

UNIX Symbolic Link (Symlink) Following

CVE-2021-21601

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-0.04% / 11.35%

||

7 Day CHG~0.00%

Published-10 Aug, 2021 | 19:05

Updated-17 Sep, 2024 | 03:02

Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.

Vendor-Dell Inc.

Product-emc_integrated_data_protection_appliance emc_data_protection_search Data Protection Search

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2021-21567

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.04%

||

7 Day CHG~0.00%

Published-10 Aug, 2021 | 19:05

Updated-16 Sep, 2024 | 22:56

Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CWE ID-CWE-269

Improper Privilege Management

CVE-2021-21546

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.80%

||

7 Day CHG~0.00%

Published-29 Jul, 2021 | 15:55

Updated-16 Sep, 2024 | 23:56

Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files.

Vendor-Dell Inc.

Product-emc_networker NetWorker

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2021-21535

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.4||HIGH

EPSS-0.03% / 9.84%

||

7 Day CHG~0.00%

Published-30 Apr, 2021 | 17:40

Updated-16 Sep, 2024 | 23:35

Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system.

Vendor-Dell Inc.

Product-hybrid_client Dell Hybrid Client (DHC)

CWE ID-CWE-306

Missing Authentication for Critical Function

CVE-2021-21518

Matching Score-8

Assigner-Dell

Product-supportassist_for_business_pcs supportassist_for_home_pcs supportassist_client_promanage Dell SupportAssist Client

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 10.84%

||

7 Day CHG~0.00%

Published-12 Mar, 2021 | 20:10

Updated-16 Sep, 2024 | 19:31

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

Vendor-Dell Inc.

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2021-21522

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.04% / 13.08%

||

7 Day CHG~0.00%

Published-28 Sep, 2021 | 19:20

Updated-17 Sep, 2024 | 03:23

Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.

Vendor-Dell Inc.

CWE ID-CWE-255

Not Available

CVE-2021-21561

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.05% / 14.59%

||

7 Day CHG~0.00%

Published-23 Nov, 2021 | 20:00

Updated-16 Sep, 2024 | 19:20

Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files.

Vendor-Dell Inc.

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2023-39259

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.04% / 13.68%

||

7 Day CHG~0.00%

Published-16 Nov, 2023 | 09:02

Updated-12 Aug, 2024 | 14:12

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.

Vendor-Dell Inc.

Product-os_recovery_tool Dell OS Recovery Tool

CWE ID-CWE-284

Improper Access Control

CVE-2023-39257

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.03% / 8.76%

||

7 Day CHG~0.00%

Published-02 Dec, 2023 | 04:22

Updated-02 Aug, 2024 | 18:02

Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product installation repair is performed, leading to privilege escalation on the system.

Vendor-Dell Inc.

Product-rugged_control_center Rugged Control Center (RCC)

CWE ID-CWE-284

Improper Access Control

CVE-2025-22395

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.09% / 26.25%

||

7 Day CHG~0.00%

Published-07 Jan, 2025 | 02:52

Updated-04 Feb, 2025 | 15:49

Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker.

Vendor-Dell Inc.

Product-update_package_framework Dell Update Package (DUP) Framework

CWE ID-CWE-280

Improper Handling of Insufficient Permissions or Privileges

CVE-2022-33920

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.06% / 19.63%

||

7 Day CHG~0.00%

Published-12 Oct, 2022 | 19:25

Updated-15 May, 2025 | 15:34

Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.

Vendor-Dell Inc.

Product-geodrive GeoDrive

CWE ID-CWE-428

Unquoted Search Path or Element

CVE-2022-34396

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7||HIGH

EPSS-0.06% / 17.57%

||

7 Day CHG~0.00%

Published-01 Feb, 2023 | 05:24

Updated-26 Mar, 2025 | 18:54

Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise.

Vendor-Dell Inc.

Product-openmanage_server_administrator OpenManage Server Administrator (OMSA)

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2022-34384

Matching Score-8

Assigner-Dell

Product-supportassist_for_business_pcs command_update supportassist_for_home_pcs update alienware_update SupportAssist Client Consumer

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.08% / 24.49%

||

7 Day CHG~0.00%

Published-10 Feb, 2023 | 20:03

Updated-26 Mar, 2025 | 15:44

Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.

Vendor-Dell Inc.

CWE ID-CWE-250

Execution with Unnecessary Privileges

CWE ID-CWE-269

Improper Privilege Management

CVE-2022-34391

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.05% / 15.14%

||

7 Day CHG~0.00%

Published-12 Oct, 2022 | 19:25

Updated-16 May, 2025 | 13:44

Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

Product-alienware_area-51_r4_firmware alienware_area-51_r5_firmware alienware_area-51_r5 alienware_area-51_r4 CPG BIOS

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2022-34462

Matching Score-8

Assigner-Dell

Product-policy_manager_for_secure_connect_gateway Secure Connect Gateway (SCG) Policy Manager

Matching Score-8

Assigner-Dell

CVSS Score-8.4||HIGH

EPSS-0.05% / 14.69%

||

7 Day CHG~0.00%

Published-18 Jan, 2023 | 06:51

Updated-20 May, 2025 | 20:15

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges.

Vendor-Dell Inc.

CWE ID-CWE-321

Use of Hard-coded Cryptographic Key

CWE ID-CWE-798

Use of Hard-coded Credentials

CVE-2022-34387

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.12% / 30.74%

||

7 Day CHG~0.00%

Published-10 Feb, 2023 | 20:15

Updated-26 Mar, 2025 | 15:33

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system.

Vendor-Dell Inc.

Product-supportassist_for_business_pcs supportassist_for_home_pcs SupportAssist

CWE ID-CWE-377

Insecure Temporary File

CWE ID-CWE-668

Exposure of Resource to Wrong Sphere

CVE-2022-33919

Matching Score-8

Assigner-Dell

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.06% / 17.68%

||

7 Day CHG~0.00%

Published-12 Oct, 2022 | 19:25

Updated-15 May, 2025 | 15:34

Dell GeoDrive, versions 2.1 - 2.2, contains an information disclosure vulnerability in GUI. An authenticated non-admin user could potentially exploit this vulnerability and view sensitive information.

Vendor-Dell Inc.

Product-geodrive GeoDrive

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CVE-2022-33922

Matching Score-8

Assigner-Dell