Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-34429

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-30 Sep, 2022 | 19:25
Updated At-17 Sep, 2024 | 01:45
Rejected At-
Credits

Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:30 Sep, 2022 | 19:25
Updated At:17 Sep, 2024 | 01:45
Rejected At:
â–¼CVE Numbering Authority (CNA)

Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.

Affected Products
Vendor
Dell Inc.Dell
Product
Dell Hybrid Client (DHC)
Versions
Affected
  • From unspecified before 1.8 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Type: CWE
CWE ID: CWE-22
Description: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000203345/dsa-2022-260-dell-hybrid-client-security-update-for-multiple-vulnerabilities
x_refsource_MISC
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000203345/dsa-2022-260-dell-hybrid-client-security-update-for-multiple-vulnerabilities
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000203345/dsa-2022-260-dell-hybrid-client-security-update-for-multiple-vulnerabilities
x_refsource_MISC
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000203345/dsa-2022-260-dell-hybrid-client-security-update-for-multiple-vulnerabilities
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:30 Sep, 2022 | 20:15
Updated At:05 Oct, 2022 | 15:29

Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Secondary3.16.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Type: Primary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
CPE Matches
Dell Inc.
dell
>>hybrid_client>>1.5
cpe:2.3:a:dell:hybrid_client:1.5:*:*:*:*:*:*:*
Dell Inc.
dell
>>hybrid_client>>1.6
cpe:2.3:a:dell:hybrid_client:1.6:*:*:*:*:*:*:*
Dell Inc.
dell
>>hybrid_client>>1.6.1
cpe:2.3:a:dell:hybrid_client:1.6.1:*:*:*:*:*:*:*
Dell Inc.
dell
>>hybrid_client>>1.6.2
cpe:2.3:a:dell:hybrid_client:1.6.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE-22Secondarysecurity_alert@emc.com
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-22
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000203345/dsa-2022-260-dell-hybrid-client-security-update-for-multiple-vulnerabilitiessecurity_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000203345/dsa-2022-260-dell-hybrid-client-security-update-for-multiple-vulnerabilities
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

88Records found
CVE-2022-33937
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.04% / 12.12%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 19:25
Updated-16 May, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server filesystem, with the privileges of the GeoDrive service: NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Dell Inc.
Product-geodriveGeoDrive
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-29094
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.11% / 28.72%
||
7 Day CHG~0.00%
Published-10 Jun, 2022 | 20:05
Updated-16 Sep, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist Client Consumer
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-29093
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.11% / 28.72%
||
7 Day CHG~0.00%
Published-10 Jun, 2022 | 20:05
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist Client Commercial
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-51534
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.13% / 33.05%
||
7 Day CHG~0.00%
Published-01 Feb, 2025 | 04:02
Updated-12 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect DD
CWE ID-CWE-29
Path Traversal: '\..\filename'
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-36286
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.07% / 20.03%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-16 Sep, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_client_consumerSupportAssist Client Consumer
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-28265
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 2.34%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 07:41
Updated-02 Apr, 2026 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.

Action-Not Available
Vendor-Dell Inc.
Product-powerstore_5200qpowerstore_5000tpowerstore_1000tpowerstore_3200qpowerstore_7000tpowerstoreospowerstore_1200tpowerstore_3200tpowerstore_500tpowerstore_3000tpowerstore_9200tpowerstore_5200tpowerstore_9000tPowerStore 5000TPowerStorePowerStore 9000TPowerStore 9200TPowerStore 500TPowerStore 3200TPowerStore 7000TPowerStore 5200TPowerStore 5200QPowerStore 3000TPowerStore 3200QPowerStore 1000TPowerStore 1200T
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-35
Path Traversal: '.../...//'
CVE-2019-18575
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.71%
||
7 Day CHG~0.00%
Published-06 Dec, 2019 | 20:40
Updated-17 Sep, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system.

Action-Not Available
Vendor-Dell Inc.
Product-command\|configureDell Command Configure (DCC)
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-34400
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.56%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 04:24
Updated-27 Mar, 2025 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_15_3511inspiron_5310vostro_5510_firmwarexps_15_9510_firmwarelatitude_3520vostro_3525_firmwareprecision_3561_firmwarexps_17_9710_firmwareinspiron_3275inspiron_7610precision_3650_towerlatitude_rugged_7330precision_7560latitude_5421vostro_5890latitude_9420_firmwareinspiron_3891_firmwareinspiron_3785_firmwareinspiron_3525_firmwarelatitude_7420_firmwareinspiron_7610_firmwareinspiron_15_3511_firmwareoptiplex_5090_firmwareinspiron_3515_firmwarelatitude_9420g15_5525_firmwareinspiron_3475inspiron_5505inspiron_3505g15_5525optiplex_7090_ultrainspiron_3595inspiron_5485_2-in-1latitude_5320inspiron_3891vostro_5310inspiron_5510_firmwarealienware_m17_r5_amdinspiron_7405_2-in-1inspiron_3275_firmwarevostro_3690precision_7760inspiron_5425g15_5511_firmwarelatitude_7320alienware_m15_r7inspiron_5485vostro_5515_firmwarevostro_5625latitude_7320_detachablelatitude_9520vostro_3425vostro_3515_firmwareoptiplex_7090_tower_firmwareinspiron_5515inspiron_5415_firmwarelatitude_3420inspiron_14_5410_2-in-1_firmwareinspiron_3505_firmwareinspiron_5585optiplex_7090_aiolatitude_7420latitude_rugged_7330_firmwareinspiron_3785vostro_3890optiplex_7090_aio_firmwareprecision_3560_firmwareinspiron_7415inspiron_3525vostro_3515inspiron_5310_firmwareinspiron_5505_firmwarelatitude_7520_firmwareinspiron_14_5410_2-in-1inspiron_7425latitude_3420_firmwarelatitude_5420precision_5760_firmwareinspiron_5485_firmwareg5_se_5505_firmwareprecision_7560_firmwarevostro_5890_firmwareprecision_7760_firmwareinspiron_7425_firmwarevostro_3525vostro_5510inspiron_5515_firmwarelatitude_rugged_5430_firmwareinspiron_5410latitude_7320_detachable_firmwareinspiron_3585vostro_3510_firmwareg5_se_5505inspiron_5410_firmwarevostro_5410_firmwarevostro_5415inspiron_7415_firmwareoptiplex_7090_ultra_firmwareinspiron_5415precision_3450inspiron_5510precision_5560alienware_m17_r5_amd_firmwarelatitude_5320_firmwareg15_5510_firmwarevostro_7510_firmwarelatitude_5521vostro_5515g15_5515vostro_7510inspiron_7510_firmwarelatitude_rugged_5430latitude_7520alienware_m15_r6vostro_3890_firmwareprecision_3450_firmwarelatitude_5421_firmwareg15_5511vostro_3405optiplex_7090_towerprecision_5760g15_5515_firmwareinspiron_3195_2-in-1_firmwarealienware_m15_ryzen_edition_r5latitude_7320_firmwareoptiplex_5490_all-in-onexps_17_9710precision_3560vostro_5410inspiron_5405_firmwareinspiron_5425_firmwareinspiron_7405_2-in-1_firmwarevostro_5310_firmwareinspiron_3515latitude_5420_firmwareprecision_3561latitude_5520inspiron_7510latitude_3320vostro_3405_firmwarevostro_5625_firmwareinspiron_3195_2-in-1xps_15_9510alienware_m15_ryzen_edition_r5_firmwarelatitude_3520_firmwarevostro_3425_firmwareinspiron_5485_2-in-1_firmwarealienware_m15_r7_firmwarealienware_m15_r6_firmwareinspiron_3595_firmwarelatitude_3320_firmwareprecision_3650_tower_firmwarelatitude_5521_firmwarelatitude_9520_firmwareinspiron_3585_firmwareoptiplex_5490_all-in-one_firmwareprecision_5560_firmwareinspiron_5585_firmwarevostro_3510vostro_3690_firmwarevostro_5415_firmwareg15_5510inspiron_5405inspiron_3475_firmwarelatitude_5520_firmwareoptiplex_5090CPG BIOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-52535
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.47% / 64.71%
||
7 Day CHG~0.00%
Published-25 Dec, 2024 | 14:41
Updated-29 Jan, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist for Home PCsSupportAssist for Business PCs
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-51532
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.39%
||
7 Day CHG~0.00%
Published-19 Dec, 2024 | 01:40
Updated-29 Jan, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.

Action-Not Available
Vendor-Dell Inc.
Product-powerstore_7000tpowerstore_3200qpowerstoreospowerstore_3000tpowerstore_1000tpowerstore_3200tpowerstore_9000tpowerstore_500tpowerstore_1200tpowerstore_5200tpowerstore_5000tpowerstore_9200tPowerStore
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2020-5357
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.50%
||
7 Day CHG~0.00%
Published-28 May, 2020 | 19:20
Updated-16 Sep, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

Action-Not Available
Vendor-Dell Inc.
Product-thunderbolt_dock_tb16dock_wd19_firmwarethunderbolt_dock_tb16_firmwareprecision_dual_usb-c_thunderbolt_dock_-_tb18dcdock_wd15dock_wd19precision_dual_usb-c_thunderbolt_dock_-_tb18dc_firmwaredock_wd15_firmwareCPG BIOS
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-5324
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.65%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 14:50
Updated-17 Sep, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5401vostro_5391_firmwareprecision_3541inspiron_5583precision_7730_firmwareprecision_3541_firmwarelatitude_5401_firmwareprecision_7730inspiron_7380inspiron_5491_firmwarelatitude_5424_rugged_firmwarexps_15_9575_firmwareinspiron_14_5490inspiron_5590_firmwarevostro_3490_firmwareg7_17_7790_firmwareg7_17_7790latitude_7300_firmwareinspiron_5493inspiron_7490latitude_5400_firmwareprecision_7540wyse_5470inspiron_5390_firmwareg7_15_7590inspiron_3593_firmwareinspiron_5591inspiron_7391latitude_5490latitude_5590inspiron_5481inspiron_5494_firmwareinspiron_7390_firmwareinspiron_7580_firmwareinspiron_7786_firmwareinspiron_3583vostro_5581_firmwarevostro_3481latitude_5300inspiron_7786vostro_7590precision_5530_firmwareinspiron_5591_firmwareinspiron_3590_firmwareinspiron_3781g5_5587_firmwarelatitude_5501_firmwarevostro_15_7580_firmwarelatitude_7424_rugged_extreme_firmwarevostro_15_7580g7_7588_firmwareinspiron_7590_firmwareinspiron_7791_firmwarelatitude_7300precision_7740_firmwareg3_3579_firmwarevostro_3590_firmwareinspiron_5498inspiron_3780inspiron_7380_firmwarelatitude_3590_firmwarelatitude_7490_firmwareinspiron_7591_firmwarelatitude_7390_firmwarelatitude_5290latitude_5500_firmwareinspiron_3481inspiron_3780_firmwareinspiron_7490_firmwareg7_7588latitude_3400_firmwareprecision_3530latitude_5590_firmwarelatitude_5591inspiron_5590latitude_7400vostro_5481_firmwarevostro_5490inspiron_3593inspiron_5584xps_15_9570precision_7740g3_15_3590_firmwareinspiron_3481_firmwarelatitude_3390precision_5530g5_5090inspiron_5582inspiron_5498_firmwareprecision_5540vostro_5490_firmwareinspiron_3790_firmwareinspiron_3584_firmwareinspiron_5493_firmwareinspiron_7586inspiron_3480inspiron_3583_firmwareinspiron_7586_firmwarelatitude_3400inspiron_3480_firmwarelatitude_3490inspiron_3793_firmwareinspiron_7390vostro_3580_firmwareinspiron_3581_firmwarelatitude_3300_firmwarevostro_3590vostro_5390xps_15_9570_firmwarelatitude_3490_firmwarevostro_5590_firmwarevostro_3581_firmwarevostro_5581inspiron_3490latitude_7200_firmwareprecision_7530_firmwarevostro_3581xps_15_9575inspiron_3790vostro_3583_firmwarelatitude_5420_rugged_firmwarevostro_5391inspiron_5494latitude_7220_rugged_extreme_tablet_firmwarelatitude_3301g3_3779_firmwarelatitude_5300_firmwareinspiron_5594latitude_5420_ruggedprecision_3540_firmwareinspiron_5580latitude_7220_rugged_extreme_tabletinspiron_5582_firmwarelatitude_5500latitude_3500_firmwarevostro_3490g5_15_5590g5_15_5590_firmwareinspiron_5391wyse_5070_thin_clientinspiron_5598xps_13_9380inspiron_5480latitude_7220ex_rugged_extreme_tabletlatitude_7220ex_rugged_extreme_tablet_firmwareg7_15_7590_firmwareinspiron_5580_firmwarelatitude_5490_firmwarelatitude_5591_firmwarelatitude_3500inspiron_7791inspiron_3793latitude_5501latitude_7400_firmwareprecision_3540latitude_3590inspiron_3580_firmwareinspiron_3781_firmwareinspiron_5481_firmwarelatitude_3311_firmwareinspiron_7591xps_15_7590latitude_3300inspiron_5584_firmwareprecision_5540_firmwarevostro_5590vostro_3583vostro_3584_firmwarelatitude_5491_firmwareinspiron_5482vostro_3480latitude_7290inspiron_3493inspiron_5594_firmwareinspiron_14_5490_firmwareprecision_7540_firmwareinspiron_7391_firmwareinspiron_5593_firmwarewyse_5470_firmwareinspiron_5593inspiron_5491latitude_5290_firmwarelatitude_7424_rugged_extremeg5_5587inspiron_7580inspiron_5598_firmwareinspiron_3584inspiron_5482_firmwarevostro_5390_firmwareg5_5090_firmwarevostro_5481inspiron_3493_firmwarelatitude_7390precision_3530_firmwarelatitude_3311latitude_7290_firmwareprecision_7530inspiron_5583_firmwareg3_15_3590latitude_3390_firmwarelatitude_7200inspiron_5480_firmwareinspiron_3590inspiron_5391_firmwarevostro_3480_firmwareinspiron_7590vostro_3580vostro_7590_firmwarexps_15_7590_firmwarevostro_3584inspiron_3490_firmwarexps_13_9380_firmwarewyse_5070_thin_client_firmwarelatitude_3301_firmwarelatitude_7490inspiron_5390vostro_3481_firmwareinspiron_3580latitude_5491g3_3579g3_3779inspiron_7386_firmwareinspiron_3581inspiron_7386latitude_5424_ruggedlatitude_5400Dell Client Consumer and Commercial Platforms
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-44281
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.02% / 5.31%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 15:38
Updated-30 May, 2025 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial of Service.

Action-Not Available
Vendor-Dell Inc.
Product-pairDell Pair
CWE ID-CWE-264
Not Available
CVE-2023-32454
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 5.24%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 08:00
Updated-02 Aug, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service

Action-Not Available
Vendor-Dell Inc.
Product-update_package_frameworkDUP Framework
CWE ID-CWE-1386
Insecure Operation on Windows Junction / Mount Point
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-28071
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.56%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 10:37
Updated-07 Nov, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-windowsalienware_updatecommand_updateupdateDell Command Update (DCU)
CWE ID-CWE-1386
Insecure Operation on Windows Junction / Mount Point
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-28049
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.7||MEDIUM
EPSS-0.03% / 6.87%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 06:43
Updated-22 Aug, 2024 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete.

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_monitorDell Command Monitor (DCM)
CWE ID-CWE-267
Privilege Defined With Unsafe Actions
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-28046
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.11% / 29.79%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 06:07
Updated-10 Feb, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges.

Action-Not Available
Vendor-Dell Inc.
Product-display_managerDell Display Manager
CWE ID-CWE-272
Least Privilege Violation
CVE-2023-25540
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.07% / 22.06%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 16:30
Updated-11 Mar, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-24573
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 16.75%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 12:30
Updated-24 Mar, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_monitorDell Command Monitor (DCM)
CWE ID-CWE-264
Not Available
CVE-2023-23698
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.75%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 12:20
Updated-24 Mar, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_updatecommand_updateDell Command Update (DCU)
CWE ID-CWE-1386
Insecure Operation on Windows Junction / Mount Point
CVE-2022-31226
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.06% / 18.59%
||
7 Day CHG~0.00%
Published-12 Sep, 2022 | 18:35
Updated-16 Sep, 2024 | 23:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.

Action-Not Available
Vendor-Dell Inc.
Product-precision_3660_towerinspiron_16_plus_7620_firmwareinspiron_7420xps_17_9720_firmwareinspiron_5620optiplex_7400vostro_3910optiplex_7000vostro_7620_firmwareinspiron_7420_firmwareoptiplex_5000_firmwareprecision_3660_tower_firmwareoptiplex_7000_oemoptiplex_5000inspiron_7620_firmwarechengming_3900optiplex_3000inspiron_5420chengming_3900_firmwarexps_17_9720vostro_3910_firmwareprecision_5770inspiron_16_plus_7620inspiron_14_plus_7420vostro_3710_firmwarevostro_5320vostro_5620_firmwarevostro_7620optiplex_3000_thin_clientinspiron_5620_firmwareoptiplex_5400inspiron_5320_firmwarevostro_5620precision_5770_firmwareinspiron_14_plus_7420_firmwareoptiplex_5400_firmwareoptiplex_3000_thin_client_firmwareoptiplex_3000_firmwareoptiplex_7000_firmwareinspiron_5320inspiron_3910vostro_3710vostro_5320_firmwareoptiplex_7400_firmwareinspiron_3910_firmwareinspiron_5420_firmwareprecision_3460_small_form_factor_firmwareoptiplex_7000_oem_firmwareprecision_3460_small_form_factorinspiron_7620CPG BIOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-10949
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-7.5||HIGH
EPSS-18.01% / 95.18%
||
7 Day CHG~0.00%
Published-04 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459.

Action-Not Available
Vendor-Zero Day InitiativeDell Inc.
Product-storage_manager_2016Dell Storage Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-8211
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-1.96% / 83.53%
||
7 Day CHG~0.00%
Published-03 Feb, 2017 | 07:24
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system.

Action-Not Available
Vendor-n/aDell Inc.
Product-emc_data_protection_advisorEMC Data Protection Advisor EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-44306
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-1.70% / 82.33%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 08:32
Updated-01 Oct, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem.

Action-Not Available
Vendor-Dell Inc.
Product-dm5500_firmwaredm5500Dell PowerProtect Data Manager DM5500 Appliance
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21569
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.51% / 66.60%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34426
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-4.40% / 89.02%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 16:40
Updated-16 May, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional access to path outside of restricted directory.

Action-Not Available
Vendor-Dell Inc.
Product-container_storage_modulesDell Container Storage Modules
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21586
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-46.07% / 97.64%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 16:15
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-36
Absolute Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-22397
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.91%
||
7 Day CHG+0.01%
Published-06 Nov, 2025 | 18:46
Updated-21 Jan, 2026 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9idrac9_firmwareidrac10idrac10_firmwareIntegrated Dell Remote Access Controller 10 17G versionIntegrated Dell Remote Access Controller 9 15G and 16G versionsIntegrated Dell Remote Access Controller 9 14G Versions
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21514
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-12.85% / 94.06%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 16:00
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_server_administratorDell Open Manage Server Administrator
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34365
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 65.29%
||
7 Day CHG~0.00%
Published-10 Aug, 2022 | 16:31
Updated-16 Sep, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WMS 3.7 contains a Path Traversal Vulnerability in Device API. An attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34378
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.96%
||
7 Day CHG~0.00%
Published-02 Sep, 2022 | 17:30
Updated-17 Sep, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34373
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.05% / 14.90%
||
7 Day CHG~0.00%
Published-31 Aug, 2022 | 20:05
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system.

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_integration_suite_for_system_centerCPG SW
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34430
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.20% / 41.60%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 16:40
Updated-19 May, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.

Action-Not Available
Vendor-Dell Inc.
Product-hybrid_clientDell Hybrid Client (DHC)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVE-2022-34375
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.39% / 60.23%
||
7 Day CHG~0.00%
Published-30 Aug, 2022 | 20:25
Updated-16 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory.

Action-Not Available
Vendor-Dell Inc.
Product-container_storage_modulesDell Container Storage Modules
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-29097
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.20% / 42.36%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 17:00
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-28977
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-3.3||LOW
EPSS-0.06% / 17.51%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 08:08
Updated-21 Jan, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem with the privileges of the running web application.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerDell Repository Manager (DRM) repository_manager
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-24424
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.67% / 71.29%
||
7 Day CHG~0.00%
Published-21 Apr, 2022 | 20:50
Updated-16 Sep, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

Action-Not Available
Vendor-Dell Inc.
Product-emc_appsyncAppSync
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-15782
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.7||HIGH
EPSS-0.03% / 7.93%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 20:00
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DSA-2018-226: RSA® Authentication Manager Relative Path Traversal Vulnerability

The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-authentication_managerRSA Authentication Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-4004
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-12.17% / 93.86%
||
7 Day CHG~0.00%
Published-12 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.

Action-Not Available
Vendor-n/aDell Inc.
Product-openmanage_server_administratorn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-1204
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.95% / 76.41%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 18:00
Updated-16 Sep, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsIsilon OneFS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-7270
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.84% / 74.68%
||
7 Day CHG~0.00%
Published-10 Apr, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.

Action-Not Available
Vendor-n/aDell Inc.
Product-integrated_remote_access_controller_6integrated_remote_access_controller_7integrated_remote_access_controller_8integrated_remote_access_controller_firmwareDell Integrated Remote Access Controller (iDRAC)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-5370
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.9||HIGH
EPSS-1.14% / 78.46%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 17:00
Updated-16 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to overwrite arbitrary files via directory traversal sequences using a crafted tar file to inject malicious RPMs which may cause a denial of service or perform unauthorized actions.

Action-Not Available
Vendor-Dell Inc.
Product-emc_openmanage_enterpriseOpenManage Enterprise
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-36288
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.6||HIGH
EPSS-0.93% / 76.17%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 19:50
Updated-16 Sep, 2024 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files

Action-Not Available
Vendor-Dell Inc.
Product-vnxe1600vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX2
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-27101
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.7||MEDIUM
EPSS-0.32% / 54.66%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 07:27
Updated-02 Apr, 2026 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker within the management network could potentially exploit this vulnerability, leading to remote execution.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-22762
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.85%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 19:53
Updated-06 Mar, 2026 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary file delete.

Action-Not Available
Vendor-Dell Inc.
Product-Avamar Virtual EditionPowerProtect DP Series Appliance (IDPA)Avamar Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-5377
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.1||CRITICAL
EPSS-79.91% / 99.11%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:50
Updated-17 Sep, 2024 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station.

Action-Not Available
Vendor-Dell Inc.
Product-emc_openmanage_server_administratorDell Open Manage Server Administrator
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-5366
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.43% / 62.33%
||
7 Day CHG~0.00%
Published-09 Jul, 2020 | 13:45
Updated-16 Sep, 2024 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareidrac9Integrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-3304
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-13.62% / 94.26%
||
7 Day CHG~0.00%
Published-30 Oct, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.

Action-Not Available
Vendor-n/aDell Inc.
Product-equallogic_ps4000_firmwaren/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-29495
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-10||CRITICAL
EPSS-15.49% / 94.67%
||
7 Day CHG~0.00%
Published-14 Jan, 2021 | 21:10
Updated-16 Sep, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_avamar_serverAvamar
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-29494
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.7||HIGH
EPSS-0.94% / 76.26%
||
7 Day CHG~0.00%
Published-14 Jan, 2021 | 21:10
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_avamar_serverAvamar
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • Next
Details not found