Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-44291

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-04 Dec, 2023 | 08:13
Updated At-02 Aug, 2024 | 19:59
Rejected At-
Credits

Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:04 Dec, 2023 | 08:13
Updated At:02 Aug, 2024 | 19:59
Rejected At:
▼CVE Numbering Authority (CNA)

Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Affected Products
Vendor
Dell Inc.Dell
Product
Dell PowerProtect Data Manager DM5500 Appliance
Default Status
unaffected
Versions
Affected
  • DM5500 5.14 and below
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities
vendor-advisory
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:04 Dec, 2023 | 09:15
Updated At:18 Dec, 2023 | 06:15

Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Dell Inc.
dell
>>powerprotect_data_manager_dm5500>>-
cpe:2.3:h:dell:powerprotect_data_manager_dm5500:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>powerprotect_data_manager_dm5500_firmware>>Versions up to 5.14.0.0(inclusive)
cpe:2.3:o:dell:powerprotect_data_manager_dm5500_firmware:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE-78Secondarysecurity_alert@emc.com
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-78
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilitiessecurity_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

837Records found
CVE-2026-22766
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.32% / 55.02%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 19:28
Updated-20 Mar, 2026 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

Action-Not Available
Vendor-Dell Inc.
Product-Wyse Management Suite
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49597
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-0.02% / 3.72%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 02:50
Updated-04 Feb, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2024-48010
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 42.41%
||
7 Day CHG~0.00%
Published-08 Nov, 2024 | 03:01
Updated-26 Nov, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect DDpowerprotect_data_domain_management_center
CWE ID-CWE-284
Improper Access Control
CVE-2023-25539
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.67% / 71.75%
||
7 Day CHG-0.80%
Published-31 May, 2023 | 04:50
Updated-09 Jan, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.Linux Kernel Organization, Inc
Product-networkerlinux_kernelNetWorker NVE
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-0165
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.29% / 52.86%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:30
Updated-06 May, 2025 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-3727
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.07% / 20.36%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 15:45
Updated-17 Sep, 2024 | 03:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS command injection vulnerability

Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root.

Action-Not Available
Vendor-Dell Inc.
Product-emc_recoverpointrecoverpoint_for_virtual_machinesRecoverPoint
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-23693
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.34% / 57.08%
||
7 Day CHG+0.21%
Published-23 May, 2023 | 06:02
Updated-17 Jan, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_hyperconverged_infrastructureDell VxRail HCI
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-23694
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.7||MEDIUM
EPSS-1.38% / 80.64%
||
7 Day CHG+1.17%
Published-23 May, 2023 | 06:08
Updated-17 Jan, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_hyperconverged_infrastructureDell VxRail HCI
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-23692
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-3.65% / 88.11%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 12:30
Updated-26 Mar, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Action-Not Available
Vendor-Dell Inc.
Product-emc_data_domain_osData Domain
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-43589
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.06% / 18.86%
||
7 Day CHG~0.00%
Published-24 Jan, 2022 | 20:10
Updated-17 Sep, 2024 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_operating_environmentemc_unityvsa_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-21418
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.03%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 08:38
Updated-10 Mar, 2026 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-22277
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.03%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 08:27
Updated-10 Mar, 2026 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell UnityVSA, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnityVSA
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-36293
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.06% / 17.45%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 19:50
Updated-17 Sep, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-vnxe1600vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-36287
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-2.11% / 84.45%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 19:50
Updated-16 Sep, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system.

Action-Not Available
Vendor-Dell Inc.
Product-vnxe1600vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-34374
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-4.90% / 89.80%
||
7 Day CHG~0.00%
Published-30 Aug, 2022 | 20:25
Updated-16 Sep, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-container_storage_modulesDell Container Storage Modules
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-34437
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.40% / 61.28%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 18:05
Updated-07 May, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-26868
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 17.08%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 21:00
Updated-17 Sep, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.

Action-Not Available
Vendor-Dell Inc.
Product-powerstore_xpowerstore_tpowerstoreosPowerStore
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-45104
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-3.11% / 87.09%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 21:04
Updated-24 Mar, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermax_virtual_appliancesolutions_enabler_virtual_applianceevasa_provider_virtual_applianceUnisphere for PowerMax vApp
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-46644
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.01% / 0.64%
||
7 Day CHG-0.01%
Published-09 Jan, 2026 | 15:31
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain with Data Domain Operating System (DD OS) LTS 2025PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023PowerProtect Data Domain with Data Domain Operating System (DD OS) Feature ReleasePowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-45378
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.1||CRITICAL
EPSS-0.07% / 21.77%
||
7 Day CHG~0.00%
Published-05 Nov, 2025 | 16:23
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials of server, attack is possible through network with known privileged user/password.

Action-Not Available
Vendor-Dell Inc.
Product-cloudlinkCloudLink
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-46423
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.61%
||
7 Day CHG~0.00%
Published-30 Oct, 2025 | 14:14
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-46422
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.61%
||
7 Day CHG~0.00%
Published-30 Oct, 2025 | 14:19
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-45379
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.10% / 27.65%
||
7 Day CHG~0.00%
Published-05 Nov, 2025 | 16:31
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system.

Action-Not Available
Vendor-Dell Inc.
Product-cloudlinkCloudLink
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-43942
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.45%
||
7 Day CHG~0.00%
Published-30 Oct, 2025 | 14:23
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-43890
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.72%
||
7 Day CHG~0.00%
Published-07 Oct, 2025 | 17:53
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature ReleasePowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2025
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-43884
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.03% / 8.74%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 15:47
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Data Manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-43939
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.45%
||
7 Day CHG~0.00%
Published-30 Oct, 2025 | 14:10
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-43906
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.72%
||
7 Day CHG~0.00%
Published-07 Oct, 2025 | 18:02
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature ReleasePowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2025
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-43911
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.72%
||
7 Day CHG~0.00%
Published-07 Oct, 2025 | 18:08
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemDell PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature ReleaseDell PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2025Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-43940
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.45%
||
7 Day CHG~0.00%
Published-30 Oct, 2025 | 14:05
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-43943
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.93%
||
7 Day CHG~0.00%
Published-25 Sep, 2025 | 15:22
Updated-16 Jan, 2026 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Cloud Disaster Recovery, version(s) prior to 19.20, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-cloud_disaster_recoveryCloud Disaster Recovery
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-37140
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-7.29% / 91.84%
||
7 Day CHG~0.00%
Published-26 Jun, 2024 | 03:54
Updated-23 Sep, 2024 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect DDpowerprotect_dd
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-43885
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.68%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 15:52
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Data Manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-36567
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.72%
||
7 Day CHG~0.00%
Published-07 Oct, 2025 | 19:32
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-36566
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.72%
||
7 Day CHG~0.00%
Published-07 Oct, 2025 | 19:44
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-36569
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-07 Oct, 2025 | 19:38
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-36607
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.15% / 34.94%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 14:12
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-36606
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.15% / 34.94%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 14:09
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-36604
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-15.44% / 94.81%
||
7 Day CHG-3.07%
Published-04 Aug, 2025 | 14:00
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21526
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.03% / 8.25%
||
7 Day CHG~0.00%
Published-20 Apr, 2021 | 16:45
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21530
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.3||HIGH
EPSS-0.39% / 60.11%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 21:10
Updated-16 Sep, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive information in the system, resulting in information disclosure and elevation of privilege.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_enterprise-modularOpenManage Enterprise
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21550
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.05% / 17.21%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:40
Updated-16 Sep, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21527
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.05% / 17.21%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:40
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21570
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.44% / 63.42%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21599
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.22% / 44.52%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 22:00
Updated-17 Sep, 2024 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21569
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.51% / 66.96%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21503
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.17%
||
7 Day CHG~0.00%
Published-08 Mar, 2021 | 21:44
Updated-17 Sep, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-34427
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-3.45% / 87.76%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 16:40
Updated-16 May, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command execution.

Action-Not Available
Vendor-Dell Inc.
Product-container_storage_modulesDell Container Storage Modules
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-35073
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.71%
||
7 Day CHG~0.00%
Published-17 Apr, 2026 | 11:05
Updated-08 May, 2026 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command injection vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-35074
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.71%
||
7 Day CHG~0.00%
Published-17 Apr, 2026 | 10:57
Updated-08 May, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS Command Injection vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_dp_series_appliancedata_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 16
  • 17
  • Next
Details not found