Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-0164

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-12 Feb, 2024 | 18:34
Updated At-01 Aug, 2024 | 17:41
Rejected At-
Credits

Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:12 Feb, 2024 | 18:34
Updated At:01 Aug, 2024 | 17:41
Rejected At:
▼CVE Numbering Authority (CNA)

Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges.

Affected Products
Vendor
Dell Inc.Dell
Product
Unity
Default Status
unaffected
Versions
Affected
  • From 0 before 5.4 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
Dell Inc.dell
Product
unity_operating_environment
CPEs
  • cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 5.4 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities
vendor-advisory
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:12 Feb, 2024 | 19:15
Updated At:15 Feb, 2024 | 16:55

Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Dell Inc.
dell
>>unity_operating_environment>>Versions before 5.4.0.0.5.094(exclusive)
cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE-78Secondarysecurity_alert@emc.com
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-78
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilitiessecurity_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

571Records found
CVE-2023-39253
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 8.63%
||
7 Day CHG~0.00%
Published-23 Nov, 2023 | 06:20
Updated-02 Aug, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.

Action-Not Available
Vendor-Dell Inc.
Product-os_recovery_toolDell OS Recovery Tool
CWE ID-CWE-284
Improper Access Control
CVE-2023-32487
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.79%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 13:28
Updated-08 Oct, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service, code execution and information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-32479
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.98%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 08:09
Updated-22 Aug, 2024 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-windowssecurity_management_serverencryptionendpoint_security_suite_enterpriseDell Security Management Server (Windows)Dell Endpoint Security Suite EnterpriseDell Encryptionsecurity_management_serverencryptionendpoint_security_suite_enterprise
CWE ID-CWE-284
Improper Access Control
CVE-2023-32450
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 18.33%
||
7 Day CHG~0.00%
Published-27 Jul, 2023 | 04:33
Updated-15 Oct, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)
CWE ID-CWE-379
Creation of Temporary File in Directory with Insecure Permissions
CVE-2023-32486
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 16.70%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 13:24
Updated-08 Oct, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. A low privilege local attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2023-32477
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.87%
||
7 Day CHG~0.00%
Published-29 Sep, 2023 | 07:18
Updated-23 Sep, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. A local low-privileged malicious user may potentially exploit this vulnerability to gain elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-common_event_enablerCommon Event Enabler
CWE ID-CWE-284
Improper Access Control
CVE-2023-32458
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.06% / 19.55%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 15:52
Updated-23 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation.

Action-Not Available
Vendor-Dell Inc.ELAN Microelectronics Corporation
Product-appsyncDell EMC AppSync
CWE ID-CWE-284
Improper Access Control
CVE-2023-32495
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.70%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 13:00
Updated-08 Oct, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability. An authorized local attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-32460
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.49%
||
7 Day CHG~0.00%
Published-08 Dec, 2023 | 05:37
Updated-02 Aug, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r7515poweredge_fc430poweredge_t140_firmwarepoweredge_t560_firmwarepoweredge_xr12poweredge_r7515_firmwarepoweredge_fc630poweredge_r760xa_firmwarepoweredge_xe7420poweredge_mx750c_firmwarepoweredge_r530poweredge_m640_\(pe_vrtx\)poweredge_m830_\(pe_vrtx\)emc_xc_core_xc650_firmwarenx3330emc_nx440_firmwarepoweredge_t630_firmwareemc_xc_core_xc940poweredge_r330dss_8440poweredge_xe7440_firmwarepoweredge_t130poweredge_xe9680poweredge_r430poweredge_r840_firmwarepoweredge_t150_firmwarepoweredge_r830poweredge_m630_\(pe_vrtx\)xc730_hyperconverged_appliancepoweredge_c6320poweredge_r350_firmwarepoweredge_r750_firmwarepoweredge_xr8610tpoweredge_r440poweredge_xr4510cpoweredge_c6615poweredge_m830poweredge_r340poweredge_fc640_firmwarepoweredge_c6320_firmwarepoweredge_r750xspoweredge_t640_firmwarepoweredge_r830_firmwarepoweredge_r740xd2poweredge_t550_firmwarepoweredge_xr7620_firmwarepoweredge_r240_firmwarepoweredge_fc830_firmwarenx3230poweredge_r730xdpoweredge_r230poweredge_t350poweredge_fc630_firmwareemc_xc_core_xc740xd2poweredge_r740poweredge_xr2xc_core_xc660_firmwarexc730xd_hyperconverged_appliancepoweredge_r230_firmwarepoweredge_r440_firmwarepoweredge_t150poweredge_r630_firmwarepoweredge_xe9680_firmwarepoweredge_r650xspoweredge_fc830xc430_hyperconverged_applianceemc_xc_core_xc740xd2_firmwarexc_core_xc760poweredge_r730xd_firmwarepoweredge_c6620_firmwareemc_storage_nx3240poweredge_mx840cemc_xc_core_xc740xd_firmwarepoweredge_mx740cpoweredge_r730poweredge_r7525poweredge_t130_firmwaredss_8440_firmwarepoweredge_r6615_firmwareemc_xc_core_xc750xa_firmwareemc_xc_core_xc640_firmwarepoweredge_fc430_firmwareemc_storage_nx3240_firmwarepoweredge_r540_firmwarepoweredge_r740xdpoweredge_r740_firmwarepoweredge_r6415nx430_firmwareemc_xc_core_xc750poweredge_r760xs_firmwarepoweredge_r740xd2_firmwarepoweredge_r940xaemc_xc_core_xc750xapoweredge_t330_firmwarepoweredge_r7625poweredge_r450_firmwarepoweredge_r640poweredge_r7425poweredge_r7615poweredge_r760xd2poweredge_r750xs_firmwarepoweredge_t440_firmwarepoweredge_r930_firmwarenx430poweredge_hs5620_firmwareemc_xc_core_xc6520poweredge_m830_firmwarepoweredge_r7615_firmwarepoweredge_r250poweredge_r6515_firmwarepoweredge_r240poweredge_hs5610_firmwarepoweredge_r430_firmwareemc_xc_core_xc6520_firmwarepoweredge_xr4510c_firmwarepoweredge_r730_firmwarepoweredge_xr8620t_firmwareemc_xc_core_6420_firmwareemc_xc_core_xc450_firmwarexc630_hyperconverged_appliancepoweredge_m640xc730xd_hyperconverged_appliance_firmwarepoweredge_xr8620tpoweredge_t630poweredge_r750poweredge_r650_firmwarepoweredge_m640_\(pe_vrtx\)_firmwarepoweredge_r930xc_core_xc760_firmwarexc6320_hyperconverged_appliance_firmwarepoweredge_xe8640poweredge_t640poweredge_c6520_firmwareemc_xc_core_xc940_firmwareemc_storage_nx3340_firmwarepoweredge_r550_firmwareemc_xc_core_xc750_firmwarexc6320_hyperconverged_appliancepoweredge_r760xd2_firmwarepoweredge_c4140_firmwarexc_core_xc660poweredge_r250_firmwarepoweredge_r760_firmwarepoweredge_r550poweredge_mx840c_firmwarepoweredge_r660_firmwarepoweredge_c6525_firmwarepoweredge_c6525emc_xc_core_xc650emc_xc_core_xc740xdpoweredge_r6625_firmwarepoweredge_r6415_firmwarepoweredge_m830_\(pe_vrtx\)_firmwarepoweredge_r330_firmwarepoweredge_m630xc730_hyperconverged_appliance_firmwarepoweredge_c6615_firmwareemc_xc_core_xc640poweredge_t430_firmwareemc_xc_core_6420poweredge_xe7420_firmwarepoweredge_c6420_firmwarepoweredge_r7415_firmwarepoweredge_fc640poweredge_xe2420_firmwarepoweredge_r7415poweredge_r660poweredge_c4140poweredge_r940_firmwareemc_xc_core_xcxr2_firmwarepoweredge_xr11_firmwarexc430_hyperconverged_appliance_firmwarepoweredge_r860poweredge_r650poweredge_r650xs_firmwarepoweredge_r740xd_firmwarepoweredge_xr11poweredge_t140poweredge_xr12_firmwarepoweredge_xr8610t_firmwarepoweredge_c6620poweredge_xr4520cpoweredge_r7625_firmwarepoweredge_r760xapoweredge_xe9640_firmwareemc_xc_core_xc7525_firmwarepoweredge_t560emc_xc_core_xcxr2poweredge_mx740c_firmwarepoweredge_xr7620poweredge_xr5610_firmwarepoweredge_r640_firmwarepoweredge_t440nx3330_firmwarepoweredge_xr4520c_firmwarepoweredge_r940xa_firmwarepoweredge_r630poweredge_c4130_firmwarepoweredge_r7525_firmwarepoweredge_t330nx440poweredge_mx760c_firmwarepoweredge_r660xspoweredge_r6525poweredge_xe8545_firmwarepoweredge_c4130poweredge_r6615poweredge_mx760cpoweredge_xe9640poweredge_xe8545emc_xc_core_xc7525poweredge_r940poweredge_r750xapoweredge_r540poweredge_t550poweredge_m640_firmwarepoweredge_r660xs_firmwarepoweredge_hs5620poweredge_t340_firmwarepoweredge_r340_firmwarepoweredge_t430poweredge_xr2_firmwarepoweredge_r6515poweredge_xe2420poweredge_r760poweredge_r530_firmwareemc_xc_core_xc450poweredge_r6525_firmwarepoweredge_mx750cpoweredge_c6420poweredge_xe7440poweredge_r960poweredge_m630_firmwarepoweredge_r350emc_storage_nx3340poweredge_xe8640_firmwarepoweredge_r750xa_firmwarepoweredge_r840poweredge_r960_firmwarepoweredge_r760xspoweredge_c6520poweredge_m630_\(pe_vrtx\)_firmwarepoweredge_t340poweredge_xr5610poweredge_r450poweredge_hs5610poweredge_t350_firmwarexc630_hyperconverged_appliance_firmwarepoweredge_r860_firmwarepoweredge_r6625nx3230_firmwarepoweredge_r7425_firmwarePowerEdge Platform
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-25958
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 10.10%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 15:18
Updated-28 Jan, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of application data and service disruption.

Action-Not Available
Vendor-Dell Inc.
Product-grabGrab for Windowsgrab_for_windows
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-25960
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.04% / 11.88%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 18:13
Updated-09 Jan, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSpowerscale_onefs
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-28066
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.53%
||
7 Day CHG~0.00%
Published-01 Jun, 2023 | 15:40
Updated-08 Jan, 2025 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-os_recovery_toolDell OS Recovery Tool
CWE ID-CWE-284
Improper Access Control
CVE-2023-28047
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.09% / 25.02%
||
7 Day CHG-0.01%
Published-20 Apr, 2023 | 06:59
Updated-05 Feb, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges.

Action-Not Available
Vendor-Dell Inc.
Product-display_managerDell Display Manager
CWE ID-CWE-272
Least Privilege Violation
CVE-2023-28051
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.63%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 07:20
Updated-10 Feb, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)
CWE ID-CWE-284
Improper Access Control
CVE-2023-28079
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.05% / 14.99%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 15:20
Updated-10 Jan, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Dell Inc.
Product-powerpathPowerPath Windows
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-28070
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 28.63%
||
7 Day CHG+0.04%
Published-03 May, 2023 | 08:05
Updated-30 Jan, 2025 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-284
Improper Access Control
CVE-2023-28068
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.53%
||
7 Day CHG~0.00%
Published-05 May, 2023 | 06:41
Updated-29 Jan, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_monitorDell Command Monitor (DCM)
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-28073
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.01% / 1.39%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 10:42
Updated-04 Dec, 2024 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5530precision_3570_firmwarelatitude_5530_firmwareprecision_3570CPG BIOS
CWE ID-CWE-287
Improper Authentication
CVE-2023-25542
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.10% / 27.18%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 06:17
Updated-10 Feb, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-trusted_device_agent Dell Trusted Device Client
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-25940
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.12% / 30.86%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 10:14
Updated-11 Feb, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-25543
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.63%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 06:31
Updated-02 Aug, 2024 | 11:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2023-25537
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.04% / 12.67%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 10:48
Updated-21 Jan, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.

Action-Not Available
Vendor-Dell Inc.
Product-emc_xc_core_6420_firmwareemc_xc_core_xcxr2poweredge_r440_firmwarepoweredge_m640poweredge_mx740c_firmwarepoweredge_xe7420poweredge_r640_firmwarepoweredge_t440emc_xc_core_xc740xd2_firmwarepoweredge_r940xa_firmwareemc_xc_core_xc940emc_storage_nx3240poweredge_mx840cdss_8440poweredge_t640poweredge_mx740cpoweredge_xe7440_firmwareemc_xc_core_xc740xd_firmwareemc_xc_core_xc940_firmwareemc_storage_nx3340_firmwaredss_8440_firmwareemc_xc_core_xc640_firmwarepoweredge_r840_firmwarepoweredge_c4140_firmwarepoweredge_r940poweredge_r540emc_storage_nx3240_firmwarepoweredge_m640_firmwarepoweredge_mx840c_firmwarepoweredge_r540_firmwarepoweredge_r740xdpoweredge_r740_firmwarepoweredge_r440poweredge_r740xd2_firmwareemc_xc_core_xc740xdpoweredge_xr2_firmwarepoweredge_xe2420poweredge_r940xapoweredge_xe7440poweredge_c6420poweredge_fc640_firmwareemc_xc_core_xc640emc_storage_nx3340emc_xc_core_6420poweredge_r640poweredge_t640_firmwarepoweredge_c6420_firmwarepoweredge_r740xd2poweredge_r840poweredge_xe7420_firmwarepoweredge_fc640poweredge_xe2420_firmwarepoweredge_c4140poweredge_r940_firmwarepoweredge_t440_firmwareemc_xc_core_xcxr2_firmwarepoweredge_r740xd_firmwareemc_xc_core_xc740xd2poweredge_r740poweredge_xr2PowerEdge Platform
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25941
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.48%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 10:22
Updated-11 Feb, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-43887
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.01% / 1.73%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 15:59
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Data Manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-43914
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.01% / 3.29%
||
7 Day CHG~0.00%
Published-07 Oct, 2025 | 17:43
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain BoostFS for Linux Ubuntu Feature ReleasePowerProtect Data Domain BoostFS for Linux Ubuntu LTS2025PowerProtect Data Domain BoostFS for Linux Ubuntu LTS2024PowerProtect Data Domain BoostFS for Linux Ubuntu LTS2023
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2023-24575
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.41%
||
7 Day CHG~0.00%
Published-21 Feb, 2023 | 04:03
Updated-12 Mar, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system

Action-Not Available
Vendor-Dell Inc.
Product-multifunction_printer_e525w_driver_and_software_suiteDell Multifunction Printer E525w Driver and Software Suite
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-24569
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.41%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 12:57
Updated-24 Mar, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-20
Improper Input Validation
CVE-2023-23696
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-07 Feb, 2023 | 09:49
Updated-25 Mar, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system.

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_intel_vpro_out_of_bandDell Command Intel vPro Out of Band (DCIV)
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2015-0949
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.08% / 22.65%
||
7 Day CHG~0.00%
Published-30 Jan, 2020 | 20:45
Updated-06 Aug, 2024 | 04:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.

Action-Not Available
Vendor-HPDell Inc.HP Inc.
Product-latitude_e6430elitebook_850_g1latitude_e6430_firmwareelitebook_850_g1_firmwareLatitude E6430EliteBook 850 G1
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-22449
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.03% / 8.95%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 09:48
Updated-17 Jun, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefs PowerScale OneFS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-22452
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.08% / 22.93%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 13:08
Updated-31 Jan, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitrary code, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-display_and_peripheral_managerDell Display and Peripheral Manager display_manager
CWE ID-CWE-264
Not Available
CVE-2026-28261
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.48%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 12:43
Updated-13 Apr, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to secret exposure. The attacker may be able to use the exposed secret to access the vulnerable system with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-elastic_cloud_storageobjectscaleObjectScaleElastic Cloud Storage
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-27102
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.01% / 2.01%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 12:11
Updated-13 Apr, 2026 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2026-26949
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.86%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 17:04
Updated-05 Mar, 2026 | 22:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-device_management_agentDevice Management Agent (DDMA)
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-25906
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.01% / 0.23%
||
7 Day CHG-0.00%
Published-03 Mar, 2026 | 20:55
Updated-05 Mar, 2026 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-optimizerOptimizer
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-22572
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.41%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 12:54
Updated-26 Mar, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-24510
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.65%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 18:59
Updated-16 Mar, 2026 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-24502
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.01% / 0.38%
||
7 Day CHG-0.00%
Published-03 Mar, 2026 | 20:43
Updated-05 Mar, 2026 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_intel_vpro_out_of_bandDell Command | Intel vPro Out of Band
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-22576
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.05% / 16.52%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 09:44
Updated-23 Aug, 2024 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerDell Repository Manager (DRM)repository_manager
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-23862
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.62%
||
7 Day CHG~0.00%
Published-16 Mar, 2026 | 17:28
Updated-17 Mar, 2026 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-ThinOS 10
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-23856
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.65%
||
7 Day CHG~0.00%
Published-12 Feb, 2026 | 01:46
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-iDRAC Service Module for LinuxiDRAC Service Module
CWE ID-CWE-284
Improper Access Control
CVE-2026-21425
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.65%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 12:15
Updated-05 Mar, 2026 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2026-21420
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.58%
||
7 Day CHG~0.00%
Published-23 Feb, 2026 | 14:01
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerRepository Manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-0156
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.07% / 20.64%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 12:54
Updated-08 Jan, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Buffer Overflow Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryDell Digital Delivery (D3)dell_digital_delivery
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-46691
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.65%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 19:31
Updated-09 Mar, 2026 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-premiercolorPremierColor
CWE ID-CWE-284
Improper Access Control
CVE-2025-46685
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.01% / 2.85%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 16:36
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_os_recoverySupportAssist OS Recovery
CWE ID-CWE-378
Creation of Temporary File With Insecure Permissions
CVE-2025-43729
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.77%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 14:02
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthorized Access.

Action-Not Available
Vendor-Dell Inc.
Product-pro_max_16_pluspro_16_plus_pb16250latitude_5440pro_max_14latitude_3420latitude_5540wyse_5070_thin_clientlatitude_3440precision_3280latitude_3450optiplex_all-in-one_7410pro_14_pc14250optiplex_3000_tcoptiplex_5400_all-in-onewyse_5470_all-in-one_thin_clientoptiplex_all-in-one_7420thinospro_rugged_13_ra13250optiplex_micro_plus_7010pro_24_all-in-onewyse_5070_extended_thin_clientpro_tower_qct1250pro_rugged_14_rb14250pro_slim_low_sffoptiplex_7020pro_16_pc16250latitude_5450latitude_5530latitude_5550wyse_5470_mtclatitude_3330precision_3260_compactlatitude_5520ThinOS 10
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-43882
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.77%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 13:51
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Unauthorized Access.

Action-Not Available
Vendor-Dell Inc.
Product-pro_max_16_pluspro_16_plus_pb16250latitude_5440pro_max_14latitude_3420latitude_5540wyse_5070_thin_clientlatitude_3440precision_3280latitude_3450optiplex_all-in-one_7410pro_14_pc14250optiplex_3000_tcoptiplex_5400_all-in-onewyse_5470_all-in-one_thin_clientoptiplex_all-in-one_7420thinospro_rugged_13_ra13250optiplex_micro_plus_7010pro_24_all-in-onewyse_5070_extended_thin_clientpro_tower_qct1250pro_rugged_14_rb14250pro_slim_low_sffoptiplex_7020pro_16_pc16250latitude_5450latitude_5530latitude_5550wyse_5470_mtclatitude_3330precision_3260_compactlatitude_5520ThinOS 10
CWE ID-CWE-283
Unverified Ownership
CVE-2025-43730
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.07% / 21.77%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 13:57
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-pro_max_16_pluspro_16_plus_pb16250latitude_5440pro_max_14latitude_3420latitude_5540wyse_5070_thin_clientlatitude_3440precision_3280latitude_3450optiplex_all-in-one_7410pro_14_pc14250optiplex_3000_tcoptiplex_5400_all-in-onewyse_5470_all-in-one_thin_clientoptiplex_all-in-one_7420thinospro_rugged_13_ra13250optiplex_micro_plus_7010pro_24_all-in-onewyse_5070_extended_thin_clientpro_tower_qct1250pro_rugged_14_rb14250pro_slim_low_sffoptiplex_7020pro_16_pc16250latitude_5450latitude_5530latitude_5550wyse_5470_mtclatitude_3330precision_3260_compactlatitude_5520ThinOS 10
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2025-45376
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.01% / 1.72%
||
7 Day CHG~0.00%
Published-29 Sep, 2025 | 20:13
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerDell Repository Manager (DRM)
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 11
  • 12
  • Next
Details not found