ByteOS Network

Type	CWE ID	Description
CWE	CWE-22	CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Version	Base score	Base severity	Vector
3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Hyperlink	Resource
https://www.dell.com/support/kbdoc/en-us/000225779/dsa-2024-263	vendor-advisory

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE ID	Type	Source
CWE-22	Primary	nvd@nist.gov
CWE-22	Secondary	security_alert@emc.com

Hyperlink	Source	Resource
https://www.dell.com/support/kbdoc/en-us/000225779/dsa-2024-263	security_alert@emc.com	Vendor Advisory

CVE-2024-47978

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.09% / 25.73%

||

7 Day CHG~0.00%

Published-25 Dec, 2024 | 14:57

Updated-29 Jan, 2025 | 20:40

Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Vendor-Dell Inc.

Product-nativeedge_orchestrator NativeEdge

CWE ID-CWE-250

Execution with Unnecessary Privileges

CVE-2022-34457

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.05% / 14.60%

||

7 Day CHG~0.00%

Published-18 Jan, 2023 | 11:38

Updated-03 Apr, 2025 | 18:05

Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.

Vendor-Dell Inc.

Product-command\|configure Dell Command Configure (DCC)

CWE ID-CWE-284

Improper Access Control

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CVE-2022-33923

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.25% / 48.99%

||

7 Day CHG~0.00%

Published-20 Jul, 2022 | 20:55

Updated-16 Sep, 2024 | 17:57

Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker.

Vendor-Dell Inc.

Product-emc_powerstore_3200t emc_powerstore_500t emc_powerstore_9200t emc_powerstore_5200t_firmware emc_powerstore_1200t_firmware emc_powerstore_9200t_firmware emc_powerstore_500t_firmware emc_powerstore_3200t_firmware emc_powerstore_1200t emc_powerstore_5200t PowerStore

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-34391

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.05% / 15.88%

||

7 Day CHG~0.00%

Published-12 Oct, 2022 | 19:25

Updated-16 May, 2025 | 13:44

Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

Product-alienware_area-51_r4_firmware alienware_area-51_r5_firmware alienware_area-51_r5 alienware_area-51_r4 CPG BIOS

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2022-34382

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.05% / 16.22%

||

7 Day CHG~0.00%

Published-02 Sep, 2022 | 17:30

Updated-16 Sep, 2024 | 23:56

Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges.

Vendor-Dell Inc.

Product-alienware_update command_update update Dell Command Update (DCU)

CVE-2022-32488

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.05% / 15.88%

||

7 Day CHG~0.00%

Published-12 Oct, 2022 | 19:25

Updated-15 May, 2025 | 15:38

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-32489

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.05% / 15.88%

||

7 Day CHG~0.00%

Published-12 Oct, 2022 | 19:25

Updated-15 May, 2025 | 15:38

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-32485

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.05% / 15.88%

||

7 Day CHG~0.00%

Published-12 Oct, 2022 | 19:25

Updated-16 May, 2025 | 13:45

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-31226

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.1||HIGH

EPSS-0.06% / 19.06%

||

7 Day CHG~0.00%

Published-12 Sep, 2022 | 18:35

Updated-16 Sep, 2024 | 23:05

Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.

Vendor-Dell Inc.

Product-precision_3660_tower inspiron_16_plus_7620_firmware inspiron_7420 xps_17_9720_firmware inspiron_5620 optiplex_7400 vostro_3910 optiplex_7000 vostro_7620_firmware inspiron_7420_firmware optiplex_5000_firmware precision_3660_tower_firmware optiplex_7000_oem optiplex_5000 inspiron_7620_firmware chengming_3900 optiplex_3000 inspiron_5420 chengming_3900_firmware xps_17_9720 vostro_3910_firmware precision_5770 inspiron_16_plus_7620 inspiron_14_plus_7420 vostro_3710_firmware vostro_5320 vostro_5620_firmware vostro_7620 optiplex_3000_thin_client inspiron_5620_firmware optiplex_5400 inspiron_5320_firmware vostro_5620 precision_5770_firmware inspiron_14_plus_7420_firmware optiplex_5400_firmware optiplex_3000_thin_client_firmware optiplex_3000_firmware optiplex_7000_firmware inspiron_5320 inspiron_3910 vostro_3710 vostro_5320_firmware optiplex_7400_firmware inspiron_3910_firmware inspiron_5420_firmware precision_3460_small_form_factor_firmware optiplex_7000_oem_firmware precision_3460_small_form_factor inspiron_7620 CPG BIOS

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-39256

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.03% / 9.52%

||

7 Day CHG~0.00%

Published-02 Dec, 2023 | 04:18

Updated-02 Aug, 2024 | 18:02

Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product installation and upgrade, leading to privilege escalation on the system.

Vendor-Dell Inc.

Product-rugged_control_center Rugged Control Center (RCC)

CWE ID-CWE-284

Improper Access Control

CVE-2022-26860

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.05% / 16.85%

||

7 Day CHG~0.00%

Published-06 Sep, 2022 | 20:15

Updated-27 May, 2026 | 13:02

Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in SMM.

Vendor-Dell Inc.

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2022-26863

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.3||MEDIUM

EPSS-0.04% / 11.34%

||

7 Day CHG~0.00%

Published-23 Jun, 2022 | 17:55

Updated-16 Sep, 2024 | 20:48

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-26862

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.3||MEDIUM

EPSS-0.04% / 11.34%

||

7 Day CHG~0.00%

Published-23 Jun, 2022 | 17:55

Updated-16 Sep, 2024 | 17:49

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-26858

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.1||MEDIUM

EPSS-0.04% / 12.96%

||

7 Day CHG~0.00%

Published-06 Sep, 2022 | 20:15

Updated-27 May, 2026 | 12:57

Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls.

Vendor-Dell Inc.

CWE ID-CWE-287

Improper Authentication

CVE-2022-24426

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.28%

||

7 Day CHG~0.00%

Published-01 Apr, 2022 | 20:00

Updated-16 Sep, 2024 | 20:31

Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

Vendor-Dell Inc.

Product-alienware_update command_update update Dell Command Update (DCU)

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2023-39254

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.04% / 13.98%

||

7 Day CHG~0.00%

Published-01 Mar, 2024 | 12:43

Updated-31 Jan, 2025 | 15:51

Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin.

Vendor-Dell Inc.

Product-update_package_framework DUP Framework update_package_framework

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2022-24411

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.05% / 16.52%

||

7 Day CHG~0.00%

Published-12 Apr, 2022 | 17:50

Updated-17 Sep, 2024 | 01:16

Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-378

Creation of Temporary File With Insecure Permissions

CWE ID-CWE-668

Exposure of Resource to Wrong Sphere

CVE-2022-24420

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.04% / 12.95%

||

7 Day CHG~0.00%

Published-11 Mar, 2022 | 21:45

Updated-17 Sep, 2024 | 00:30

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Vendor-Dell Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2022-24421

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.04% / 12.95%

||

7 Day CHG~0.00%

Published-11 Mar, 2022 | 21:45

Updated-17 Sep, 2024 | 03:37

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Vendor-Dell Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2022-24416

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.11% / 29.12%

||

7 Day CHG~0.00%

Published-11 Mar, 2022 | 21:45

Updated-16 Sep, 2024 | 17:22

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Vendor-Dell Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2023-39257

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.03% / 9.52%

||

7 Day CHG~0.00%

Published-02 Dec, 2023 | 04:22

Updated-02 Aug, 2024 | 18:02

Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product installation repair is performed, leading to privilege escalation on the system.

Vendor-Dell Inc.

Product-rugged_control_center Rugged Control Center (RCC)

CWE ID-CWE-284

Improper Access Control

CVE-2024-38301

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.19% / 40.47%

||

7 Day CHG~0.00%

Published-10 Jul, 2024 | 02:12

Updated-02 Aug, 2024 | 04:04

Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure.

Vendor-Dell Inc.

Product-Alienware Command Center (AWCC)alienware_command_center

CWE ID-CWE-1107

Insufficient Isolation of Symbolic Constant Definitions

CVE-2024-37130

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.10% / 27.55%

||

7 Day CHG~0.00%

Published-11 Jun, 2024 | 01:34

Updated-09 Jan, 2025 | 21:20

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the machine. Exploitation may lead to a complete system compromise.

Vendor-Dell Inc.

Product-openmanage_server_administrator Dell OpenManage Server Administrator openmanage_server_administrator

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2024-37142

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.10% / 27.83%

||

7 Day CHG~0.00%

Published-31 Jul, 2024 | 08:19

Updated-08 Aug, 2024 | 21:17

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege

Vendor-Dell Inc.

Product-peripheral_manager Dell Peripheral Manager peripheral_manager

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2024-37127

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.10% / 27.83%

||

7 Day CHG~0.00%

Published-31 Jul, 2024 | 08:25

Updated-27 Aug, 2024 | 15:23

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege

Vendor-Dell Inc.

Product-peripheral_manager Dell Peripheral Manager peripheral_manager

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2022-22557

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 12.29%

||

7 Day CHG~0.00%

Published-02 Jun, 2022 | 21:00

Updated-16 Sep, 2024 | 19:46

PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Vendor-Dell Inc.

Product-powerstore_x powerstore_t powerstoreos PowerStore

CWE ID-CWE-256

Plaintext Storage of a Password

CWE ID-CWE-522

Insufficiently Protected Credentials

CVE-2023-39259

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.04% / 14.40%

||

7 Day CHG~0.00%

Published-16 Nov, 2023 | 09:02

Updated-12 Aug, 2024 | 14:12

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.

Vendor-Dell Inc.

Product-os_recovery_tool Dell OS Recovery Tool

CWE ID-CWE-284

Improper Access Control

CVE-2024-32857

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.10% / 27.83%

||

7 Day CHG~0.00%

Published-31 Jul, 2024 | 08:37

Updated-08 Aug, 2024 | 21:10

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege

Vendor-Dell Inc.

Product-peripheral_manager Dell Peripheral Manager peripheral_manager

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2024-33225

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-7.8||HIGH

EPSS-0.17% / 38.68%

||

7 Day CHG~0.00%

Published-22 May, 2024 | 15:15

Updated-15 Apr, 2026 | 00:35

An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtek(r) High Definition Audio Function Driver v6.0.9549.1 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

Vendor-n/a Dell Inc.

Product-n/a realtek_high_definition_audio_driver

CWE ID-CWE-94

Improper Control of Generation of Code ('Code Injection')

CVE-2024-32853

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-4.4||MEDIUM

EPSS-0.09% / 25.40%

||

7 Day CHG~0.00%

Published-02 Jul, 2024 | 07:03

Updated-02 Aug, 2024 | 02:20

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS powerscale_onefs

CWE ID-CWE-250

Execution with Unnecessary Privileges

CVE-2021-36311

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.04% / 11.49%

||

7 Day CHG~0.00%

Published-23 Nov, 2021 | 20:00

Updated-16 Sep, 2024 | 22:09

Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it.

Vendor-Dell Inc.

Product-emc_networker NetWorker

CWE ID-CWE-285

Improper Authorization

CVE-2024-49563

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.25% / 48.60%

||

7 Day CHG~0.00%

Published-28 Mar, 2025 | 01:35

Updated-26 Feb, 2026 | 19:09

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges.

Vendor-Dell Inc.

Product-unity_operating_environment Unity

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2025-43729

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.03% / 7.83%

||

7 Day CHG~0.00%

Published-27 Aug, 2025 | 14:02

Updated-26 Feb, 2026 | 17:47

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthorized Access.

Vendor-Dell Inc.

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CVE-2025-43730

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.4||HIGH

EPSS-0.10% / 27.39%

||

7 Day CHG~0.00%

Published-27 Aug, 2025 | 13:57

Updated-26 Feb, 2026 | 17:48

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure.

Vendor-Dell Inc.

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2019-3735

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7||HIGH

EPSS-0.03% / 10.46%

||

7 Day CHG~0.00%

Published-20 Jun, 2019 | 21:43

Updated-17 Sep, 2024 | 00:12

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.

Vendor-Dell Inc.

Product-supportassist_for_business_pcs supportassist_for_home_pcs Dell SupportAssist for Home PCs Dell SupportAssist for Business PCs

CWE ID-CWE-269

Improper Privilege Management

CVE-2024-28961

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.3||MEDIUM

EPSS-0.07% / 22.75%

||

7 Day CHG~0.00%

Published-29 Apr, 2024 | 08:25

Updated-03 Feb, 2025 | 20:52

Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This could lead to further attacks, thus Dell recommends customers to upgrade at the earliest opportunity.

Vendor-Dell Inc.

Product-openmanage_enterprise Dell OpenManage Enterprise openmanage_enterprise

CWE ID-CWE-256

Plaintext Storage of a Password

CWE ID-CWE-522

Insufficiently Protected Credentials

CVE-2021-21567

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.55%

||

7 Day CHG~0.00%

Published-10 Aug, 2021 | 19:05

Updated-16 Sep, 2024 | 22:56

Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CWE ID-CWE-269

Improper Privilege Management

CVE-2024-25960

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.04% / 12.49%

||

7 Day CHG~0.00%

Published-28 Mar, 2024 | 18:13

Updated-09 Jan, 2025 | 16:24

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS powerscale_onefs

CWE ID-CWE-319

Cleartext Transmission of Sensitive Information

CVE-2021-21535

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.4||HIGH

EPSS-0.03% / 10.56%

||

7 Day CHG~0.00%

Published-30 Apr, 2021 | 17:40

Updated-16 Sep, 2024 | 23:35

Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system.

Vendor-Dell Inc.

Product-hybrid_client Dell Hybrid Client (DHC)

CWE ID-CWE-306

Missing Authentication for Critical Function

CVE-2026-40636

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-9.8||CRITICAL

EPSS-0.08% / 23.71%

||

7 Day CHG+0.03%

Published-11 May, 2026 | 08:57

Updated-12 May, 2026 | 17:19

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker.

Vendor-Dell Inc.

Product-objectscale elastic_cloud_storage ECS ObjectScale

CWE ID-CWE-798

Use of Hard-coded Credentials

CVE-2021-21601

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-0.04% / 11.86%

||

7 Day CHG~0.00%

Published-10 Aug, 2021 | 19:05

Updated-17 Sep, 2024 | 03:02

Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.

Vendor-Dell Inc.

Product-emc_integrated_data_protection_appliance emc_data_protection_search Data Protection Search

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2026-40715

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.01% / 2.33%

||

7 Day CHG~0.00%

Published-02 Jun, 2026 | 16:14

Updated-04 Jun, 2026 | 17:29

Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation.

Vendor-Dell Inc.

Product-thinos ThinOS 10

CWE ID-CWE-284

Improper Access Control

CVE-2021-21546

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 13.42%

||

7 Day CHG~0.00%

Published-29 Jul, 2021 | 15:55

Updated-16 Sep, 2024 | 23:56

Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files.

Vendor-Dell Inc.

Product-emc_networker NetWorker

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2024-25958

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 10.75%

||

7 Day CHG~0.00%

Published-26 Mar, 2024 | 15:18

Updated-28 Jan, 2025 | 18:55

Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of application data and service disruption.

Vendor-Dell Inc.

Product-grab Grab for Windows grab_for_windows

CWE ID-CWE-276

Incorrect Default Permissions

CVE-2021-21551

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-74.52% / 98.87%

||

7 Day CHG~0.00%

Published-04 May, 2021 | 15:15

Updated-28 Oct, 2025 | 14:05

Known KEV||Action Due Date - 2022-04-21||Apply updates per vendor instructions.

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Vendor-Dell Inc.

Product-xps_13_9370 latitude_7210_2_in_1 wyse_5470 inspiron_7391_2-in-1 precision_7540 latitude_5280_mobile_thin_client optiplex_7460_all-in-one vostro_5300 inspiron_3493 inspiron_7386 latitude_5310 latitude_3301 precision_3541 vostro_14_5468 xps_9530 precision_3530 inspiron_5348 optiplex_5260_all-in-one inspiron_3847 inspiron_7786 vostro_3480 inspiron_3647 inspiron_5770 inspiron_5480 latitude_e7270_mobile_thin_client wyse_5070 vostro_3501 inspiron_14-5459 inspiron_5300 optiplex_7450_all-in-one latitude_12_rugged_tablet_7212 vostro_5880 inspiron_3442 optiplex_3080 precision_t1700 latitude_rugged_5424 vostro_5391 latitude_e6430_atg latitude_3300 optiplex_3090_ultra latitude_5401 latitude_7400_2in1 vostro_3580 chengming_3991 latitude_5420 inspiron_14-3452 latitude_5500 precision_t3610 latitude_5410 inspiron_one_2020 vostro_1450 latitude_5300 inspiron_3168 vostro_14_5471 inspiron_660 vostro_3591 latitude_5280 optiplex_390 precision_7530 inspiron_17_5767 optiplex_5050 inspiron_3580 inspiron_7586 latitude_5590 latitude_3550 latitude_3390 optiplex_5040 precision_3930_rack g7_7500 cheng_ming_3967 inspiron_7490 latitude_7285 latitude_e7270 latitude_e7450 optiplex_5480_aio precision_5820_tower inspiron_17-5759 precision_7740 latitude_e6440 inspiron_1545 latitude_7389 vostro_3900 inspiron_3671 latitude_3560 inspiron_5402 latitude_e7440 alienware_m17xr4 vostro_3491 vostro_5502 latitude_3490 inspiron_5494 vostro_3668 latitude_5288 inspiron_5323 inspiron_3881 inspiron_3490 optiplex_3050_aio inspiron_15z precision_m6600 canvas_27 vostro_7500 latitude_e6330 chengming_3988 g7_7590 inspiron_5521 latitude_14_rugged_5414 optiplex_5250_all-in-one optiplex_7480_aio vostro_5490 vostro_5090 latitude_3480 inspiron_5485_2-in-1 vostro_20_3055 inspiron_7737 latitude_7420 vostro_3471 precision_7920_tower inspiron_5408 latitude_3570 xps_8940 inspiron_3581 precision_5540 latitude_e5570 vostro_3660 xps_15_9500 latitude_12_rugged_extreme_7214 vostro_5491 latitude_5520 vostro_3890 precision_m4700 xps_13_9300 inspiron_3043 xps_9550 vostro_5410 g5_5500 inspiron_15_5566 inspiron_14_7460 inspiron_7300 gaming_g3_3590 latitude_3120 inspiron_5400_2-in-1 precision_t7500 alienware_asm100 precision_7710 vostro_3401 inspiron_7520 alienware_17_51m_r2 inspiron_3481 vostro_3681 precision_3620_tower inspiron_1210 thunderbolt_dock_tb18dc latitude_xt3 latitude_5550 precision_7550 alienware_m14xr2 inspiron_2330 latitude_14_rugged_extreme_7404 thunderbolt_dock_tb16 latitude_5289 inspiron_5576 xps_15_9575_2-in-1 vostro_5480 inspiron_3157 inspiron_3471 g5_5000 inspiron_5590 latitude_3189 inspiron_11-3162 alienware_m15_r4 inspiron_3268 inspiron_15_5567 inspiron_5443 latitude_14_rugged_extreme_7414 xps_13_9310 xps_13_9365_2-in-1 g5_5090 latitude_e5540 optiplex_5060 inspiron_3880 optiplex_xe2 inspiron_7501 latitude_5290 latitude_3400 precision_3430_xl inspiron_7591_2-in-1 precision_m4600 xps_one_2710 inspiron_5520 inspiron_3593 optiplex_3070 latitude_e5440 vostro_3500 optiplex_3240_all-in-one latitude_5175 vostro_3470 vostro_5481 inspiron_3543 latitude_e6320 xps_13_9343 inspiron_7472 precision_17_m5750 inspiron_14_gaming_7466 latitude_3190_2-in-1 latitude_e7250 vostro_3888 inspiron_15_7572 inspiron_7500_2-in-1_black vostro_230 inspiron_7359 inspiron_3668 precision_t5610 vostro_5501 latitude_e5430 precision_3550 wyse_7040_thin_client latitude_7290 optiplex_7071 vostro_3400 chengming_3977 inspiron_5570 optiplex_9010 vostro_3901 inspiron_3790 inspiron_7368 vostro_5581 inspiron_13_5370 latitude_3480_mobile_thin_client latitude_7390 inspiron_7537 optiplex_9030_aio inspiron_5491_2-in-1 inspiron_7300_2-in-1 vostro_3252 vostro_5390 latitude_rugged_extreme_7424 g15_5510 inspiron_1564 optiplex_5055_a-serial precision_3431_tower precision_t7810 vostro_3010 vostro_3267 latitude_e5420 inspiron_5676 inspiron_7558 latitude_rugged_extreme_tablet_7220 latitude_3190 xps_17_9700 inspiron_5584 optiplex_7760_aio latitude_e6540 inspiron_7500 optiplex_3046 xps_7590 dock_wd19 precision_3520 optiplex_7040 precision_5510 inspiron_7706_2-in-1 latitude_5300_2-in-1 precision_3440 vostro_3583 inspiron_5598 precision_t5600 optiplex_xe3 inspiron_7791 optiplex_fx130 precision_t5500 xps_13_9360 inspiron_5548 latitude_5285 inspiron_5749 vostro_13_5370 precision_t3600 latitude_5511 vostro_15_3561 g3_3500 precision_3630_tower vostro_5401 alienware_14 latitude_5285_2-in-1 latitude_5480 precision_3640 vostro_2521 inspiron_660s latitude_7310 inspiron_5498 latitude_5400 inspiron_7580 g5_5587 inspiron_one_19 precision_5530 latitude_7490 optiplex_7770_aio inspiron_5481_2-in-1 inspiron_5482 latitude_3410 optiplex_9020 xps_9350 vostro_3800 inspiron_5591_2-in-1 latitude_e5270 g3_3579 latitude_e6230 inspiron_3781 inspiron_20-3052 precision_7820_tower vostro_15_7570 vostro_20_3052 inspiron_5583 optiplex_7050 precision_t7610 latitude_3460_wyse_tc latitude_5250 inspiron_7548 vostro_3581 latitude_9510 latitude_rugged_5420 optiplex_7090_ultra latitude_3590 inspiron_3252 precision_r5500 inspiron_7591 precision_3420_tower g7_7790 embedded_box_pc_5000 vostro_5591 vostro_5590 optiplex_5055_ryzen_cpu inspiron_15_gaming_7577 inspiron_7790 vostro_3481 inspiron_24-3452 precision_7720 inspiron_24-3455 inspiron_3646 inspiron_3670 inspiron_15_gaming_7567 optiplex_7070_ultra precision_7510 inspiron_3780 xps_15_9570 vostro_3690 inspiron_14_5468 optiplex_5055_ryzen_apu latitude_e7470 latitude_3150 alienware_m18xr2 precision_3240_cff inspiron_3584 optiplex_7080 vostro_270 precision_t5810 xps_15_9560 optiplex_5055 vostro_3584 inspiron_1122 inspiron_7306_2-in-1 dock_wd15 inspiron_7391 optiplex_7020 inspiron_5490_aio vostro_3905 inspiron_5409 inspiron_15-5559 optiplex_5080 inspiron_5401 precision_5520 precision_m6700 inspiron_3520 latitude_5490 precision_3510 precision_5530_2-in-1 xps_8900 xps_13_9310_2-in-1 precision_t7910 latitude_3500 vostro_3490 precision_7520 optiplex_3020 precision_3560 inspiron_5423 optiplex_3030_aio vostro_1550 vostro_3671 xps_12_9250 inspiron_7590_2-in-1 inspiron_7746 latitude_12_7285 inspiron_5448 vostro_15_5568 latitude_e5470 optiplex_790 precision_3540 latitude_7275 optiplex_7010 latitude_3580 precision_t3500 inspiron_15_gaming_7566 optiplex_990 precision_3430_tower chengming_3980 latitude_rugged_7424 vostro_220s latitude_3470 vostro_5301 latitude_5310_2-in-1 vostro_3070 inspiron_5501 latitude_5200 xps_13_7390_2-in-1 xps_27_7760 latitude_3310_2-in-1 inspiron_5491_aio latitude_7480 inspiron_5400_aio inspiron_5493 inspiron_7437 optiplex_fx170 alienware_asm100r2 latitude_7410 xps_13_9380 inspiron_15-3552 inspiron_3443 inspiron_5509 latitude_5320 precision_5820_xl_tower optiplex_3040 inspiron_3470 latitude_7520 inspiron_5406_2-in-1 optiplex latitude_3380 g7_7700 inspiron_3793 inspiron_5301 inspiron_3891 vostro_3902 inspiron_15-5565 vostro_3900g inspiron_3437 inspiron_5490 inspiron_3583 latitude_9410 latitude_3340 optiplex_7070 inspiron_3542 inspiron_620 inspiron_5391 latitude_e6220 chengming_3990 vostro_15_7580 latitude_3350 precision_5550 inspiron_3421 vostro_3560 inspiron_7380 latitude_5290_2-in-1 latitude_7400 precision_7730 vostro_5890 g3_3779 latitude_7350 inspiron_3048 inspiron_3655 inspiron_3501 inspiron_5537 latitude_3180 latitude_7200_2-in-1 vostro_3669 vostro_3670 vostro_3881 inspiron_3480 latitude_e5530 wyse_5470_all-in-one inspiron_5577 precision_7820_xl_tower inspiron_580s optiplex_7060 latitude_3450 alienware_area_51 latitude_5495 latitude_5488 inspiron_15_7560 inspiron_3521 optiplex_7440_aio inspiron_5390 inspiron_3537 inspiron_5594 vostro_14-5459 inspiron_7506_2-in-1 latitude_3160 inspiron_3656 optiplex_3050 latitude_5501 inspiron_5508 latitude_5580 vostro_260 xps_13_9305 inspiron_7590 xps_13_7390 optiplex_3280_aio inspiron_24-5475 latitude_7370 precision_7920_xl_tower optiplex_5070 optiplex_5270_aio latitude_5450 latitude_5179 optiplex_3011_aio latitude_5510 inspiron_7559 latitude_7390_2-in-1 optiplex_3010 precision_7750 vostro_7590 precision_5720_aio vostro_14_3458 inspiron_14_gaming_7467 latitude_7280 latitude_e6530 vostro_3667 optiplex_3060 inspiron_7720 latitude_3510 vostro_270s inspiron_3147 g5_5590 latitude_3460 inspiron_3590 g7_7588 latitude_3310 latitude_rugged_extreme_tablet_7220ex latitude_7380 vostro_14-3446 vostro_3590 inspiron_5737 inspiron_5580 inspiron_5593 latitude_5411 precision_3930_xl_rack latitude_3330 latitude_e7240 latitude_3440 optiplex_780 inspiron_5543 chengming_3967 inspiron_7700 optiplex_7780_aio vostro_3268 inspiron_7500_2-in-1_silver inspiron_7390 latitude_5491 inspiron_15_5582_2-in-1 vostro_470 vostro_5402 inspiron_7400 latitude_7300 latitude_5591 precision_3551 xps_8700 latitude_7320 precision_t7600 latitude_e7270_wyse_tc dbutil inspiron_5502 latitude_e6430 dbutil dbutil Driver

CWE ID-CWE-782

Exposed IOCTL with Insufficient Access Control

CVE-2021-21531

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.1||HIGH

EPSS-0.14% / 34.79%

||

7 Day CHG~0.00%

Published-30 Apr, 2021 | 21:10

Updated-17 Sep, 2024 | 03:48

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.

Vendor-Dell Inc.

Product-unisphere_for_powermax_virtual_appliance unisphere_for_powermax solutions_enabler_virtual_appliance powermax_os solutions_enabler Unisphere for PowerMax

CWE ID-CWE-602

Client-Side Enforcement of Server-Side Security

CWE ID-CWE-669

Incorrect Resource Transfer Between Spheres

CVE-2021-21561

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.05% / 15.34%

||

7 Day CHG~0.00%

Published-23 Nov, 2021 | 20:00

Updated-16 Sep, 2024 | 19:20

Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2021-21518

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 11.40%

||

7 Day CHG~0.00%

Published-12 Mar, 2021 | 20:10

Updated-16 Sep, 2024 | 19:31

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

Vendor-Dell Inc.

Product-supportassist_for_business_pcs supportassist_for_home_pcs supportassist_client_promanage Dell SupportAssist Client

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2024-22449

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.6||MEDIUM

EPSS-0.03% / 9.65%

||

7 Day CHG~0.00%

Published-01 Feb, 2024 | 09:48

Updated-17 Jun, 2025 | 14:45

Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS

CWE ID-CWE-306

Missing Authentication for Critical Function

CVE-2024-22452

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.08% / 23.51%

||

7 Day CHG~0.00%

Published-04 Mar, 2024 | 13:08

Updated-31 Jan, 2025 | 15:58

Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitrary code, leading to privilege escalation.

Vendor-Dell Inc.

Product-display_and_peripheral_manager Dell Display and Peripheral Manager display_manager

CWE ID-CWE-264

Not Available

CVE-2024-37129

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Affected

Affected

Affected

Affected

Affected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs