ByteOS Network

Type	CWE ID	Description
CWE	CWE-269	CWE-269: Improper Privilege Management

Version	Base score	Base severity	Vector
3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Hyperlink	Resource
https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities	vendor-advisory

Hyperlink	Resource
https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities	vendor-advisory x_transferred

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-269	Secondary	security_alert@emc.com

Hyperlink	Source	Resource
https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities	security_alert@emc.com	Vendor Advisory

CVE-2024-39579

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 7.18%

||

7 Day CHG~0.00%

Published-31 Aug, 2024 | 07:40

Updated-03 Sep, 2024 | 20:57

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS powerscale_onefs

CWE ID-CWE-266

Incorrect Privilege Assignment

CVE-2024-39580

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 7.30%

||

7 Day CHG~0.00%

Published-10 Sep, 2024 | 08:54

Updated-16 Sep, 2024 | 15:40

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Vendor-Dell Inc.

Product-insightiq PowerScale InsightIQ powerscale_insightiq

CWE ID-CWE-284

Improper Access Control

CVE-2019-18577

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.10% / 28.94%

||

7 Day CHG~0.00%

Published-13 Mar, 2020 | 20:30

Updated-16 Sep, 2024 | 18:48

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access.

Vendor-Dell Inc.

Product-xtremio_management_server XtremIO

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CVE-2019-18576

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.12% / 31.48%

||

7 Day CHG~0.00%

Published-13 Mar, 2020 | 20:30

Updated-16 Sep, 2024 | 17:58

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user.

Vendor-Dell Inc.

Product-xtremio_management_server XtremIO

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2024-38483

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.8||MEDIUM

EPSS-0.03% / 5.14%

||

7 Day CHG~0.00%

Published-14 Aug, 2024 | 09:24

Updated-18 Sep, 2024 | 19:19

Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-38296

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 5.75%

||

7 Day CHG~0.00%

Published-22 Nov, 2024 | 02:58

Updated-04 Feb, 2025 | 16:05

Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

Vendor-Dell Inc.

Product-edge_gateway_5200 intel_management_engine_firmware_update_utility edge_gateway_3200 Edge Gateway 5200 edge_gateway_5200_firmware

CWE ID-CWE-1421

Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution

CVE-2024-37134

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.06% / 17.69%

||

7 Day CHG~0.00%

Published-02 Jul, 2024 | 07:24

Updated-02 Aug, 2024 | 03:50

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS powerscale_onefs

CWE ID-CWE-266

Incorrect Privilege Assignment

CVE-2022-34409

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 8.41%

||

7 Day CHG~0.00%

Published-16 Mar, 2023 | 11:26

Updated-26 Feb, 2025 | 18:57

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Vendor-Dell Inc.

Product-r750xa_firmware t430_firmware r6515_firmware t350_firmware fc430_firmware m630_firmware t550_firmware r430 nx3330 r750xa c6420 r6515 fc430 r530_firmware r930_firmware r450 r650_firmware r6415 t130_firmware c6520_firmware t440 xe7420 m630 r640_firmware r740 r550_firmware c4130_firmware r830 r940xa r7515_firmware t340_firmware r240_firmware r630_firmware nx3230 fc640_firmware m830p r250 fc630_firmware r940xa_firmware xe2420_firmware nx3340 t640_firmware r940_firmware xe7440 r230_firmware m830_firmware c4140_firmware c6320_firmware xr12_firmware m640p r750 fc630 r730xd_firmware r7415 r550 r6415_firmware r340 xe8545 r650 nx430_firmware fc640 r630 c4130 r740xd2_firmware r7425_firmware r240 c6420_firmware t330_firmware mx740c r7425 r330_firmware c6525 t140 r750xs_firmware r330 nx430 r640 nx440_firmware mx840c m630p nx3340_firmware r750xs t630 m640 c6320 r430_firmware r650xs r350 t150_firmware r750_firmware t150 r6525 mx840c_firmware r740_firmware r450_firmware nx3240_firmware c4140 t630_firmware t340 t130 t430 r440_firmware r530 dss8440_firmware mx740c_firmware r250_firmware r940 r340_firmware r7415_firmware r840 r730 nx3240 m830 m640p_firmware xe8545_firmware r440 r740xd2 r7525_firmware r6525_firmware r730xd r540 r230 mx750c_firmware r840_firmware r740xd_firmware r7525 xe2420 xr11_firmware dss8440 xr11 m630p_firmware fc830 r350_firmware t550 xr12 nx3330_firmware mx750c nx440 t640 r830_firmware r540_firmware m830p_firmware t350 fc830_firmware t140_firmware xe7440_firmware r730_firmware xr2 m640_firmware r740xd r7515 t330 c6525_firmware xe7420_firmware r650xs_firmware t440_firmware xr2_firmware r930 nx3230_firmware c6520 PowerEdge Platform

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2024-0158

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.04% / 13.13%

||

7 Day CHG~0.00%

Published-02 Jul, 2024 | 06:20

Updated-01 Aug, 2024 | 17:41

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36342

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.88%

||

7 Day CHG~0.00%

Published-24 Jan, 2022 | 20:10

Updated-16 Sep, 2024 | 18:34

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36343

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.88%

||

7 Day CHG~0.00%

Published-24 Jan, 2022 | 20:10

Updated-16 Sep, 2024 | 16:44

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36323

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.88%

||

7 Day CHG~0.00%

Published-12 Nov, 2021 | 22:15

Updated-17 Sep, 2024 | 02:02

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-25967

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.08% / 23.34%

||

7 Day CHG~0.00%

Published-14 May, 2024 | 06:44

Updated-09 Jan, 2025 | 15:51

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS powerscale_onefs

CWE ID-CWE-250

Execution with Unnecessary Privileges

CVE-2025-30098

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.05% / 13.66%

||

7 Day CHG~0.00%

Published-04 Aug, 2025 | 14:42

Updated-12 Aug, 2025 | 03:55

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Vendor-Dell Inc.

Product-PowerProtect Data Domain LTS 2023 PowerProtect Data Domain Feature Release PowerProtect Data Domain LTS2024

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2018-1185

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-1.52% / 80.49%

||

7 Day CHG~0.00%

Published-03 Feb, 2018 | 01:00

Updated-05 Aug, 2024 | 03:51

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.

Vendor-n/a Dell Inc.

Product-emc_recoverpoint emc_recoverpoint_for_virtual_machines EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-48668

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.04% / 9.44%

||

7 Day CHG~0.00%

Published-14 Dec, 2023 | 15:45

Updated-02 Aug, 2024 | 21:37

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC.

Vendor-Dell Inc.

Product-powerprotect_data_domain_management_center PowerProtect DD

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-44278

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.08% / 24.21%

||

7 Day CHG~0.00%

Published-14 Dec, 2023 | 15:17

Updated-02 Aug, 2024 | 19:59

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application.

Vendor-Dell Inc.

Product-powerprotect_data_domain powerprotect_data_protection dd9400 dp5900 apex_protection_storage powerprotect_data_domain_management_center dd6400 emc_data_domain_os dd3300 dd9900 dd6900 dp4400 PowerProtect DD

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2023-44279

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.01% / 0.69%

||

7 Day CHG~0.00%

Published-14 Dec, 2023 | 15:22

Updated-01 Oct, 2024 | 14:44

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker

Vendor-Dell Inc.

Product-powerprotect_data_domain powerprotect_data_protection dd9400 dp5900 apex_protection_storage powerprotect_data_domain_management_center emc_data_domain_os dd6400 dd3300 dd9900 dd6900 dp4400 PowerProtect DD powerprotect_data_domain

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-21590

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.12% / 31.26%

||

7 Day CHG~0.00%

Published-12 Jul, 2021 | 15:40

Updated-16 Sep, 2024 | 20:57

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Vendor-Dell Inc.

Product-emc_unity_operating_environment emc_unityvsa_operating_environment emc_unity_xt_operating_environment Unity

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE ID-CWE-522

Insufficiently Protected Credentials

CVE-2021-21555

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.1||MEDIUM

EPSS-0.15% / 36.32%

||

7 Day CHG~0.00%

Published-14 Jun, 2021 | 19:10

Updated-16 Sep, 2024 | 22:29

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-21527

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.05% / 16.77%

||

7 Day CHG~0.00%

Published-06 May, 2021 | 12:40

Updated-16 Sep, 2024 | 18:28

Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-21526

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.03% / 5.96%

||

7 Day CHG~0.00%

Published-20 Apr, 2021 | 16:45

Updated-17 Sep, 2024 | 00:06

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-21556

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.1||MEDIUM

EPSS-0.05% / 14.69%

||

7 Day CHG~0.00%

Published-14 Jun, 2021 | 19:10

Updated-17 Sep, 2024 | 01:40

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-21547

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.02% / 3.68%

||

7 Day CHG~0.00%

Published-30 Apr, 2021 | 21:10

Updated-16 Sep, 2024 | 18:34

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Vendor-Dell Inc.

Product-unity_operating_environment unityvsa_operating_environment unity_xt_operating_environment Unity

CWE ID-CWE-312

Cleartext Storage of Sensitive Information

CVE-2021-21554

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.1||MEDIUM

EPSS-0.05% / 14.69%

||

7 Day CHG~0.00%

Published-14 Jun, 2021 | 19:10

Updated-16 Sep, 2024 | 16:42

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-21550

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.05% / 16.77%

||

7 Day CHG~0.00%

Published-06 May, 2021 | 12:40

Updated-16 Sep, 2024 | 20:01

Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-39251

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 8.29%

||

7 Day CHG~0.00%

Published-22 Dec, 2023 | 17:55

Updated-02 Aug, 2024 | 18:02

Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.

CWE ID-CWE-20

Improper Input Validation

CVE-2016-8216

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.39% / 58.87%

||

7 Day CHG~0.00%

Published-03 Feb, 2017 | 07:24

Updated-20 Apr, 2025 | 01:37

EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Vendor-n/a Dell Inc.

Product-emc_data_domain_os EMC Data Domain DD OS EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10

CVE-2023-32469

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 8.22%

||

7 Day CHG~0.00%

Published-16 Nov, 2023 | 08:14

Updated-02 Aug, 2024 | 15:18

Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution.

Vendor-Dell Inc.

Product-precision_5820_firmware precision_7820 precision_7920_firmware precision_7820_firmware precision_7920 precision_5820 Dell Precision 5820 Tower, Dell Precision 7820 Tower, Dell Precision 7920 Tower

CWE ID-CWE-20

Improper Input Validation

CVE-2023-32494

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 6.87%

||

7 Day CHG~0.00%

Published-16 Aug, 2023 | 12:56

Updated-08 Oct, 2024 | 19:13

Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS

CWE ID-CWE-274

Improper Handling of Insufficient Privileges

CVE-2023-32461

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5||MEDIUM

EPSS-0.07% / 20.52%

||

7 Day CHG~0.00%

Published-15 Sep, 2023 | 06:56

Updated-25 Sep, 2024 | 14:12

Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.

Vendor-Dell Inc.

CWE ID-CWE-122

Heap-based Buffer Overflow

CVE-2023-32489

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.01% / 0.52%

||

7 Day CHG~0.00%

Published-16 Aug, 2023 | 13:36

Updated-08 Oct, 2024 | 19:06

Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain elevated privileges.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS

CWE ID-CWE-280

Improper Handling of Insufficient Permissions or Privileges

CVE-2020-29489

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.02% / 3.47%

||

7 Day CHG~0.00%

Published-05 Jan, 2021 | 21:40

Updated-16 Sep, 2024 | 22:40

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user.

Vendor-Dell Inc.

Product-emc_unity_vsa_operating_environment emc_unity_operating_environment emc_unity_xt_operating_environment Unity

CWE ID-CWE-276

Incorrect Default Permissions

CWE ID-CWE-312

Cleartext Storage of Sensitive Information

CVE-2022-34421

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 8.41%

||

7 Day CHG~0.00%

Published-16 Mar, 2023 | 11:57

Updated-26 Feb, 2025 | 15:27

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Vendor-Dell Inc.

Product-r750xa_firmware t430_firmware r6515_firmware t350_firmware fc430_firmware m630_firmware t550_firmware r430 nx3330 r750xa c6420 r6515 fc430 r530_firmware r930_firmware r450 r650_firmware r6415 t130_firmware c6520_firmware t440 xe7420 m630 r640_firmware r740 r550_firmware c4130_firmware r830 r940xa r7515_firmware t340_firmware r240_firmware r630_firmware nx3230 fc640_firmware m830p r250 fc630_firmware r940xa_firmware xe2420_firmware nx3340 t640_firmware r940_firmware xe7440 r230_firmware m830_firmware c4140_firmware c6320_firmware xr12_firmware m640p r750 fc630 r730xd_firmware r7415 r550 r6415_firmware r340 xe8545 r650 nx430_firmware fc640 r630 c4130 r740xd2_firmware r7425_firmware r240 c6420_firmware t330_firmware mx740c r7425 r330_firmware c6525 t140 r750xs_firmware r330 nx430 r640 nx440_firmware mx840c m630p nx3340_firmware r750xs t630 m640 c6320 r430_firmware r650xs r350 t150_firmware r750_firmware t150 r6525 mx840c_firmware r740_firmware r450_firmware nx3240_firmware c4140 t630_firmware t340 t130 t430 r440_firmware r530 dss8440_firmware mx740c_firmware r250_firmware r940 r340_firmware r7415_firmware r840 r730 nx3240 m830 m640p_firmware xe8545_firmware r440 r740xd2 r7525_firmware r6525_firmware r730xd r540 r230 mx750c_firmware r840_firmware r740xd_firmware r7525 xe2420 xr11_firmware dss8440 xr11 m630p_firmware fc830 r350_firmware t550 xr12 nx3330_firmware mx750c nx440 t640 r830_firmware r540_firmware m830p_firmware t350 fc830_firmware t140_firmware xe7440_firmware r730_firmware xr2 m640_firmware r740xd r7515 t330 c6525_firmware xe7420_firmware r650xs_firmware t440_firmware xr2_firmware r930 nx3230_firmware c6520 PowerEdge Platform

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2022-34418

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 8.41%

||

7 Day CHG~0.00%

Published-16 Mar, 2023 | 11:52

Updated-26 Feb, 2025 | 15:31

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Vendor-Dell Inc.

Product-r750xa_firmware t430_firmware r6515_firmware t350_firmware fc430_firmware m630_firmware t550_firmware r430 nx3330 r750xa c6420 r6515 fc430 r530_firmware r930_firmware r450 r650_firmware r6415 t130_firmware c6520_firmware t440 xe7420 m630 r640_firmware r740 r550_firmware c4130_firmware r830 r940xa r7515_firmware t340_firmware r240_firmware r630_firmware nx3230 fc640_firmware m830p r250 fc630_firmware r940xa_firmware xe2420_firmware nx3340 t640_firmware r940_firmware xe7440 r230_firmware m830_firmware c4140_firmware c6320_firmware xr12_firmware m640p r750 fc630 r730xd_firmware r7415 r550 r6415_firmware r340 xe8545 r650 nx430_firmware fc640 r630 c4130 r740xd2_firmware r7425_firmware r240 c6420_firmware t330_firmware mx740c r7425 r330_firmware c6525 t140 r750xs_firmware r330 nx430 r640 nx440_firmware mx840c m630p nx3340_firmware r750xs t630 m640 c6320 r430_firmware r650xs r350 t150_firmware r750_firmware t150 r6525 mx840c_firmware r740_firmware r450_firmware nx3240_firmware c4140 t630_firmware t340 t130 t430 r440_firmware r530 dss8440_firmware mx740c_firmware r250_firmware r940 r340_firmware r7415_firmware r840 r730 nx3240 m830 m640p_firmware xe8545_firmware r440 r740xd2 r7525_firmware r6525_firmware r730xd r540 r230 mx750c_firmware r840_firmware r740xd_firmware r7525 xe2420 xr11_firmware dss8440 xr11 m630p_firmware fc830 r350_firmware t550 xr12 nx3330_firmware mx750c nx440 t640 r830_firmware r540_firmware m830p_firmware t350 fc830_firmware t140_firmware xe7440_firmware r730_firmware xr2 m640_firmware r740xd r7515 t330 c6525_firmware xe7420_firmware r650xs_firmware t440_firmware xr2_firmware r930 nx3230_firmware c6520 PowerEdge Platform

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2022-34414

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 8.41%

||

7 Day CHG~0.00%

Published-16 Mar, 2023 | 11:37

Updated-26 Feb, 2025 | 15:48

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Vendor-Dell Inc.

Product-r750xa_firmware t430_firmware r6515_firmware t350_firmware fc430_firmware m630_firmware t550_firmware r430 nx3330 r750xa c6420 r6515 fc430 r530_firmware r930_firmware r450 r650_firmware r6415 t130_firmware c6520_firmware t440 xe7420 m630 r640_firmware r740 r550_firmware c4130_firmware r830 r940xa r7515_firmware t340_firmware r240_firmware r630_firmware nx3230 fc640_firmware m830p r250 fc630_firmware r940xa_firmware xe2420_firmware nx3340 t640_firmware r940_firmware xe7440 r230_firmware m830_firmware c4140_firmware c6320_firmware xr12_firmware m640p r750 fc630 r730xd_firmware r7415 r550 r6415_firmware r340 xe8545 r650 nx430_firmware fc640 r630 c4130 r740xd2_firmware r7425_firmware r240 c6420_firmware t330_firmware mx740c r7425 r330_firmware c6525 t140 r750xs_firmware r330 nx430 r640 nx440_firmware mx840c m630p nx3340_firmware r750xs t630 m640 c6320 r430_firmware r650xs r350 t150_firmware r750_firmware t150 r6525 mx840c_firmware r740_firmware r450_firmware nx3240_firmware c4140 t630_firmware t340 t130 t430 r440_firmware r530 dss8440_firmware mx740c_firmware r250_firmware r940 r340_firmware r7415_firmware r840 r730 nx3240 m830 m640p_firmware xe8545_firmware r440 r740xd2 r7525_firmware r6525_firmware r730xd r540 r230 mx750c_firmware r840_firmware r740xd_firmware r7525 xe2420 xr11_firmware dss8440 xr11 m630p_firmware fc830 r350_firmware t550 xr12 nx3330_firmware mx750c nx440 t640 r830_firmware r540_firmware m830p_firmware t350 fc830_firmware t140_firmware xe7440_firmware r730_firmware xr2 m640_firmware r740xd r7515 t330 c6525_firmware xe7420_firmware r650xs_firmware t440_firmware xr2_firmware r930 nx3230_firmware c6520 PowerEdge Platform

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2024-37132

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.04% / 12.15%

||

7 Day CHG~0.00%

Published-02 Jul, 2024 | 07:14

Updated-02 Aug, 2024 | 03:50

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Elevation of privileges.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS powerscale_onefs

CWE ID-CWE-266

Incorrect Privilege Assignment

CVE-2022-34415

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 8.41%

||

7 Day CHG~0.00%

Published-16 Mar, 2023 | 11:44

Updated-26 Feb, 2025 | 15:35

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Vendor-Dell Inc.

Product-r750xa_firmware t430_firmware r6515_firmware t350_firmware fc430_firmware m630_firmware t550_firmware r430 nx3330 r750xa c6420 r6515 fc430 r530_firmware r930_firmware r450 r650_firmware r6415 t130_firmware c6520_firmware t440 xe7420 m630 r640_firmware r740 r550_firmware c4130_firmware r830 r940xa r7515_firmware t340_firmware r240_firmware r630_firmware nx3230 fc640_firmware m830p r250 fc630_firmware r940xa_firmware xe2420_firmware nx3340 t640_firmware r940_firmware xe7440 r230_firmware m830_firmware c4140_firmware c6320_firmware xr12_firmware m640p r750 fc630 r730xd_firmware r7415 r550 r6415_firmware r340 xe8545 r650 nx430_firmware fc640 r630 c4130 r740xd2_firmware r7425_firmware r240 c6420_firmware t330_firmware mx740c r7425 r330_firmware c6525 t140 r750xs_firmware r330 nx430 r640 nx440_firmware mx840c m630p nx3340_firmware r750xs t630 m640 c6320 r430_firmware r650xs r350 t150_firmware r750_firmware t150 r6525 mx840c_firmware r740_firmware r450_firmware nx3240_firmware c4140 t630_firmware t340 t130 t430 r440_firmware r530 dss8440_firmware mx740c_firmware r250_firmware r940 r340_firmware r7415_firmware r840 r730 nx3240 m830 m640p_firmware xe8545_firmware r440 r740xd2 r7525_firmware r6525_firmware r730xd r540 r230 mx750c_firmware r840_firmware r740xd_firmware r7525 xe2420 xr11_firmware dss8440 xr11 m630p_firmware fc830 r350_firmware t550 xr12 nx3330_firmware mx750c nx440 t640 r830_firmware r540_firmware m830p_firmware t350 fc830_firmware t140_firmware xe7440_firmware r730_firmware xr2 m640_firmware r740xd r7515 t330 c6525_firmware xe7420_firmware r650xs_firmware t440_firmware xr2_firmware r930 nx3230_firmware c6520 PowerEdge Platform

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2022-34413

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 8.41%

||

7 Day CHG~0.00%

Published-16 Mar, 2023 | 11:35

Updated-26 Feb, 2025 | 15:56

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Vendor-Dell Inc.

Product-r750xa_firmware t430_firmware r6515_firmware t350_firmware fc430_firmware m630_firmware t550_firmware r430 nx3330 r750xa c6420 r6515 fc430 r530_firmware r930_firmware r450 r650_firmware r6415 t130_firmware c6520_firmware t440 xe7420 m630 r640_firmware r740 r550_firmware c4130_firmware r830 r940xa r7515_firmware t340_firmware r240_firmware r630_firmware nx3230 fc640_firmware m830p r250 fc630_firmware r940xa_firmware xe2420_firmware nx3340 t640_firmware r940_firmware xe7440 r230_firmware m830_firmware c4140_firmware c6320_firmware xr12_firmware m640p r750 fc630 r730xd_firmware r7415 r550 r6415_firmware r340 xe8545 r650 nx430_firmware fc640 r630 c4130 r740xd2_firmware r7425_firmware r240 c6420_firmware t330_firmware mx740c r7425 r330_firmware c6525 t140 r750xs_firmware r330 nx430 r640 nx440_firmware mx840c m630p nx3340_firmware r750xs t630 m640 c6320 r430_firmware r650xs r350 t150_firmware r750_firmware t150 r6525 mx840c_firmware r740_firmware r450_firmware nx3240_firmware c4140 t630_firmware t340 t130 t430 r440_firmware r530 dss8440_firmware mx740c_firmware r250_firmware r940 r340_firmware r7415_firmware r840 r730 nx3240 m830 m640p_firmware xe8545_firmware r440 r740xd2 r7525_firmware r6525_firmware r730xd r540 r230 mx750c_firmware r840_firmware r740xd_firmware r7525 xe2420 xr11_firmware dss8440 xr11 m630p_firmware fc830 r350_firmware t550 xr12 nx3330_firmware mx750c nx440 t640 r830_firmware r540_firmware m830p_firmware t350 fc830_firmware t140_firmware xe7440_firmware r730_firmware xr2 m640_firmware r740xd r7515 t330 c6525_firmware xe7420_firmware r650xs_firmware t440_firmware xr2_firmware r930 nx3230_firmware c6520 PowerEdge Platform

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2022-31239

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.13% / 32.89%

||

7 Day CHG~0.00%

Published-21 Oct, 2022 | 18:05

Updated-07 May, 2025 | 15:53

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2023-28033

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.04%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 09:37

Updated-08 Nov, 2024 | 15:14

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-28035

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.04%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 09:34

Updated-08 Nov, 2024 | 16:32

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-28026

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.04%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 10:23

Updated-04 Dec, 2024 | 14:43

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-28032

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.04%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 09:59

Updated-08 Nov, 2024 | 14:08

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-28059

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.04%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 09:16

Updated-08 Nov, 2024 | 15:14

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-28058

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.04%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 10:30

Updated-07 Nov, 2024 | 21:07

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-28034

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.04%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 10:08

Updated-07 Nov, 2024 | 21:47

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-28039

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.04%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 09:51

Updated-08 Nov, 2024 | 14:07

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-28061

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.04%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 09:19

Updated-08 Nov, 2024 | 16:51

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-28036

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.04%

||

7 Day CHG~0.00%

Published-23 Jun, 2023 | 10:01

Updated-08 Nov, 2024 | 14:08

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-37133

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Affected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs