Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-37134

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-02 Jul, 2024 | 07:24
Updated At-02 Aug, 2024 | 03:50
Rejected At-
Credits

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:02 Jul, 2024 | 07:24
Updated At:02 Aug, 2024 | 03:50
Rejected At:
▼CVE Numbering Authority (CNA)

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.

Affected Products
Vendor
Dell Inc.Dell
Product
PowerScale OneFS
Default Status
unaffected
Versions
Affected
  • From 8.2.2.x through 9.5.0.8 (semver)
  • From 8.2.2.x through 9.7.0.0 (semver)
  • From 9.7.0.1 through 9.7.0.2 (semver)
  • 9.7.0.3
  • 9.8.0.0
Problem Types
TypeCWE IDDescription
CWECWE-266CWE-266: Incorrect Privilege Assignment
Type: CWE
CWE ID: CWE-266
Description: CWE-266: Incorrect Privilege Assignment
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
Dell Inc.dell
Product
powerscale_onefs
CPEs
  • cpe:2.3:a:dell:powerscale_onefs:8.2.2:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 8.2.2 through 9.8.0.0 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities
vendor-advisory
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:02 Jul, 2024 | 08:15
Updated At:03 Jul, 2024 | 18:01

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Dell Inc.
dell
>>powerscale_onefs>>Versions from 8.2.2(inclusive) to 9.5.1.0(exclusive)
cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>powerscale_onefs>>Versions from 9.6.0(inclusive) to 9.7.1.0(exclusive)
cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>powerscale_onefs>>9.8.0.0
cpe:2.3:a:dell:powerscale_onefs:9.8.0.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-266Secondarysecurity_alert@emc.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-266
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilitiessecurity_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

141Records found
CVE-2021-36293
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.13% / 33.38%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 19:50
Updated-17 Sep, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-vnxe1600vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-269
Improper Privilege Management
CVE-2016-8216
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.39% / 58.90%
||
7 Day CHG~0.00%
Published-03 Feb, 2017 | 07:24
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Action-Not Available
Vendor-n/aDell Inc.
Product-emc_data_domain_osEMC Data Domain DD OS EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10
CVE-2023-25937
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 3.05%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 09:40
Updated-08 Nov, 2024 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_24_5410_all-in-onelatitude_5401vostro_5391_firmwareoptiplex_7770_all-in-onexps_15_9510_firmwareinspiron_3470inspiron_7300_firmwarelatitude_3520inspiron_13_5330precision_3561_firmwarevostro_3669xps_17_9710_firmwareoptiplex_tower_plus_7010_firmwareprecision_7770_firmwareprecision_7560inspiron_5590_firmwareg7_17_7790_firmwarelatitude_7380_firmwarevostro_3888xps_13_9315inspiron_5570inspiron_7490vostro_3888_firmwarelatitude_14_rugged_5414precision_7540wyse_7040_thin_clientinspiron_15_3511_firmwarewyse_5070latitude_9420inspiron_5490_firmwareprecision_5470_firmwarealienware_area_51m_r1_firmwarelatitude_5590optiplex_5080inspiron_5502latitude_5511inspiron_5620_firmwareinspiron_7501latitude_7390_2-in-1inspiron_7300_2-in-1chengming_3911_firmwareprecision_5530_2-in-1precision_5550xps_17_9700inspiron_16_7630_2-in-1alienware_x14_firmwareinspiron_3583precision_7720alienware_m17_r3_firmwarelatitude_5300vostro_3400alienware_x14g3_3500precision_5530_firmwareoptiplex_5050alienware_aurora_r11g5_15_5500_firmwarelatitude_7300inspiron_7710optiplex_7090precision_3620_towerg7_17_7700_firmwareprecision_3431_toweroptiplex_3060_firmwareinspiron_5490_aio_firmwareinspiron_7000latitude_3420inspiron_3782latitude_3590_firmwarelatitude_7490_firmwarevostro_3020_talienware_m15_r2vostro_5491_firmwareprecision_5520latitude_5310_2-in-1_firmwareprecision_3570inspiron_7490_firmwareinspiron_5409xps_8950precision_5720_aiolatitude_7400latitude_5591optiplex_5270_all-in-one_firmwarexps_13_9320xps_8960_firmwarexps_13_9320_firmwareinspiron_3471inspiron_3511_firmwarelatitude_5531_firmwareoptiplex_5050_firmwareprecision_7520_firmwareoptiplex_7071_firmwareinspiron_14_5410optiplex_7460_all-in-oneprecision_3570_firmwareoptiplex_5070latitude_3400precision_5770_firmwareinspiron_14_7430_2-in-1latitude_3420_firmwareg5_5000alienware_aurora_r15xps_15_9575_2-in-1inspiron_5491_2-in-1_firmwareoptiplex_3090_firmwareg15_5520_firmwarelatitude_3530vostro_3581_firmwareinspiron_7506_2-in-1_firmwarelatitude_7320_detachable_firmwarevostro_3581latitude_9410optiplex_7070vostro_3020_sffoptiplex_7080_firmwarevostro_16_5630latitude_5420_rugged_firmwareinspiron_3521inspiron_5491_aio_firmwarealienware_m16latitude_5310latitude_5530vostro_5391latitude_3301inspiron_5594latitude_5420_ruggedoptiplex_7090_ultra_firmwareoptiplex_7000_oemvostro_3268_firmwareinspiron_7000_firmwareg16_7620alienware_x15_r1precision_3450chengming_3900inspiron_5420latitude_7390_2-in-1_firmwareinspiron_5400latitude_7330_firmwarelatitude_7480_firmwarexps_15_9520_firmwarevostro_5591vostro_5090precision_5560latitude_3190inspiron_3510_firmwareinspiron_3020soptiplex_5400latitude_7430_firmwarelatitude_3330_firmwareinspiron_3881_firmwarelatitude_5488latitude_5521inspiron_3020_firmwarelatitude_7380optiplex_5480_all-in-one_firmwareprecision_3540alienware_aurora_r11_firmwarealienware_x17_r2_firmwareinspiron_3910inspiron_7510_firmwareprecision_5570_firmwareinspiron_3580_firmwareinspiron_3781_firmwareinspiron_7500_2-in-1_black_firmwarewyse_5070_firmwarevostro_3670_firmwareinspiron_3510inspiron_3280_firmwarelatitude_3310latitude_7414_rugged_extreme_firmwarelatitude_5290_2-in-1precision_7520wyse_5470_all-in-one_firmwareprecision_7820_toweroptiplex_3090latitude_7290vostro_5410vostro_7620_firmwarelatitude_7212_rugged_extreme_tablet_firmwarealienware_area_51m_r1inspiron_16_7620_2-in-1inspiron_5402latitude_13_3380_firmwarelatitude_5430_firmwareinspiron_3582latitude_7230_rugged_extreme_tabletlatitude_7285_2-in-1_firmwarelatitude_7480precision_7540_firmwarevostro_3401_firmwareinspiron_7391_firmwarevostro_3881vostro_5401wyse_5470_firmwareinspiron_5593latitude_5420_firmwareprecision_3561optiplex_5000inspiron_5770alienware_m17_r2_firmwarelatitude_3580vostro_5300precision_5820_tower_firmwareinspiron_3493_firmwarelatitude_3190_2-in-1_firmwarevostro_5301xps_15_9510inspiron_16_plus_7620inspiron_5481_2-in-1inspiron_3590latitude_7210_2-in-1optiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268optiplex_7070_firmwarealienware_m15_r7_firmwarealienware_m15_r6_firmwareoptiplex_5270_all-in-oneoptiplex_xe3vostro_3584optiplex_7000_firmwarelatitude_3301_firmwarevostro_3481_firmwareinspiron_3502latitude_5491latitude_3140_firmwarelatitude_9520_firmwareprecision_5560_firmwarelatitude_5330vostro_3690_firmwarealienware_aurora_r12latitude_5520_firmwareoptiplex_5090inspiron_24_5410_all-in-one_firmwareoptiplex_5480_all-in-oneinspiron_5591_2-in-1_firmwarealienware_aurora_r15_firmwarelatitude_7280latitude_5400alienware_aurora_r13_firmwarelatitude_5410precision_7865_towerprecision_3541xps_8940optiplex_7050_firmwareprecision_7730_firmwareprecision_3551latitude_5401_firmwarealienware_m17_r3vostro_5491precision_5820_towerinspiron_3520precision_7730precision_3640_tower_firmwareinspiron_7610vostro_5301_firmwareg7_17_7790vostro_5890inspiron_5400_2-in-1optiplex_7770_all-in-one_firmwarelatitude_5400_firmwareinspiron_7610_firmwareinspiron_5400_2-in-1_firmwareg7_15_7590inspiron_7391alienware_m17_r4latitude_9330_firmwareinspiron_7700_all-in-onevostro_3671_firmwareprecision_3440latitude_rugged_7220ex_firmwareprecision_7510_firmwarevostro_5402optiplex_7090_ultrag5_5000_firmwareoptiplex_7470_all-in-oneoptiplex_5250_firmwarealienware_m15_r3_firmwareinspiron_3671_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwareinspiron_3781vostro_3690g16_7620_firmwareinspiron_5300_firmwareprecision_3460_small_form_factor_firmwareoptiplex_7000_oem_firmwarelatitude_7530optiplex_3050_firmwareoptiplex_7490_all-in-onevostro_7500alienware_m15_r7inspiron_7590_firmwareinspiron_7791_firmwareprecision_7740_firmwarelatitude_7285_2-in-1alienware_m15_r2_firmwarelatitude_7389vostro_3681precision_7920_towerinspiron_5570_firmwarelatitude_7400_2-in-1_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530inspiron_3582_firmwarelatitude_5411_firmwarelatitude_3510_firmwareinspiron_3470_firmwareinspiron_3593optiplex_7070_ultrainspiron_15_5518_firmwareprecision_7740optiplex_tower_plus_7010inspiron_3481_firmwareprecision_5530latitude_7310_firmwareoptiplex_3000_thin_clientinspiron_7306_2-in-1latitude_7530_firmwareinspiron_3790_firmwareinspiron_3584_firmwareoptiplex_3050_all-in-onelatitude_9510optiplex_3280_all-in-onexps_13_7390_firmwarexps_13_9310_firmwareinspiron_3583_firmwareinspiron_5770_firmwareprecision_5760_firmwarelatitude_3180_firmwarevostro_3420_firmwarevostro_3681_firmwarevostro_3580_firmwareinspiron_3581_firmwarelatitude_9510_firmwarevostro_5890_firmwareinspiron_3910_firmwareinspiron_5406_2-in-1precision_7760_firmwarelatitude_3490_firmwarelatitude_5300_2-in-1_firmwareinspiron_3511vostro_3668xps_13_9305_firmwareinspiron_5410optiplex_7760_all-in-onelatitude_7280_firmwarevostro_5502vostro_3670latitude_5280inspiron_7420_firmwareoptiplex_7780_all-in-oneinspiron_5490inspiron_3501_firmwareinspiron_27_7720_all-in-one_firmwarelatitude_5300_firmwarewyse_7040_thin_client_firmwareinspiron_3880inspiron_5481_2-in-1_firmwarelatitude_5480_firmwareprecision_3930_rackprecision_7865_tower_firmwarexps_17_9720vostro_3490inspiron_5391g5_15_5590_firmwareinspiron_5598inspiron_3482inspiron_14_plus_7420latitude_5320_firmwareg7_15_7590_firmwareoptiplex_3080xps_13_9315_firmwarelatitude_3480inspiron_3782_firmwarexps_13_9300_firmwareprecision_5750alienware_m15_r4latitude_rugged_5430precision_5570vostro_3671inspiron_7591latitude_7310inspiron_14_5410_firmwareinspiron_7790inspiron_5420_firmwarelatitude_5421_firmwareinspiron_7500inspiron_7790_firmwareg15_5511inspiron_5620precision_5760vostro_3584_firmwarealienware_m16_firmwarelatitude_3390_2-in-1_firmwarechengming_3990_firmwareoptiplex_7480_all-in-oneprecision_3520_firmwareinspiron_5594_firmwarechengming_3980precision_3551_firmwarelatitude_9430optiplex_7070_ultra_firmwarevostro_3400_firmwarevostro_5310_firmwareoptiplex_7060latitude_5290_firmwarelatitude_7424_rugged_extremeinspiron_7710_firmwareoptiplex_7480_all-in-one_firmwareg5_5090_firmwarelatitude_7390vostro_3500g3_15_3590precision_3240_compactxps_13_9315_2-in-1alienware_aurora_r12_firmwarelatitude_3520_firmwareinspiron_5490_aiolatitude_5285_2-in-1_firmwarechengming_3991_firmwareinspiron_16_7630_2-in-1_firmwareprecision_7510vostro_3401vostro_3480_firmwarevostro_7590_firmwareinspiron_14_5418inspiron_7400latitude_9430_firmwareprecision_3650_tower_firmwarelatitude_7389_firmwareoptiplex_7470_all-in-one_firmwarevostro_3510precision_3630_tower_firmwarexps_13_9310_2-in-1inspiron_3581inspiron_5400_firmwarelatitude_5424_ruggedlatitude_5488_firmwareoptiplex_7760_all-in-one_firmwareinspiron_7500_firmwareprecision_3541_firmwareinspiron_5591_2-in-1latitude_7330alienware_x15_r2inspiron_7506_2-in-1latitude_5330_firmwareprecision_3650_towervostro_3881_firmwarevostro_3490_firmwarelatitude_7200_2-in-1latitude_5511_firmwarelatitude_3430_firmwareinspiron_5493optiplex_7410_all-in-oneprecision_3550inspiron_3891_firmwareoptiplex_3090_ultra_firmwarexps_13_7390_2-in-1_firmwareoptiplex_5070_firmwarealienware_aurora_r13inspiron_5501latitude_3390_2-in-1latitude_3310_2-in-1vostro_5501_firmwareoptiplex_3090_ultralatitude_5490vostro_5620_firmwarealienware_m17_r2inspiron_3520_firmwarevostro_3070_firmwareprecision_5720_aio_firmwareinspiron_3020latitude_3190_2-in-1optiplex_7071vostro_3481optiplex_3000_firmwareinspiron_3891xps_13_9305vostro_5310latitude_9410_firmwarevostro_7590latitude_5280_firmwarelatitude_3180inspiron_7300_2-in-1_firmwareinspiron_7706_2-in-1_firmwareinspiron_13_5330_firmwarelatitude_12_rugged_extreme_7214_firmwarelatitude_5300_2-in-1latitude_7424_rugged_extreme_firmwareoptiplex_7090_firmwareoptiplex_3070_firmwarevostro_3020_t_firmwareg15_5511_firmwarelatitude_7410_firmwarevostro_3667alienware_x15_r2_firmwareprecision_3660optiplex_5260_all-in-oneprecision_7720_firmwarelatitude_5310_2-in-1vostro_3910inspiron_5491_aioinspiron_3780inspiron_14_5418_firmwarelatitude_7230_rugged_extreme_tablet_firmwarelatitude_rugged_7330_firmwarelatitude_7390_firmwarelatitude_5500_firmwareprecision_7710latitude_5410_firmwarelatitude_5430vostro_5090_firmwarexps_13_7390latitude_3530_firmwarelatitude_3400_firmwarevostro_3890latitude_3510chengming_3901_firmwareprecision_3560_firmwareinspiron_3502_firmwareprecision_3520vostro_5401_firmwareinspiron_3880_firmwareinspiron_5310_firmwareinspiron_5501_firmwareg5_5090optiplex_3050precision_7820_tower_firmwareg7_15_7500optiplex_5080_firmwareinspiron_14_5430inspiron_5493_firmwarevostro_3471xps_17_9700_firmwareinspiron_3480_firmwareinspiron_5320alienware_m15_r3vostro_3520_firmwarelatitude_5530_firmwareprecision_5470optiplex_5060_firmwareinspiron_16_5630_firmwareoptiplex_3050_all-in-one_firmwarevostro_16_5630_firmwarevostro_3590optiplex_small_form_factor_plus_7010inspiron_15_5510vostro_5590_firmwareinspiron_16_plus_7620_firmwareprecision_7530_firmwarealienware_m17_r4_firmwarealienware_x17_r1inspiron_3790optiplex_7000chengming_3901vostro_3583_firmwarelatitude_3190_firmwareinspiron_5494optiplex_7460_all-in-one_firmwarexps_8960g3_3779_firmwarexps_13_9300xps_15_9500latitude_5500inspiron_5508_firmwarelatitude_3500_firmwarechengming_3900_firmwarechengming_3991latitude_5288_firmwareinspiron_7501_firmwareinspiron_7500_2-in-1_blackxps_8950_firmwareg15_5510_firmwarevostro_7510_firmwarelatitude_5290_2-in-1_firmwareinspiron_3471_firmwarevostro_3669_firmwarevostro_7510inspiron_7791latitude_5501latitude_7400_firmwareprecision_7710_firmwarelatitude_3590vostro_3501vostro_5320_firmwareprecision_3450_firmwarechengming_3990precision_3460_small_form_factorinspiron_5301inspiron_7420vostro_3583alienware_x17_r2latitude_5491_firmwarevostro_5880_firmwarexps_17_9710inspiron_3493optiplex_7400precision_5750_firmwareoptiplex_small_form_factor_plus_7010_firmwareoptiplex_3060optiplex_5060latitude_5285_2-in-1optiplex_5000_firmwarechengming_3988_firmwareinspiron_3584latitude_5520latitude_3410_firmwarewyse_5470_all-in-oneinspiron_7510inspiron_7400_firmwareprecision_3530_firmwarelatitude_3320xps_13_9310_2-in-1_firmwarelatitude_5580_firmwarevostro_5320xps_13_9315_2-in-1_firmwarelatitude_3189xps_15_9575_2-in-1_firmwarevostro_3580latitude_13_3380inspiron_24_5421_all-in-one_firmwarelatitude_3430embedded_box_pc_5000inspiron_3020s_firmwarelatitude_3320_firmwareinspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579optiplex_5490_all-in-one_firmwareoptiplex_7080g15_5510inspiron_15_5518alienware_area_51m_r2_firmwarevostro_7500_firmwarealienware_m15_r4_firmwarexps_17_9730latitude_9330inspiron_16_7620_2-in-1_firmwarelatitude_5480inspiron_15_3511inspiron_5310vostro_5510_firmwarelatitude_14_rugged_5414_firmwarelatitude_5424_rugged_firmwarelatitude_rugged_7330chengming_3910_firmwarelatitude_7300_firmwarealienware_x15_r1_firmwarelatitude_5421inspiron_16_5630latitude_9420_firmwareinspiron_24_5420_all-in-onelatitude_5510optiplex_3000g7_17_7700inspiron_5401_aio_firmwareinspiron_24_5421_all-in-onevostro_5300_firmwarewyse_5470optiplex_5090_firmwarevostro_3501_firmwareinspiron_3593_firmwareoptiplex_7780_all-in-one_firmwarevostro_3710_firmwareinspiron_5494_firmwareprecision_3440_firmwareprecision_5530_2-in-1_firmwarealienware_x17_r1_firmwarelatitude_3310_2-in-1_firmwareg7_15_7500_firmwarelatitude_5320latitude_3330latitude_7410inspiron_3590_firmwarelatitude_5501_firmwareprecision_3571xps_13_7390_2-in-1optiplex_3280_all-in-one_firmwarexps_15_9500_firmwarelatitude_5411vostro_3020_sff_firmwarelatitude_12_rugged_extreme_7214precision_7760xps_17_9720_firmwareoptiplex_7450_firmwareinspiron_7306_2-in-1_firmwareoptiplex_7450vostro_3500_firmwareinspiron_3521_firmwarelatitude_7320_detachableg3_3579_firmwarelatitude_9520inspiron_5509latitude_3480_firmwarelatitude_3189_firmwarevostro_3520vostro_3590_firmwareinspiron_5406_2-in-1_firmwareinspiron_5498inspiron_7500_2-in-1_silver_firmwareinspiron_7591_firmwarelatitude_5290inspiron_5300inspiron_7706_2-in-1inspiron_5508latitude_5289_firmwareprecision_5550_firmwarechengming_3980_firmwareprecision_7670inspiron_5491_2-in-1inspiron_24_5420_all-in-one_firmwarelatitude_3120_firmwarelatitude_5590_firmwareinspiron_5590vostro_5490precision_7670_firmwareg15_5530inspiron_5301_firmwarevostro_3267g3_15_3590_firmwareinspiron_3671inspiron_5408_firmwareinspiron_5498_firmwareprecision_3571_firmwareprecision_5540vostro_5490_firmwarevostro_5620inspiron_3480latitude_3490optiplex_3000_thin_client_firmwareprecision_3930_rack_firmwarevostro_3710inspiron_3670latitude_5420inspiron_7300inspiron_3793_firmwareinspiron_5402_firmwareprecision_3430_tower_firmwareoptiplex_7400_firmwareprecision_7560_firmwarelatitude_3300_firmwarexps_15_9530_firmwarexps_17_9730_firmwarelatitude_7400_2-in-1precision_3640_towervostro_5510inspiron_3490precision_7770latitude_7210_2-in-1_firmwarelatitude_rugged_5430_firmwarexps_13_9310latitude_5510_firmwarevostro_3510_firmwareinspiron_3670_firmwareinspiron_5410_firmwarelatitude_7212_rugged_extreme_tabletinspiron_15_5510_firmwareinspiron_14_7430_2-in-1_firmwareinspiron_5408vostro_5410_firmwarevostro_5502_firmwareprecision_3540_firmwareinspiron_3482_firmwarexps_15_9530latitude_5289g3_3500_firmwarelatitude_7430precision_3431_tower_firmwarevostro_3471_firmwareoptiplex_3080_firmwarelatitude_3410vostro_5402_firmwarelatitude_rugged_7220precision_3420_towerg5_15_5590inspiron_7700_all-in-one_firmwareinspiron_3881optiplex_7490_all-in-one_firmwarexps_13_9380latitude_5531latitude_7414_rugged_extremeprecision_3660_firmwareprecision_3420_tower_firmwarealienware_area_51m_r2chengming_3910vostro_3420inspiron_7500_2-in-1_silverlatitude_5490_firmwarelatitude_5591_firmwareinspiron_3501latitude_3140latitude_3500latitude_5310_firmwareoptiplex_5400_firmwarevostro_3070inspiron_3793inspiron_27_7720_all-in-oneprecision_3430_towerprecision_5520_firmwarealienware_m15_r6vostro_3890_firmwarechengming_3988xps_15_7590latitude_3300latitude_5580precision_3620_tower_firmwarevostro_5590precision_5540_firmwareinspiron_5401_firmwarevostro_5501xps_15_9520xps_8940_firmwareoptiplex_5490_all-in-onelatitude_3120latitude_rugged_7220_firmwareg15_5530_firmwareprecision_3560vostro_3480inspiron_5401_aiog5_15_5500optiplex_5260_all-in-one_firmwarelatitude_rugged_7220exinspiron_5509_firmwareinspiron_5593_firmwarelatitude_7200_2-in-1_firmwareoptiplex_7410_all-in-one_firmwarevostro_3582_firmwareprecision_3630_towerlatitude_3580_firmwareinspiron_14_5430_firmwareinspiron_5598_firmwarevostro_3470optiplex_3070inspiron_3280vostro_3910_firmwarelatitude_7290_firmwareprecision_5770chengming_3911precision_7530vostro_7620inspiron_5391_firmwareinspiron_5502_firmwareinspiron_5320_firmwarexps_15_7590_firmwareembedded_box_pc_5000_firmwareoptiplex_7050inspiron_3490_firmwareinspiron_14_plus_7420_firmwareg15_5520inspiron_5409_firmwarexps_13_9380_firmwarelatitude_7490latitude_5288optiplex_7060_firmwareprecision_3240_compact_firmwarelatitude_5521_firmwareg3_3779inspiron_5401optiplex_5250vostro_3582vostro_3667_firmwareprecision_7920_tower_firmwarevostro_5591_firmwareCPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2019-18577
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 28.97%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 20:30
Updated-16 Sep, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access.

Action-Not Available
Vendor-Dell Inc.
Product-xtremio_management_serverXtremIO
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-36325
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.95%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:15
Updated-16 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_15_7570_firmwarelatitude_5401g7_7590inspiron_3470latitude_e7270optiplex_7770_firmwarevostro_3669inspiron_5491_firmwareprecision_7820_firmwareinspiron_5477_firmwarelatitude_5179inspiron_15_7577latitude_7380_firmwarevostro_3888xps_13_9370inspiron_5570vostro_3888_firmwarewyse_7040latitude_e5270precision_7540alienware_15_r3_firmwareprecision_3420wyse_5070inspiron_5490_firmwarealienware_area_51m_r1_firmwarelatitude_5590optiplex_5080latitude_5511inspiron_7580_firmwarealienware_m15_r1_firmwareprecision_7720precision_7920alienware_m17_r3_firmwarelatitude_5300vostro_5581_firmwarelatitude_3380_firmwareprecision_5530_firmwareoptiplex_5040latitude_rugged_5420vostro_15_7580inspiron_14_5468optiplex_5050alienware_aurora_r11latitude_3470latitude_7300g5_5590xps_13_9360vostro_14_3478_firmwareoptiplex_3060_firmwarelatitude_3590_firmwarelatitude_7490_firmwarealienware_m15_r2precision_5520latitude_7400latitude_5591precision_3620precision_5820inspiron_3471latitude_3390optiplex_5050_firmwareprecision_7520_firmwareoptiplex_7071_firmwarelatitude_5175_firmwareinspiron_7586optiplex_3040_firmwareoptiplex_5070precision_3630_firmwareprecision_3430g5_5000inspiron_7700inspiron_13_5378_firmwarelatitude_7285_firmwarexps_13_9370_firmwarevostro_3581_firmwarelatitude_7275vostro_3581xps_15_9575latitude_9410inspiron_7777optiplex_7070latitude_3570optiplex_7080_firmwareoptiplex_5480_firmwareinspiron_15_5578_firmwarelatitude_5310latitude_rugged_7424_firmwarevostro_3268_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1inspiron_5400latitude_7480_firmwarevostro_14_5468_firmwarelatitude_e5470_firmwarechengming_3977vostro_5090latitude_3190vostro_5370alienware_aurora_r8_firmwareinspiron_5580_firmwareinspiron_3881_firmwarelatitude_rugged_7424latitude_5488g3_3590optiplex_5260latitude_7380precision_3540alienware_aurora_r11_firmwarevostro_14_5468optiplex_7780optiplex_3280xps_15_9560inspiron_3580_firmwareinspiron_3781_firmwarevostro_5370_firmwarewyse_5070_firmwarevostro_3670_firmwarelatitude_7275_firmwareinspiron_3280_firmwarelatitude_3310precision_7520vostro_15_3578_firmwarevostro_3660_firmwareinspiron_5482latitude_7290g7_7587_firmwarealienware_area_51m_r1precision_7540_firmwareoptiplex_7760latitude_7480vostro_3881wyse_5470_firmwareinspiron_7580inspiron_3668inspiron_5770alienware_m17_r2_firmwarelatitude_3580inspiron_3668_firmwarelatitude_5285optiplex_7780_firmwareinspiron_5480_firmwarelatitude_3551optiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268optiplex_7070_firmwarevostro_3584optiplex_xe3precision_5510inspiron_7370precision_3240vostro_3481_firmwarelatitude_5491optiplex_3240_firmwareoptiplex_7040inspiron_7386alienware_aurora_r12latitude_7280latitude_5400latitude_5410inspiron_7373_firmwareprecision_3541xps_8940optiplex_7050_firmwareprecision_7730_firmwarelatitude_3379_firmwarelatitude_5401_firmwarealienware_m17_r3precision_7730inspiron_7380precision_3240_firmwarelatitude_7285latitude_5400_firmwareprecision_3420_firmwarevostro_3671_firmwareprecision_3440latitude_rugged_7220ex_firmwareprecision_7510_firmwareg5_5000_firmwareoptiplex_7460_firmwareoptiplex_5250_firmwareinspiron_5680_firmwarealienware_m15_r3_firmwareinspiron_3576inspiron_3671_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwarevostro_15_7580_firmwareinspiron_3781inspiron_3576_firmwareg7_7588_firmwarelatitude_3570_firmwareoptiplex_3050_firmwareinspiron_7590_firmwarelatitude_rugged_5414_firmwareprecision_7740_firmwareinspiron_15_3567alienware_m15_r2_firmwarelatitude_7389vostro_3681inspiron_5570_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530g7_7588latitude_5411_firmwareinspiron_3470_firmwareinspiron_5370inspiron_7467_firmwareprecision_7740inspiron_3481_firmwareprecision_5530latitude_7310_firmwareinspiron_15_5579_firmwarelatitude_9510inspiron_5770_firmwareinspiron_7586_firmwarelatitude_rugged_extreme_7214latitude_3180_firmwarevostro_3681_firmwarealienware_m17_r1_firmwarevostro_3580_firmwareinspiron_3581_firmwareinspiron_17_7773latitude_9510_firmwarelatitude_3490_firmwareprecision_5720_firmwareg7_7587vostro_3668optiplex_7770optiplex_5270latitude_7280_firmwarevostro_3670latitude_5280latitude_5179_firmwareinspiron_5490inspiron_15_5578latitude_5300_firmwareinspiron_3880inspiron_5580latitude_5480_firmwareinspiron_3277precision_7550xps_7590_firmwareoptiplex_3080alienware_m17_r1latitude_3480latitude_rugged_5424_firmwarevostro_3671inspiron_7591latitude_7310inspiron_7790g3_3590_firmwareinspiron_7790_firmwarealienware_13_r3latitude_3379vostro_3584_firmwarechengming_3990_firmwarevostro_15_5568precision_3520_firmwarechengming_3980inspiron_7567_firmwareoptiplex_7060vostro_14_3468_firmwarelatitude_5290_firmwareinspiron_13_5379_firmwareg5_5090_firmwarelatitude_7390latitude_3390_firmwareprecision_7750_firmwarealienware_aurora_r12_firmwareprecision_3431precision_7510vostro_3480_firmwarechengming_3991_firmwarevostro_7590_firmwareprecision_3510_firmwareinspiron_7370_firmwarelatitude_7389_firmwarelatitude_e7470optiplex_5040_firmwareinspiron_3581latitude_rugged_tablet_7212_firmwareoptiplex_7480inspiron_5400_firmwareinspiron_15_5566_firmwarelatitude_5488_firmwarealienware_17_r5_firmwareoptiplex_5480precision_3541_firmwarealienware_m15_r1precision_7920_firmwareinspiron_15_7572alienware_aurora_r7_firmwareinspiron_3476_firmwareinspiron_5680vostro_3881_firmwareinspiron_7373latitude_5511_firmwareinspiron_15_7573_firmwareoptiplex_7040_firmwareprecision_3550latitude_7370latitude_7370_firmwareoptiplex_7440_firmwareoptiplex_5070_firmwarealienware_15_r4latitude_5490alienware_m17_r2inspiron_7567vostro_3070_firmwarelatitude_rugged_extreme_7414xps_7590optiplex_7071vostro_3481inspiron_7786latitude_9410_firmwarevostro_7590latitude_e7270_firmwarelatitude_5280_firmwareg5_5587_firmwarelatitude_3180inspiron_3268latitude_e5470optiplex_3070_firmwarelatitude_7410_firmwarevostro_3667latitude_e7470_firmwareprecision_7720_firmwareinspiron_3476inspiron_13_5378inspiron_3780inspiron_7380_firmwarelatitude_7390_firmwarelatitude_5500_firmwareprecision_7710latitude_5410_firmwarevostro_5090_firmwareprecision_3520inspiron_17_7773_firmwareg7_7790latitude_e5570inspiron_3880_firmwareg5_5090optiplex_3050optiplex_5080_firmwareinspiron_15_7570latitude_e5270_firmwareoptiplex_7480_firmwarevostro_3471latitude_rugged_5420_firmwarelatitude_rugged_extreme_7214_firmwareinspiron_3480_firmwareg5_5590_firmwarealienware_m15_r3inspiron_7700_firmwareoptiplex_5060_firmwarelatitude_3470_firmwareprecision_7530_firmwarealienware_x17_r1latitude_rugged_5424vostro_3583_firmwareinspiron_15_5566latitude_3190_firmwarealienware_aurora_ryzen_edition_firmwareg3_3779_firmwarevostro_15_3578latitude_5500inspiron_15_5582precision_7550_firmwarewyse_7040_firmwarelatitude_5285_firmwareinspiron_5477chengming_3991latitude_5288_firmwarelatitude_rugged_extreme_7414_firmwareinspiron_5480inspiron_3471_firmwarevostro_3669_firmwarelatitude_5501latitude_7400_firmwareprecision_7710_firmwarelatitude_3590inspiron_7472_firmwareoptiplex_5260_firmwarechengming_3990vostro_3583latitude_5491_firmwarevostro_5880_firmwareprecision_3630xps_15_9560_firmwarevostro_14_3468optiplex_3060optiplex_5060chengming_3988_firmwareinspiron_5491inspiron_5482_firmwarevostro_5481inspiron_7467precision_3530_firmwareprecision_3930_firmwarelatitude_rugged_tablet_7212latitude_5580_firmwarelatitude_7200inspiron_3477_firmwarelatitude_3189vostro_3580precision_7750inspiron_7472latitude_5175inspiron_14_3467_firmwareprecision_3620_firmwareoptiplex_3280_firmwarevostro_15_3568embedded_box_pc_5000inspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579inspiron_7386_firmwareoptiplex_7080alienware_aurora_r9alienware_area_51m_r2_firmwareoptiplex_7440latitude_5480alienware_15_r3vostro_5471_firmwareoptiplex_7470optiplex_3046xps_15_9575_firmwarelatitude_7210_firmwareinspiron_15_5582_firmwarealienware_x15_r1_firmwarelatitude_7300_firmwarelatitude_5510wyse_5470inspiron_5481precision_3440_firmwarealienware_x17_r1_firmwarexps_8930xps_27_7760inspiron_7786_firmwareprecision_3640_firmwareinspiron_15_5579vostro_15_3568_firmwarelatitude_7410latitude_5501_firmwarexps_27_7760_firmwareprecision_3430_firmwarelatitude_5411optiplex_7450_firmwareoptiplex_7450inspiron_15_3567_firmwareg3_3579_firmwarevostro_15_5568_firmwarelatitude_3480_firmwarelatitude_3189_firmwarexps_13_9360_firmwarealienware_17_r5optiplex_7760_firmwareinspiron_14_5468_firmwareinspiron_7591_firmwarelatitude_5290alienware_aurora_r7latitude_5289_firmwarechengming_3980_firmwarelatitude_5590_firmwareinspiron_15_7572_firmwarevostro_5481_firmwarelatitude_rugged_5414vostro_3267inspiron_14_3467inspiron_3671precision_5540alienware_17_r4precision_3930inspiron_3480latitude_3490inspiron_3670latitude_3300_firmwarevostro_5471alienware_15_r4_firmwarevostro_5581latitude_7200_firmwareg7_7790_firmwarelatitude_5510_firmwareinspiron_3670_firmwarevostro_15_7570latitude_e5570_firmwareprecision_3540_firmwareinspiron_7777_firmwareoptiplex_3046_firmwarelatitude_3380latitude_7210latitude_5289precision_7820vostro_3471_firmwareoptiplex_3080_firmwareoptiplex_3240precision_5510_firmwarelatitude_rugged_7220inspiron_3881xps_13_9380alienware_area_51m_r2latitude_5490_firmwarelatitude_5591_firmwarealienware_13_r3_firmwarelatitude_5310_firmwarevostro_3070inspiron_5481_firmwareprecision_5520_firmwarechengming_3988xps_15_7590inspiron_3477latitude_3300latitude_5580precision_5540_firmwareinspiron_3277_firmwareinspiron_5401_firmwarexps_8940_firmwareinspiron_3268_firmwarevostro_3480latitude_rugged_7220_firmwareprecision_3640alienware_17_r4_firmwarelatitude_rugged_7220exg5_5587latitude_3580_firmwarevostro_3470alienware_aurora_r9_firmwareoptiplex_3070inspiron_3280optiplex_3040precision_5720latitude_7290_firmwareoptiplex_5270_firmwareprecision_7530inspiron_5370_firmwarelatitude_3551_firmwarexps_8930_firmwarechengming_3977_firmwareoptiplex_7470_firmwareoptiplex_7460g7_7590_firmwarexps_15_7590_firmwareembedded_box_pc_5000_firmwareinspiron_15_7573optiplex_7050precision_3431_firmwareprecision_3510vostro_14_3478xps_13_9380_firmwareinspiron_13_5379latitude_5288latitude_7490optiplex_7060_firmwareg3_3779precision_5820_firmwareinspiron_5401optiplex_5250vostro_3667_firmwarealienware_aurora_ryzen_editioninspiron_15_7577_firmwarevostro_15_7570_firmwareCPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-21595
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.14% / 34.21%
||
7 Day CHG-0.05%
Published-16 Aug, 2021 | 22:00
Updated-17 Sep, 2024 | 00:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-36290
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.11% / 30.45%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 19:50
Updated-16 Sep, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges.

Action-Not Available
Vendor-Dell Inc.
Product-vnxe1600vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX2
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-46756
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.05% / 14.59%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 05:37
Updated-27 Mar, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_managerVxRail HCI
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2025-30098
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 13.73%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 14:42
Updated-12 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-PowerProtect Data Domain LTS 2023PowerProtect Data Domain Feature ReleasePowerProtect Data Domain LTS2024
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-30097
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 13.73%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 14:38
Updated-12 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges

Action-Not Available
Vendor-Dell Inc.
Product-PowerProtect Data Domain LTS 2023PowerProtect Data Domain Feature ReleasePowerProtect Data Domain LTS2024
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-30096
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 13.73%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 14:32
Updated-12 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-PowerProtect Data Domain LTS 2023PowerProtect Data Domain Feature ReleasePowerProtect Data Domain LTS2024
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-45095
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 23.14%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 04:45
Updated-27 Mar, 2025 | 13:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-38483
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.8||MEDIUM
EPSS-0.03% / 5.20%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 09:24
Updated-18 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5480latitude_7280_firmwarelatitude_5280latitude_5420_rugged_firmwarelatitude_7212_rugged_extreme_tabletlatitude_5414_rugged_firmwarelatitude_5424_rugged_firmwarewyse_7040_thin_client_firmwarelatitude_5420_ruggedoptiplex_7450_all-in-one_firmwarelatitude_7414_rugged_firmwarelatitude_5480_firmwarelatitude_7380_firmwarelatitude_7390_2-in-1_firmwarelatitude_7480_firmwarelatitude_5400_firmwarewyse_7040_thin_clientlatitude_5288_firmwarelatitude_3390_2-in-1precision_3420latitude_5490latitude_5590latitude_7390_2-in-1precision_5530_2-in-1precision_5530_2-in-1_firmwareprecision_3420_tower_firmwarelatitude_5290_2-in-1_firmwarelatitude_5488latitude_5490_firmwareprecision_7720latitude_7380optiplex_7450_all-in-oneprecision_5520_firmwarelatitude_5280_firmwarelatitude_12_rugged_extreme_7214_firmwarelatitude_7424_rugged_extreme_firmwarelatitude_12_rugged_extreme_7214optiplex_5050optiplex_3050_firmwarelatitude_3300latitude_5580precision_7520latitude_5290_2-in-1latitude_3390_2-in-1_firmwareprecision_3620_towerlatitude_7285_2-in-1latitude_7414_ruggedprecision_7720_firmwarelatitude_7290precision_3520_firmwarelatitude_7212_rugged_extreme_tablet_firmwarelatitude_13_3380_firmwarelatitude_7490_firmwarelatitude_7480latitude_7285_2-in-1_firmwarelatitude_7390_firmwarelatitude_5290latitude_7424_rugged_extremeprecision_5520latitude_5290_firmwarelatitude_5414_ruggedlatitude_5590_firmwarelatitude_7390precision_3520latitude_7290_firmwarelatitude_5580_firmwarelatitude_5424_ruggedoptiplex_5050_firmwareprecision_7520_firmwareoptiplex_3050optiplex_3050_all-in-onelatitude_13_3380embedded_box_pc_5000_firmwareprecision_3620_firmwareembedded_box_pc_5000latitude_7490latitude_5288optiplex_3050_all-in-one_firmwarelatitude_3300_firmwarelatitude_7280latitude_5488_firmwarelatitude_5400Dell Client Platform BIOSwyse_7040_thin_client_firmwareprecision_3420_tower_firmwareprecision_3620_tower_firmwarelatitude_5290_2-in-1_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2024-25961
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.06% / 17.39%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 18:00
Updated-09 Jan, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-52537
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 2.11%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 07:26
Updated-04 Feb, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowsdock_wd19_firmware_update_utilitylinux_kerneldock_wd22tb4_firmware_update_utilitydock_hd22q_firmware_update_utilityDell Client Platform BIOS
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-53292
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.02% / 4.07%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 07:55
Updated-04 Feb, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-vxrail_hyperconverged_infrastructureDell VxRail HCI
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-48015
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.12%
||
7 Day CHG+0.01%
Published-17 Mar, 2025 | 17:16
Updated-14 Jul, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-47238
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.10%
||
7 Day CHG-0.00%
Published-12 Dec, 2024 | 17:38
Updated-04 Feb, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Action-Not Available
Vendor-Dell Inc.
Product-edge_gateway_3000embedded_box_pc_3000_firmwareedge_gateway_3003edge_gateway_5100_firmwareedge_gateway_5100embedded_box_pc_3000edge_gateway_3002_firmwareedge_gateway_3003_firmwareedge_gateway_3002edge_gateway_3001_firmwareedge_gateway_3200_firmwareedge_gateway_3001edge_gateway_3000_firmwareedge_gateway_5000_firmwareedge_gateway_3200edge_gateway_5000Dell Client Platform BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2024-39580
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.36%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 08:54
Updated-16 Sep, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-insightiqPowerScale InsightIQpowerscale_insightiq
CWE ID-CWE-284
Improper Access Control
CVE-2024-39574
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.30%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 09:01
Updated-16 Sep, 2024 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-insightiqPowerScale InsightIQpowerscale_insightiq
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-38296
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.79%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 02:58
Updated-04 Feb, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-edge_gateway_5200intel_management_engine_firmware_update_utilityedge_gateway_3200Edge Gateway 5200edge_gateway_5200_firmware
CWE ID-CWE-1421
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution
CVE-2024-37133
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.10%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 07:18
Updated-02 Aug, 2024 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSpowerscale_onefs
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-37126
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.10%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 07:28
Updated-02 Aug, 2024 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSpowerscale_onefs
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-32854
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 28.60%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 07:08
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSpowerscale_onefs
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-4056
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 18.89%
||
7 Day CHG~0.00%
Published-21 Feb, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access.

Action-Not Available
Vendor-n/aDell Inc.
Product-vce_vision_intelligent_operationsn/a
CVE-2024-25967
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 23.37%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 06:44
Updated-09 Jan, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSpowerscale_onefs
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-22429
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.34%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 15:20
Updated-30 Jan, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_3189_firmwarelatitude_5590latitude_12_rugged_extreme_7214latitude_5480latitude_5488_firmwarelatitude_3190_2-in-1latitude_5424_rugged_firmwareoptiplex_3050precision_5530_2-in-1_firmwareembedded_box_pc_3000_firmwarelatitude_5290_firmwarelatitude_13_3380latitude_5490_firmwarelatitude_3300optiplex_7450_all-in-one_firmwarelatitude_5488optiplex_7450_all-in-onelatitude_5480_firmwarelatitude_5288_firmwarelatitude_3190latitude_3189edge_gateway_3000latitude_5400wyse_7040_thin_clientlatitude_3390_2-in-1latitude_5280_firmwarewyse_5070embedded_box_pc_3000latitude_7285_2-in-1_firmwareoptiplex_3050_firmwarelatitude_7390_2-in-1_firmwareprecision_3520latitude_7290_firmwareprecision_3420_tower_firmwarelatitude_5414_rugged_firmwarelatitude_5400_firmwareoptiplex_5050_firmwarelatitude_3190_firmwareembedded_box_pc_5000precision_5820_towerprecision_3620_tower_firmwarelatitude_7424_rugged_extremelatitude_7480_firmwareprecision_7720_firmwareprecision_3620_towerprecision_7520latitude_7212_rugged_extreme_tablet_firmwarelatitude_7280latitude_7380_firmwarelatitude_5414_ruggedlatitude_7212_rugged_extreme_tabletlatitude_3180latitude_3190_2-in-1_firmwarelatitude_5424_ruggedlatitude_7280_firmwarelatitude_3300_firmwarelatitude_3180_firmwareprecision_3520_firmwarelatitude_7390_2-in-1edge_gateway_5000_firmwarelatitude_5288precision_5520edge_gateway_5000latitude_5290_2-in-1precision_5820_tower_firmwarelatitude_7285_2-in-1latitude_7390_firmwarelatitude_7490latitude_5290_2-in-1_firmwarelatitude_5290latitude_7290latitude_13_3380_firmwarelatitude_5420_ruggededge_gateway_3000_firmwarelatitude_5590_firmwareprecision_7720latitude_5490precision_7520_firmwarelatitude_5280precision_5530_2-in-1embedded_box_pc_5000_firmwarelatitude_5420_rugged_firmwarelatitude_7414_rugged_firmwareprecision_5520_firmwarewyse_5070_firmwarelatitude_3390_2-in-1_firmwarelatitude_5580latitude_7490_firmwareoptiplex_5050latitude_5580_firmwarelatitude_7390wyse_7040_thin_client_firmwarelatitude_7424_rugged_extreme_firmwareoptiplex_3050_all-in-one_firmwareoptiplex_3050_all-in-onelatitude_7380latitude_7414_ruggedprecision_3420_towerlatitude_12_rugged_extreme_7214_firmwarelatitude_7480CPG BIOSedge_gateway_3000_firmwareprecision_3620_towerlatitude_3180_firmwarelatitude_3189_firmwarelatitude_5280_firmwarelatitude_5424_firmwarelatitude_3300_firmwarelatitude_13_3380latitude_12_rugged_extreme_7214_firmwarelatitude_7212_rugged_extreme_tablet_firmwareprecision_3420_towerlatitude_3390_2-in-1wyse_5070latitude_7414_rugged_extreme_firmwarelatitude_5414_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2020-5363
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.6||HIGH
EPSS-0.05% / 14.47%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 20:40
Updated-16 Sep, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_7300latitude_5401precision_7740_firmwareprecision_3541precision_3541_firmwarelatitude_5401_firmwareprecision_7540_firmwarelatitude_5500_firmwareprecision_3540_firmwarelatitude_5300_firmwarexps_13_9300xps_7390_2-in-1_firmwarelatitude_7300_firmwarelatitude_5500latitude_7400latitude_5400_firmwarelatitude_7200_2_in_1_firmwarelatitude_7220_firmwareprecision_7540precision_7740latitude_7220ex_rugged_extreme_tabletxps_7590_firmwarelatitude_7220ex_rugged_extreme_tablet_firmwarexps_7590latitude_7220latitude_7200_2_in_1latitude_5501latitude_5300latitude_7400_firmwareprecision_3540xps_13_9300_firmwarexps_7390_2-in-1latitude_5501_firmwarelatitude_5300_2-in-1latitude_5300_2-in-1_firmwarelatitude_5400Dell Client Consumer and Commercial platforms
CWE ID-CWE-158
Improper Neutralization of Null Byte or NUL Character
CVE-2020-29501
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 6.65%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerstoreemc_powerstore_firmwarePowerStore
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-34406
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.49%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 11:00
Updated-26 Feb, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-r750xa_firmwaret430_firmwarer6515_firmwaret350_firmwarefc430_firmwarem630_firmwaret550_firmwarer430nx3330r750xac6420r6515fc430r530_firmwarer930_firmwarer450r650_firmwarer6415t130_firmwarec6520_firmwaret440xe7420m630r640_firmwarer740r550_firmwarec4130_firmwarer830r940xar7515_firmwaret340_firmwarer240_firmwarer630_firmwarenx3230fc640_firmwarem830pr250fc630_firmwarer940xa_firmwarexe2420_firmwarenx3340t640_firmwarer940_firmwarexe7440r230_firmwarem830_firmwarec4140_firmwarec6320_firmwarexr12_firmwarem640pr750fc630r730xd_firmwarer7415r550r6415_firmwarer340xe8545r650nx430_firmwarefc640r630c4130r740xd2_firmwarer7425_firmwarer240c6420_firmwaret330_firmwaremx740cr7425r330_firmwarec6525t140r750xs_firmwarer330nx430r640nx440_firmwaremx840cm630pnx3340_firmwarer750xst630m640c6320r430_firmwarer650xsr350t150_firmwarer750_firmwaret150r6525mx840c_firmwarer740_firmwarer450_firmwarenx3240_firmwarec4140t630_firmwaret340t130t430r440_firmwarer530dss8440_firmwaremx740c_firmwarer250_firmwarer940r340_firmwarer7415_firmwarer840r730nx3240m830m640p_firmwarexe8545_firmwarer440r740xd2r7525_firmwarer6525_firmwarer730xdr540r230mx750c_firmwarer840_firmwarer740xd_firmwarer7525xe2420xr11_firmwaredss8440xr11m630p_firmwarefc830r350_firmwaret550xr12nx3330_firmwaremx750cnx440t640r830_firmwarer540_firmwarem830p_firmwaret350fc830_firmwaret140_firmwarexe7440_firmwarer730_firmwarexr2m640_firmwarer740xdr7515t330c6525_firmwarexe7420_firmwarer650xs_firmwaret440_firmwarexr2_firmwarer930nx3230_firmwarec6520PowerEdge Platform
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-26182
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 33.52%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 18:10
Updated-16 Sep, 2024 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform 'saveset' related operations in an unintended manner. The vulnerability is not exploitable by users authenticated via LDAP.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2025-38738
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.22%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 14:36
Updated-18 Aug, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SupportAssist for Home PCs Installer exe version(s) 4.8.2.29006 and prior, contain(s) an Incorrect Privilege Assignment vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_home_pcsSupportAssist for Home PCs
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-36613
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-2.8||LOW
EPSS-0.01% / 1.59%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 14:46
Updated-18 Aug, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist for Home PCs
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-36612
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.22%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 14:42
Updated-18 Aug, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcsSupportAssist for Business PCs
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-49561
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.97%
||
7 Day CHG~0.00%
Published-17 Mar, 2025 | 17:35
Updated-08 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10SmartFabric OS10 Software
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-45759
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.01% / 2.09%
||
7 Day CHG-0.00%
Published-08 Nov, 2024 | 02:48
Updated-26 Nov, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to unauthorized execution of certain commands to overwrite system config of the application. Exploitation may lead to denial of service of system.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect DD
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-39576
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.03% / 7.28%
||
7 Day CHG~0.00%
Published-22 Aug, 2024 | 02:54
Updated-26 Nov, 2024 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)power_manager
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2020-27122
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.05% / 13.66%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 18:15
Updated-13 Nov, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected device. The vulnerability is due to incorrect privilege assignment. An attacker could exploit this vulnerability by logging in to the system with a crafted Active Directory account. A successful exploit could allow the attacker to obtain root privileges on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-20855
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.9||HIGH
EPSS-0.07% / 23.06%
||
7 Day CHG~0.00%
Published-30 Sep, 2022 | 18:46
Updated-01 Nov, 2024 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation Vulnerability

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_9120_apcatalyst_9800-lcatalyst_9105catalyst_9124catalyst_9800-40catalyst_9800catalyst_9120catalyst_9105axwcatalyst_9120axecatalyst_9124axdcatalyst_9105axicatalyst_9120axicatalyst_9130axeios_xecatalyst_9130_apcatalyst_9115axecatalyst_9800-l-ccatalyst_9800-clcatalyst_9117_apcatalyst_9800-80catalyst_9800-l-fcatalyst_9117catalyst_9120axpcatalyst_9115catalyst_9124axicatalyst_9115axicatalyst_9130catalyst_9115_apcatalyst_9130axicatalyst_9117axiCisco IOS XE Software
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-40124
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 8.90%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 15:36
Updated-07 Nov, 2024 | 21:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability

A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts executed before user logon. An attacker could exploit this vulnerability by configuring a script to be executed before logon. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-anyconnect_secure_mobility_clientCisco AnyConnect Secure Mobility Client
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-33503
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.11%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 14:09
Updated-31 Jan, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortianalyzerfortianalyzer_cloudfortimanager_cloudfortimanagerFortiManager
CWE ID-CWE-266
Incorrect Privilege Assignment
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found