Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-24502

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-03 Mar, 2026 | 20:43
Updated At-03 Mar, 2026 | 21:01
Rejected At-
Credits

Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:03 Mar, 2026 | 20:43
Updated At:03 Mar, 2026 | 21:01
Rejected At:
â–¼CVE Numbering Authority (CNA)

Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Affected Products
Vendor
Dell Inc.Dell
Product
Dell Command | Intel vPro Out of Band
Default Status
unaffected
Versions
Affected
  • From N/A before 4.7.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-427CWE-427: Uncontrolled Search Path Element
Type: CWE
CWE ID: CWE-427
Description: CWE-427: Uncontrolled Search Path Element
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Dell would like to thank Sandro Poppi for reporting this issue.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000429179/dsa-2026-106
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000429179/dsa-2026-106
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:03 Mar, 2026 | 21:15
Updated At:03 Mar, 2026 | 21:52

Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-427Primarysecurity_alert@emc.com
CWE ID: CWE-427
Type: Primary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000429179/dsa-2026-106security_alert@emc.com
N/A
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000429179/dsa-2026-106
Source: security_alert@emc.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

59Records found
CVE-2021-36276
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.03% / 8.32%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 21:05
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Action-Not Available
Vendor-Dell Inc.
Product-dbutildrv2.sys_firmwaredbutil
CWE ID-CWE-285
Improper Authorization
CVE-2023-32460
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.53%
||
7 Day CHG-0.01%
Published-08 Dec, 2023 | 05:37
Updated-02 Aug, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r7515poweredge_fc430poweredge_t140_firmwarepoweredge_t560_firmwarepoweredge_xr12poweredge_r7515_firmwarepoweredge_fc630poweredge_r760xa_firmwarepoweredge_xe7420poweredge_mx750c_firmwarepoweredge_r530poweredge_m640_\(pe_vrtx\)poweredge_m830_\(pe_vrtx\)emc_xc_core_xc650_firmwarenx3330emc_nx440_firmwarepoweredge_t630_firmwareemc_xc_core_xc940poweredge_r330dss_8440poweredge_xe7440_firmwarepoweredge_t130poweredge_xe9680poweredge_r430poweredge_r840_firmwarepoweredge_t150_firmwarepoweredge_r830poweredge_m630_\(pe_vrtx\)xc730_hyperconverged_appliancepoweredge_c6320poweredge_r350_firmwarepoweredge_r750_firmwarepoweredge_xr8610tpoweredge_r440poweredge_xr4510cpoweredge_c6615poweredge_m830poweredge_r340poweredge_fc640_firmwarepoweredge_c6320_firmwarepoweredge_r750xspoweredge_t640_firmwarepoweredge_r830_firmwarepoweredge_r740xd2poweredge_t550_firmwarepoweredge_xr7620_firmwarepoweredge_r240_firmwarepoweredge_fc830_firmwarenx3230poweredge_r730xdpoweredge_r230poweredge_t350poweredge_fc630_firmwareemc_xc_core_xc740xd2poweredge_r740poweredge_xr2xc_core_xc660_firmwarexc730xd_hyperconverged_appliancepoweredge_r230_firmwarepoweredge_r440_firmwarepoweredge_t150poweredge_r630_firmwarepoweredge_xe9680_firmwarepoweredge_r650xspoweredge_fc830xc430_hyperconverged_applianceemc_xc_core_xc740xd2_firmwarexc_core_xc760poweredge_r730xd_firmwarepoweredge_c6620_firmwareemc_storage_nx3240poweredge_mx840cemc_xc_core_xc740xd_firmwarepoweredge_mx740cpoweredge_r730poweredge_r7525poweredge_t130_firmwaredss_8440_firmwarepoweredge_r6615_firmwareemc_xc_core_xc750xa_firmwareemc_xc_core_xc640_firmwarepoweredge_fc430_firmwareemc_storage_nx3240_firmwarepoweredge_r540_firmwarepoweredge_r740xdpoweredge_r740_firmwarepoweredge_r6415nx430_firmwareemc_xc_core_xc750poweredge_r760xs_firmwarepoweredge_r740xd2_firmwarepoweredge_r940xaemc_xc_core_xc750xapoweredge_t330_firmwarepoweredge_r7625poweredge_r450_firmwarepoweredge_r640poweredge_r7425poweredge_r7615poweredge_r760xd2poweredge_r750xs_firmwarepoweredge_t440_firmwarepoweredge_r930_firmwarenx430poweredge_hs5620_firmwareemc_xc_core_xc6520poweredge_m830_firmwarepoweredge_r7615_firmwarepoweredge_r250poweredge_r6515_firmwarepoweredge_r240poweredge_hs5610_firmwarepoweredge_r430_firmwareemc_xc_core_xc6520_firmwarepoweredge_xr4510c_firmwarepoweredge_r730_firmwarepoweredge_xr8620t_firmwareemc_xc_core_6420_firmwareemc_xc_core_xc450_firmwarexc630_hyperconverged_appliancepoweredge_m640xc730xd_hyperconverged_appliance_firmwarepoweredge_xr8620tpoweredge_t630poweredge_r750poweredge_r650_firmwarepoweredge_m640_\(pe_vrtx\)_firmwarepoweredge_r930xc_core_xc760_firmwarexc6320_hyperconverged_appliance_firmwarepoweredge_xe8640poweredge_t640poweredge_c6520_firmwareemc_xc_core_xc940_firmwareemc_storage_nx3340_firmwarepoweredge_r550_firmwareemc_xc_core_xc750_firmwarexc6320_hyperconverged_appliancepoweredge_r760xd2_firmwarepoweredge_c4140_firmwarexc_core_xc660poweredge_r250_firmwarepoweredge_r760_firmwarepoweredge_r550poweredge_mx840c_firmwarepoweredge_r660_firmwarepoweredge_c6525_firmwarepoweredge_c6525emc_xc_core_xc650emc_xc_core_xc740xdpoweredge_r6625_firmwarepoweredge_r6415_firmwarepoweredge_m830_\(pe_vrtx\)_firmwarepoweredge_r330_firmwarepoweredge_m630xc730_hyperconverged_appliance_firmwarepoweredge_c6615_firmwareemc_xc_core_xc640poweredge_t430_firmwareemc_xc_core_6420poweredge_xe7420_firmwarepoweredge_c6420_firmwarepoweredge_r7415_firmwarepoweredge_fc640poweredge_xe2420_firmwarepoweredge_r7415poweredge_r660poweredge_c4140poweredge_r940_firmwareemc_xc_core_xcxr2_firmwarepoweredge_xr11_firmwarexc430_hyperconverged_appliance_firmwarepoweredge_r860poweredge_r650poweredge_r650xs_firmwarepoweredge_r740xd_firmwarepoweredge_xr11poweredge_t140poweredge_xr12_firmwarepoweredge_xr8610t_firmwarepoweredge_c6620poweredge_xr4520cpoweredge_r7625_firmwarepoweredge_r760xapoweredge_xe9640_firmwareemc_xc_core_xc7525_firmwarepoweredge_t560emc_xc_core_xcxr2poweredge_mx740c_firmwarepoweredge_xr7620poweredge_xr5610_firmwarepoweredge_r640_firmwarepoweredge_t440nx3330_firmwarepoweredge_xr4520c_firmwarepoweredge_r940xa_firmwarepoweredge_r630poweredge_c4130_firmwarepoweredge_r7525_firmwarepoweredge_t330nx440poweredge_mx760c_firmwarepoweredge_r660xspoweredge_r6525poweredge_xe8545_firmwarepoweredge_c4130poweredge_r6615poweredge_mx760cpoweredge_xe9640poweredge_xe8545emc_xc_core_xc7525poweredge_r940poweredge_r750xapoweredge_r540poweredge_t550poweredge_m640_firmwarepoweredge_r660xs_firmwarepoweredge_hs5620poweredge_t340_firmwarepoweredge_r340_firmwarepoweredge_t430poweredge_xr2_firmwarepoweredge_r6515poweredge_xe2420poweredge_r760poweredge_r530_firmwareemc_xc_core_xc450poweredge_r6525_firmwarepoweredge_mx750cpoweredge_c6420poweredge_xe7440poweredge_r960poweredge_m630_firmwarepoweredge_r350emc_storage_nx3340poweredge_xe8640_firmwarepoweredge_r750xa_firmwarepoweredge_r840poweredge_r960_firmwarepoweredge_r760xspoweredge_c6520poweredge_m630_\(pe_vrtx\)_firmwarepoweredge_t340poweredge_xr5610poweredge_r450poweredge_hs5610poweredge_t350_firmwarexc630_hyperconverged_appliance_firmwarepoweredge_r860_firmwarepoweredge_r6625nx3230_firmwarepoweredge_r7425_firmwarePowerEdge Platform
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-21552
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.2||MEDIUM
EPSS-0.16% / 37.21%
||
7 Day CHG~0.00%
Published-21 May, 2021 | 20:05
Updated-16 Sep, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system.

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-wyse_5070_thin_clientwyse_5470_all-in-one_thin_clientwyse_5470_thin_clientwindows_10Wyse Windows Embedded (WES)
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-21601
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.25%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 19:05
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_data_protection_searchData Protection Search
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-21553
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 9.47%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 23:45
Updated-17 Sep, 2024 | 03:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-286
Incorrect User Management
CVE-2021-21551
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-59.92% / 98.24%
||
7 Day CHG~0.00%
Published-04 May, 2021 | 15:15
Updated-28 Oct, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-21||Apply updates per vendor instructions.

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Action-Not Available
Vendor-Dell Inc.
Product-xps_13_9370latitude_7210_2_in_1wyse_5470inspiron_7391_2-in-1precision_7540latitude_5280_mobile_thin_clientoptiplex_7460_all-in-onevostro_5300inspiron_3493inspiron_7386latitude_5310latitude_3301precision_3541vostro_14_5468xps_9530precision_3530inspiron_5348optiplex_5260_all-in-oneinspiron_3847inspiron_7786vostro_3480inspiron_3647inspiron_5770inspiron_5480latitude_e7270_mobile_thin_clientwyse_5070vostro_3501inspiron_14-5459inspiron_5300optiplex_7450_all-in-onelatitude_12_rugged_tablet_7212vostro_5880inspiron_3442optiplex_3080precision_t1700latitude_rugged_5424vostro_5391latitude_e6430_atglatitude_3300optiplex_3090_ultralatitude_5401latitude_7400_2in1vostro_3580chengming_3991latitude_5420inspiron_14-3452latitude_5500precision_t3610latitude_5410inspiron_one_2020vostro_1450latitude_5300inspiron_3168vostro_14_5471inspiron_660vostro_3591latitude_5280optiplex_390precision_7530inspiron_17_5767optiplex_5050inspiron_3580inspiron_7586latitude_5590latitude_3550latitude_3390optiplex_5040precision_3930_rackg7_7500cheng_ming_3967inspiron_7490latitude_7285latitude_e7270latitude_e7450optiplex_5480_aioprecision_5820_towerinspiron_17-5759precision_7740latitude_e6440inspiron_1545latitude_7389vostro_3900inspiron_3671latitude_3560inspiron_5402latitude_e7440alienware_m17xr4vostro_3491vostro_5502latitude_3490inspiron_5494vostro_3668latitude_5288inspiron_5323inspiron_3881inspiron_3490optiplex_3050_aioinspiron_15zprecision_m6600canvas_27vostro_7500latitude_e6330chengming_3988g7_7590inspiron_5521latitude_14_rugged_5414optiplex_5250_all-in-oneoptiplex_7480_aiovostro_5490vostro_5090latitude_3480inspiron_5485_2-in-1vostro_20_3055inspiron_7737latitude_7420vostro_3471precision_7920_towerinspiron_5408latitude_3570xps_8940inspiron_3581precision_5540latitude_e5570vostro_3660xps_15_9500latitude_12_rugged_extreme_7214vostro_5491latitude_5520vostro_3890precision_m4700xps_13_9300inspiron_3043xps_9550vostro_5410g5_5500inspiron_15_5566inspiron_14_7460inspiron_7300gaming_g3_3590latitude_3120inspiron_5400_2-in-1precision_t7500alienware_asm100precision_7710vostro_3401inspiron_7520alienware_17_51m_r2inspiron_3481vostro_3681precision_3620_towerinspiron_1210thunderbolt_dock_tb18dclatitude_xt3latitude_5550precision_7550alienware_m14xr2inspiron_2330latitude_14_rugged_extreme_7404thunderbolt_dock_tb16latitude_5289inspiron_5576xps_15_9575_2-in-1vostro_5480inspiron_3157inspiron_3471g5_5000inspiron_5590latitude_3189inspiron_11-3162alienware_m15_r4inspiron_3268inspiron_15_5567inspiron_5443latitude_14_rugged_extreme_7414xps_13_9310xps_13_9365_2-in-1g5_5090latitude_e5540optiplex_5060inspiron_3880optiplex_xe2inspiron_7501latitude_5290latitude_3400precision_3430_xlinspiron_7591_2-in-1precision_m4600xps_one_2710inspiron_5520inspiron_3593optiplex_3070latitude_e5440vostro_3500optiplex_3240_all-in-onelatitude_5175vostro_3470vostro_5481inspiron_3543latitude_e6320xps_13_9343inspiron_7472precision_17_m5750inspiron_14_gaming_7466latitude_3190_2-in-1latitude_e7250vostro_3888inspiron_15_7572inspiron_7500_2-in-1_blackvostro_230inspiron_7359inspiron_3668precision_t5610vostro_5501latitude_e5430precision_3550wyse_7040_thin_clientlatitude_7290optiplex_7071vostro_3400chengming_3977inspiron_5570optiplex_9010vostro_3901inspiron_3790inspiron_7368vostro_5581inspiron_13_5370latitude_3480_mobile_thin_clientlatitude_7390inspiron_7537optiplex_9030_aioinspiron_5491_2-in-1inspiron_7300_2-in-1vostro_3252vostro_5390latitude_rugged_extreme_7424g15_5510inspiron_1564optiplex_5055_a-serialprecision_3431_towerprecision_t7810vostro_3010vostro_3267latitude_e5420inspiron_5676inspiron_7558latitude_rugged_extreme_tablet_7220latitude_3190xps_17_9700inspiron_5584optiplex_7760_aiolatitude_e6540inspiron_7500optiplex_3046xps_7590dock_wd19precision_3520optiplex_7040precision_5510inspiron_7706_2-in-1latitude_5300_2-in-1precision_3440vostro_3583inspiron_5598precision_t5600optiplex_xe3inspiron_7791optiplex_fx130precision_t5500xps_13_9360inspiron_5548latitude_5285inspiron_5749vostro_13_5370precision_t3600latitude_5511vostro_15_3561g3_3500precision_3630_towervostro_5401alienware_14latitude_5285_2-in-1latitude_5480precision_3640vostro_2521inspiron_660slatitude_7310inspiron_5498latitude_5400inspiron_7580g5_5587inspiron_one_19precision_5530latitude_7490optiplex_7770_aioinspiron_5481_2-in-1inspiron_5482latitude_3410optiplex_9020xps_9350vostro_3800inspiron_5591_2-in-1latitude_e5270g3_3579latitude_e6230inspiron_3781inspiron_20-3052precision_7820_towervostro_15_7570vostro_20_3052inspiron_5583optiplex_7050precision_t7610latitude_3460_wyse_tclatitude_5250inspiron_7548vostro_3581latitude_9510latitude_rugged_5420optiplex_7090_ultralatitude_3590inspiron_3252precision_r5500inspiron_7591precision_3420_towerg7_7790embedded_box_pc_5000vostro_5591vostro_5590optiplex_5055_ryzen_cpuinspiron_15_gaming_7577inspiron_7790vostro_3481inspiron_24-3452precision_7720inspiron_24-3455inspiron_3646inspiron_3670inspiron_15_gaming_7567optiplex_7070_ultraprecision_7510inspiron_3780xps_15_9570vostro_3690inspiron_14_5468optiplex_5055_ryzen_apulatitude_e7470latitude_3150alienware_m18xr2precision_3240_cffinspiron_3584optiplex_7080vostro_270precision_t5810xps_15_9560optiplex_5055vostro_3584inspiron_1122inspiron_7306_2-in-1dock_wd15inspiron_7391optiplex_7020inspiron_5490_aiovostro_3905inspiron_5409inspiron_15-5559optiplex_5080inspiron_5401precision_5520precision_m6700inspiron_3520latitude_5490precision_3510precision_5530_2-in-1xps_8900xps_13_9310_2-in-1precision_t7910latitude_3500vostro_3490precision_7520optiplex_3020precision_3560inspiron_5423optiplex_3030_aiovostro_1550vostro_3671xps_12_9250inspiron_7590_2-in-1inspiron_7746latitude_12_7285inspiron_5448vostro_15_5568latitude_e5470optiplex_790precision_3540latitude_7275optiplex_7010latitude_3580precision_t3500inspiron_15_gaming_7566optiplex_990precision_3430_towerchengming_3980latitude_rugged_7424vostro_220slatitude_3470vostro_5301latitude_5310_2-in-1vostro_3070inspiron_5501latitude_5200xps_13_7390_2-in-1xps_27_7760latitude_3310_2-in-1inspiron_5491_aiolatitude_7480inspiron_5400_aioinspiron_5493inspiron_7437optiplex_fx170alienware_asm100r2latitude_7410xps_13_9380inspiron_15-3552inspiron_3443inspiron_5509latitude_5320precision_5820_xl_toweroptiplex_3040inspiron_3470latitude_7520inspiron_5406_2-in-1optiplexlatitude_3380g7_7700inspiron_3793inspiron_5301inspiron_3891vostro_3902inspiron_15-5565vostro_3900ginspiron_3437inspiron_5490inspiron_3583latitude_9410latitude_3340optiplex_7070inspiron_3542inspiron_620inspiron_5391latitude_e6220chengming_3990vostro_15_7580latitude_3350precision_5550inspiron_3421vostro_3560inspiron_7380latitude_5290_2-in-1latitude_7400precision_7730vostro_5890g3_3779latitude_7350inspiron_3048inspiron_3655inspiron_3501inspiron_5537latitude_3180latitude_7200_2-in-1vostro_3669vostro_3670vostro_3881inspiron_3480latitude_e5530wyse_5470_all-in-oneinspiron_5577precision_7820_xl_towerinspiron_580soptiplex_7060latitude_3450alienware_area_51latitude_5495latitude_5488inspiron_15_7560inspiron_3521optiplex_7440_aioinspiron_5390inspiron_3537inspiron_5594vostro_14-5459inspiron_7506_2-in-1latitude_3160inspiron_3656optiplex_3050latitude_5501inspiron_5508latitude_5580vostro_260xps_13_9305inspiron_7590xps_13_7390optiplex_3280_aioinspiron_24-5475latitude_7370precision_7920_xl_toweroptiplex_5070optiplex_5270_aiolatitude_5450latitude_5179optiplex_3011_aiolatitude_5510inspiron_7559latitude_7390_2-in-1optiplex_3010precision_7750vostro_7590precision_5720_aiovostro_14_3458inspiron_14_gaming_7467latitude_7280latitude_e6530vostro_3667optiplex_3060inspiron_7720latitude_3510vostro_270sinspiron_3147g5_5590latitude_3460inspiron_3590g7_7588latitude_3310latitude_rugged_extreme_tablet_7220exlatitude_7380vostro_14-3446vostro_3590inspiron_5737inspiron_5580inspiron_5593latitude_5411precision_3930_xl_racklatitude_3330latitude_e7240latitude_3440optiplex_780inspiron_5543chengming_3967inspiron_7700optiplex_7780_aiovostro_3268inspiron_7500_2-in-1_silverinspiron_7390latitude_5491inspiron_15_5582_2-in-1vostro_470vostro_5402inspiron_7400latitude_7300latitude_5591precision_3551xps_8700latitude_7320precision_t7600latitude_e7270_wyse_tcdbutilinspiron_5502latitude_e6430dbutildbutil Driver
CWE ID-CWE-782
Exposed IOCTL with Insufficient Access Control
CVE-2020-5315
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.04% / 12.59%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 21:30
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage vulnerability. Proxy server user password is stored in a plain text in a local database. A local authenticated malicious user with access to the local file system may use the exposed password to access the with privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_repository_managerDell EMC Repository Manager (DRM)
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-0162
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.70%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 16:18
Updated-04 Feb, 2025 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_c6520_firmwarepoweredge_r660xs_firmwarepoweredge_xr11_firmwarepoweredge_r6615_firmwarepoweredge_t560_firmwarepoweredge_r760xd2_firmwarepoweredge_r6525_firmwarepoweredge_r960poweredge_hs5610emc_xc_core_xc7525xc_core_xc7625poweredge_mx750cpoweredge_xr11poweredge_c6520emc_xc_core_xc750_firmwarepoweredge_r350poweredge_r7515_firmwarepoweredge_xe9680poweredge_xe8640_firmwarepoweredge_xr8610t_firmwarepoweredge_t550poweredge_c6525poweredge_xe8545_firmwarepoweredge_r860poweredge_xr5610_firmwareemc_xc_core_xc750xa_firmwarepoweredge_r6515_firmwarepoweredge_r760xapoweredge_r860_firmwarepoweredge_r6625_firmwarepoweredge_t150_firmwarepoweredge_r250emc_xc_core_xc7525_firmwareemc_xc_core_xc750emc_xc_core_xc750xapoweredge_r760poweredge_xr12poweredge_r7615_firmwarepoweredge_xr8620temc_xc_core_xc450_firmwarepoweredge_xr8620t_firmwarepoweredge_r760xs_firmwarepoweredge_xr12_firmwarepoweredge_r6515emc_xc_core_xc650_firmwarepoweredge_t150poweredge_t560poweredge_xe8545poweredge_r650_firmwarepoweredge_xe9680_firmwarepoweredge_r760xd2poweredge_r760xspoweredge_xr8610tpoweredge_r350_firmwareemc_xc_core_xc650poweredge_r7625_firmwarexc_core_xc760poweredge_r7515emc_xc_core_xc450poweredge_r660xspoweredge_r550_firmwarepoweredge_c6620_firmwarepoweredge_xr7620_firmwarexc_core_xc660poweredge_c6525_firmwarexc_core_xc760_firmwarepoweredge_xe8640poweredge_r960_firmwarepoweredge_xe9640poweredge_r650xspoweredge_r6525emc_xc_core_xc6520_firmwarepoweredge_r750xapoweredge_t350poweredge_mx750c_firmwarepoweredge_r760_firmwarepoweredge_r250_firmwarepoweredge_c6620poweredge_r7525_firmwarepoweredge_xr4510c_firmwareemc_xc_core_xc6520poweredge_r750xa_firmwarepoweredge_r660poweredge_r450_firmwarepoweredge_xr7620poweredge_r7615poweredge_xe9640_firmwarepoweredge_r750xspoweredge_r650poweredge_xr4510cpoweredge_r7525poweredge_r760xa_firmwarepoweredge_r750xs_firmwarepoweredge_r660_firmwarepoweredge_t350_firmwarepoweredge_hs5610_firmwarepoweredge_r750poweredge_r650xs_firmwarepoweredge_xr4520c_firmwarepoweredge_r7625poweredge_c6615poweredge_r750_firmwarepoweredge_hs5620_firmwarexc_core_xc7625_firmwarepoweredge_mx760cpoweredge_mx760c_firmwarepoweredge_xr5610poweredge_r6625poweredge_r450xc_core_xc660_firmwarepoweredge_r6615poweredge_r550poweredge_t550_firmwarepoweredge_hs5620poweredge_xr4520cpoweredge_c6615_firmwarePowerEdge BIOS Intel 16G
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-43888
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.02% / 4.97%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 15:42
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Data Manager
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-36553
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.02% / 5.28%
||
7 Day CHG~0.00%
Published-17 Nov, 2025 | 22:26
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dell ControlVault3 CvManager buffer overflow vulnerability

A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability.

Action-Not Available
Vendor-Broadcom Inc.Dell Inc.
Product-ControlVault3ControlVault3 PlusBCM5820X
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-32089
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.02% / 4.25%
||
7 Day CHG~0.00%
Published-17 Nov, 2025 | 22:34
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dell ControlVault3 CvManager_SBI buffer overflow vulnerability

A buffer overflow vulnerability exists in the CvManager_SBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to a arbitrary code execution. An attacker can issue an api call to trigger this vulnerability.

Action-Not Available
Vendor-Broadcom Inc.Dell Inc.
Product-ControlVault3ControlVault3 PlusBCM5820X
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-25215
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.04% / 12.09%
||
7 Day CHG+0.01%
Published-13 Jun, 2025 | 21:26
Updated-03 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dell ControlVault3/ControlVault3 Plus cv_close arbitrary free vulnerability

An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability.

Action-Not Available
Vendor-Dell Inc.Broadcom Inc.
Product-BCM5820XControlVault3ControlVault3 Plus
CWE ID-CWE-763
Release of Invalid Pointer or Reference
CVE-2025-26332
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.02% / 3.68%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 17:55
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-xtremio_management_serverxtremio_x2techadvisorTechAdvisor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-24922
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.03% / 8.73%
||
7 Day CHG+0.01%
Published-13 Jun, 2025 | 20:51
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dell ControlVault3/ControlVault3 Plus securebio_identify stack-based buffer overflow vulnerability

A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cv_object can lead to a arbitrary code execution. An attacker can issue an API call to trigger this vulnerability.

Action-Not Available
Vendor-Broadcom Inc.Dell Inc.
Product-ControlVault3ControlVault3 PlusBCM5820X
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-25050
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.03% / 8.30%
||
7 Day CHG+0.01%
Published-13 Jun, 2025 | 21:03
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dell ControlVault3/ControlVault3 Plus cv_upgrade_sensor_firmware out-of-bounds write vulnerability

An out-of-bounds write vulnerability exists in the cv_upgrade_sensor_firmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an out-of-bounds write. An attacker can issue an API call to trigger this vulnerability.

Action-Not Available
Vendor-Broadcom Inc.Dell Inc.
Product-ControlVault3ControlVault3 PlusBCM5820X
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34403
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.14%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 05:19
Updated-26 Mar, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_15_3511inspiron_5310vostro_5510_firmwarexps_15_9510_firmwarelatitude_3520vostro_3525_firmwareprecision_3561_firmwarexps_17_9710_firmwareinspiron_3275inspiron_7610precision_3650_towerlatitude_rugged_7330precision_7560latitude_5421vostro_5890latitude_9420_firmwareinspiron_3891_firmwareinspiron_3785_firmwareinspiron_3525_firmwarelatitude_7420_firmwareinspiron_7610_firmwareinspiron_15_3511_firmwareoptiplex_5090_firmwareinspiron_3515_firmwarelatitude_9420g15_5525_firmwareinspiron_3475inspiron_5505inspiron_3505g15_5525optiplex_7090_ultrainspiron_3595inspiron_5485_2-in-1latitude_5320inspiron_3891vostro_5310inspiron_5510_firmwarealienware_m17_r5_amdinspiron_7405_2-in-1inspiron_3275_firmwarevostro_3690precision_7760inspiron_5425g15_5511_firmwarelatitude_7320alienware_m15_r7inspiron_5485vostro_5515_firmwarevostro_5625latitude_7320_detachablelatitude_9520vostro_3425vostro_3515_firmwareoptiplex_7090_tower_firmwareinspiron_5515inspiron_5415_firmwarelatitude_3420inspiron_14_5410_2-in-1_firmwareinspiron_3505_firmwareinspiron_5585optiplex_7090_aiolatitude_7420latitude_rugged_7330_firmwareinspiron_3785vostro_3890optiplex_7090_aio_firmwareprecision_3560_firmwareinspiron_7415inspiron_3525vostro_3515inspiron_5310_firmwareinspiron_5505_firmwarelatitude_7520_firmwareinspiron_14_5410_2-in-1inspiron_7425latitude_3420_firmwarelatitude_5420precision_5760_firmwareinspiron_5485_firmwareg5_se_5505_firmwareprecision_7560_firmwarevostro_5890_firmwareprecision_7760_firmwareinspiron_7425_firmwarevostro_3525vostro_5510inspiron_5515_firmwarelatitude_rugged_5430_firmwareinspiron_5410latitude_7320_detachable_firmwareinspiron_3585vostro_3510_firmwareg5_se_5505inspiron_5410_firmwarevostro_5410_firmwarevostro_5415inspiron_7415_firmwareoptiplex_7090_ultra_firmwareinspiron_5415precision_3450inspiron_5510precision_5560alienware_m17_r5_amd_firmwarelatitude_5320_firmwareg15_5510_firmwarevostro_7510_firmwarelatitude_5521vostro_5515g15_5515vostro_7510inspiron_7510_firmwarelatitude_rugged_5430latitude_7520alienware_m15_r6vostro_3890_firmwareprecision_3450_firmwarelatitude_5421_firmwareg15_5511vostro_3405optiplex_7090_towerprecision_5760g15_5515_firmwareinspiron_3195_2-in-1_firmwarealienware_m15_ryzen_edition_r5latitude_7320_firmwareoptiplex_5490_all-in-onexps_17_9710precision_3560vostro_5410inspiron_5405_firmwareinspiron_5425_firmwareinspiron_7405_2-in-1_firmwarevostro_5310_firmwareinspiron_3515latitude_5420_firmwareprecision_3561latitude_5520inspiron_7510latitude_3320vostro_3405_firmwarevostro_5625_firmwareinspiron_3195_2-in-1xps_15_9510alienware_m15_ryzen_edition_r5_firmwarelatitude_3520_firmwarevostro_3425_firmwareinspiron_5485_2-in-1_firmwarealienware_m15_r7_firmwarealienware_m15_r6_firmwareinspiron_3595_firmwarelatitude_3320_firmwareprecision_3650_tower_firmwarelatitude_5521_firmwarelatitude_9520_firmwareinspiron_3585_firmwareoptiplex_5490_all-in-one_firmwareprecision_5560_firmwareinspiron_5585_firmwarevostro_3510vostro_3690_firmwarevostro_5415_firmwareg15_5510inspiron_5405inspiron_3475_firmwarelatitude_5520_firmwareoptiplex_5090CPG BIOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-39576
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.77%
||
7 Day CHG~0.00%
Published-22 Aug, 2024 | 02:54
Updated-26 Nov, 2024 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-power_managerDell Power Manager (DPM)power_manager
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2022-32492
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.17%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 16:40
Updated-16 May, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-precision_7820_towerbiosprecision_5820_towerprecision_7920_towerCPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2024-28976
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.06% / 18.48%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 08:01
Updated-21 Jan, 2025 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the running web application.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerDell Repository Manager (DRM) repository_manager
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-32486
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.17%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 16:40
Updated-16 May, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-precision_7820_towerbiosprecision_5820_towerprecision_7920_towerCPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2019-3763
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.04%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 19:17
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.

Action-Not Available
Vendor-Dell Inc.
Product-rsa_identity_governance_and_lifecyclersa_via_lifecycle_and_governanceRSA Via Lifecycle and GovernanceRSA Identity Governance and Lifecycle
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-30105
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.02% / 3.68%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 17:50
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell XtremIO, version(s) 6.4.0-22, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-xtremio_management_serverxtremio_x2techadvisorXtremIO
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-33921
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.06% / 19.57%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 19:25
Updated-15 May, 2025 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.

Action-Not Available
Vendor-Dell Inc.
Product-geodriveGeoDrive
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-3750
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.6||MEDIUM
EPSS-0.05% / 14.95%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 20:20
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly.

Action-Not Available
Vendor-Dell Inc.
Product-command_updateDell Command Update (DCU)
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-3726
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 18.01%
||
7 Day CHG~0.00%
Published-24 Sep, 2019 | 15:31
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. Dell Update Package (DUP) Framework file versions prior to 3.8.3.67 used in Dell Client Platforms. The vulnerability is limited to the DUP framework during the time window when a DUP is being executed by an administrator. During this time window, a locally authenticated low privilege malicious user potentially could exploit this vulnerability by tricking an administrator into running a trusted binary, causing it to load a malicious DLL and allowing the attacker to execute arbitrary code on the victim system. The vulnerability does not affect the actual binary payload that the DUP delivers.

Action-Not Available
Vendor-Dell Inc.
Product-update_package_frameworkemc_serversclient_platformsDell Client Platforms: Dell Update Packages (DUP) Framework fileDell EMC Servers: Networking and Fibre Channel Drivers: Dell Update Package (DUP) Framework fileDell EMC Servers: all other Drivers, BIOS and Firmware: Dell Update Package (DUP) Framework file
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-39254
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.29%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 12:43
Updated-31 Jan, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin.

Action-Not Available
Vendor-Dell Inc.
Product-update_package_frameworkDUP Frameworkupdate_package_framework
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-3749
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.6||MEDIUM
EPSS-0.05% / 14.95%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 20:20
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly.

Action-Not Available
Vendor-Dell Inc.
Product-command_updateDell Command Update (DCU)
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-3745
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 6.12%
||
7 Day CHG~0.00%
Published-07 Oct, 2019 | 18:21
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionendpoint_security_suite_enterpriseDell Encryption EnterpriseDell Endpoint Security Suite Enterprise
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-426
Untrusted Search Path
CVE-2021-21518
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.71%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 20:10
Updated-16 Sep, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcssupportassist_client_promanageDell SupportAssist Client
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-21545
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.71%
||
7 Day CHG~0.00%
Published-12 Apr, 2021 | 19:50
Updated-16 Sep, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user.

Action-Not Available
Vendor-Dell Inc.
Product-peripheral_managerDell Peripheral Manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-28080
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 16.85%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 15:24
Updated-10 Jan, 2025 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Dell Inc.
Product-powerpathPowerPath Windows
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-18575
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.83%
||
7 Day CHG~0.00%
Published-06 Dec, 2019 | 20:40
Updated-17 Sep, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system.

Action-Not Available
Vendor-Dell Inc.
Product-command\|configureDell Command Configure (DCC)
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2020-5324
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.83%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 14:50
Updated-17 Sep, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5401vostro_5391_firmwareprecision_3541inspiron_5583precision_7730_firmwareprecision_3541_firmwarelatitude_5401_firmwareprecision_7730inspiron_7380inspiron_5491_firmwarelatitude_5424_rugged_firmwarexps_15_9575_firmwareinspiron_14_5490inspiron_5590_firmwarevostro_3490_firmwareg7_17_7790_firmwareg7_17_7790latitude_7300_firmwareinspiron_5493inspiron_7490latitude_5400_firmwareprecision_7540wyse_5470inspiron_5390_firmwareg7_15_7590inspiron_3593_firmwareinspiron_5591inspiron_7391latitude_5490latitude_5590inspiron_5481inspiron_5494_firmwareinspiron_7390_firmwareinspiron_7580_firmwareinspiron_7786_firmwareinspiron_3583vostro_5581_firmwarevostro_3481latitude_5300inspiron_7786vostro_7590precision_5530_firmwareinspiron_5591_firmwareinspiron_3590_firmwareinspiron_3781g5_5587_firmwarelatitude_5501_firmwarevostro_15_7580_firmwarelatitude_7424_rugged_extreme_firmwarevostro_15_7580g7_7588_firmwareinspiron_7590_firmwareinspiron_7791_firmwarelatitude_7300precision_7740_firmwareg3_3579_firmwarevostro_3590_firmwareinspiron_5498inspiron_3780inspiron_7380_firmwarelatitude_3590_firmwarelatitude_7490_firmwareinspiron_7591_firmwarelatitude_7390_firmwarelatitude_5290latitude_5500_firmwareinspiron_3481inspiron_3780_firmwareinspiron_7490_firmwareg7_7588latitude_3400_firmwareprecision_3530latitude_5590_firmwarelatitude_5591inspiron_5590latitude_7400vostro_5481_firmwarevostro_5490inspiron_3593inspiron_5584xps_15_9570precision_7740g3_15_3590_firmwareinspiron_3481_firmwarelatitude_3390precision_5530g5_5090inspiron_5582inspiron_5498_firmwareprecision_5540vostro_5490_firmwareinspiron_3790_firmwareinspiron_3584_firmwareinspiron_5493_firmwareinspiron_7586inspiron_3480inspiron_3583_firmwareinspiron_7586_firmwarelatitude_3400inspiron_3480_firmwarelatitude_3490inspiron_3793_firmwareinspiron_7390vostro_3580_firmwareinspiron_3581_firmwarelatitude_3300_firmwarevostro_3590vostro_5390xps_15_9570_firmwarelatitude_3490_firmwarevostro_5590_firmwarevostro_3581_firmwarevostro_5581inspiron_3490latitude_7200_firmwareprecision_7530_firmwarevostro_3581xps_15_9575inspiron_3790vostro_3583_firmwarelatitude_5420_rugged_firmwarevostro_5391inspiron_5494latitude_7220_rugged_extreme_tablet_firmwarelatitude_3301g3_3779_firmwarelatitude_5300_firmwareinspiron_5594latitude_5420_ruggedprecision_3540_firmwareinspiron_5580latitude_7220_rugged_extreme_tabletinspiron_5582_firmwarelatitude_5500latitude_3500_firmwarevostro_3490g5_15_5590g5_15_5590_firmwareinspiron_5391wyse_5070_thin_clientinspiron_5598xps_13_9380inspiron_5480latitude_7220ex_rugged_extreme_tabletlatitude_7220ex_rugged_extreme_tablet_firmwareg7_15_7590_firmwareinspiron_5580_firmwarelatitude_5490_firmwarelatitude_5591_firmwarelatitude_3500inspiron_7791inspiron_3793latitude_5501latitude_7400_firmwareprecision_3540latitude_3590inspiron_3580_firmwareinspiron_3781_firmwareinspiron_5481_firmwarelatitude_3311_firmwareinspiron_7591xps_15_7590latitude_3300inspiron_5584_firmwareprecision_5540_firmwarevostro_5590vostro_3583vostro_3584_firmwarelatitude_5491_firmwareinspiron_5482vostro_3480latitude_7290inspiron_3493inspiron_5594_firmwareinspiron_14_5490_firmwareprecision_7540_firmwareinspiron_7391_firmwareinspiron_5593_firmwarewyse_5470_firmwareinspiron_5593inspiron_5491latitude_5290_firmwarelatitude_7424_rugged_extremeg5_5587inspiron_7580inspiron_5598_firmwareinspiron_3584inspiron_5482_firmwarevostro_5390_firmwareg5_5090_firmwarevostro_5481inspiron_3493_firmwarelatitude_7390precision_3530_firmwarelatitude_3311latitude_7290_firmwareprecision_7530inspiron_5583_firmwareg3_15_3590latitude_3390_firmwarelatitude_7200inspiron_5480_firmwareinspiron_3590inspiron_5391_firmwarevostro_3480_firmwareinspiron_7590vostro_3580vostro_7590_firmwarexps_15_7590_firmwarevostro_3584inspiron_3490_firmwarexps_13_9380_firmwarewyse_5070_thin_client_firmwarelatitude_3301_firmwarelatitude_7490inspiron_5390vostro_3481_firmwareinspiron_3580latitude_5491g3_3579g3_3779inspiron_7386_firmwareinspiron_3581inspiron_7386latitude_5424_ruggedlatitude_5400Dell Client Consumer and Commercial Platforms
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2020-5357
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.53%
||
7 Day CHG~0.00%
Published-28 May, 2020 | 19:20
Updated-16 Sep, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

Action-Not Available
Vendor-Dell Inc.
Product-thunderbolt_dock_tb16dock_wd19_firmwarethunderbolt_dock_tb16_firmwareprecision_dual_usb-c_thunderbolt_dock_-_tb18dcdock_wd15dock_wd19precision_dual_usb-c_thunderbolt_dock_-_tb18dc_firmwaredock_wd15_firmwareCPG BIOS
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-34396
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.06% / 17.41%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 05:24
Updated-26 Mar, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_server_administratorOpenManage Server Administrator (OMSA)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-37142
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.10% / 28.23%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 08:19
Updated-08 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege

Action-Not Available
Vendor-Dell Inc.
Product-peripheral_managerDell Peripheral Managerperipheral_manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-37130
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.10% / 27.95%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 01:34
Updated-09 Jan, 2025 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the machine. Exploitation may lead to a complete system compromise.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_server_administratorDell OpenManage Server Administratoropenmanage_server_administrator
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-37127
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.23%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 08:25
Updated-27 Aug, 2024 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege

Action-Not Available
Vendor-Dell Inc.
Product-peripheral_managerDell Peripheral Managerperipheral_manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-32857
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.10% / 28.23%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 08:37
Updated-08 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege

Action-Not Available
Vendor-Dell Inc.
Product-peripheral_managerDell Peripheral Managerperipheral_manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2026-21420
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.01% / 2.11%
||
7 Day CHG~0.00%
Published-23 Feb, 2026 | 14:01
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerRepository Manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-22450
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.4||HIGH
EPSS-0.10% / 28.06%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 07:08
Updated-31 Jan, 2025 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)alienware_command_center
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-32498
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.22%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 20:55
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure.

Action-Not Available
Vendor-Dell Inc.
Product-powerstore_command_line_interfacePowerStore
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-29092
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.91%
||
7 Day CHG~0.00%
Published-10 Jun, 2022 | 20:05
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist Consumer
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-5316
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.75%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 17:00
Updated-17 Sep, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsDell SupportAssist Client
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-24426
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.72%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 20:00
Updated-16 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_updatecommand_updateupdateDell Command Update (DCU)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-42743
Matching Score-4
Assigner-Splunk Inc.
ShareView Details
Matching Score-4
Assigner-Splunk Inc.
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.04%
||
7 Day CHG~0.00%
Published-06 May, 2022 | 16:36
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation via a default path in Splunk Enterprise Windows

A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.

Action-Not Available
Vendor-Microsoft CorporationSplunk LLC (Cisco Systems, Inc.)
Product-windowssplunkSplunk Enterprise
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-28820
Matching Score-4
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-4
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.80%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 20:15
Updated-17 Sep, 2024 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO FTL Windows Platform Artifact Search vulnerability

The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.5.0 and below, TIBCO FTL - Developer Edition: versions 6.5.0 and below, and TIBCO FTL - Enterprise Edition: versions 6.5.0 and below.

Action-Not Available
Vendor-Microsoft CorporationTIBCO (Cloud Software Group, Inc.)
Product-ftlwindowsTIBCO FTL - Community EditionTIBCO FTL - Enterprise EditionTIBCO FTL - Developer Edition
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-40596
Matching Score-4
Assigner-Splunk Inc.
ShareView Details
Matching Score-4
Assigner-Splunk Inc.
CVSS Score-7||HIGH
EPSS-0.07% / 20.48%
||
7 Day CHG~0.00%
Published-30 Aug, 2023 | 16:19
Updated-28 Feb, 2025 | 11:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL

In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)Microsoft Corporation
Product-windowssplunkSplunk Enterprisesplunk
CWE ID-CWE-665
Improper Initialization
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-5290
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-8.8||HIGH
EPSS-0.32% / 55.12%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 08:14
Updated-18 Sep, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.

Action-Not Available
Vendor-w1.fiw1.fiCanonical Ltd.
Product-wpa_supplicantubuntu_linuxwpa_supplicantwpa_supplicant
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-65118
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.01% / 0.73%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 00:11
Updated-22 Jan, 2026 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVEVA Process Optimization Uncontrolled Search Path Element

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.

Action-Not Available
Vendor-AVEVA
Product-process_optimizationProcess Optimization
CWE ID-CWE-427
Uncontrolled Search Path Element
  • Previous
  • 1
  • 2
  • Next
Details not found