8:["$","$L16",null,{"resData":{"success":true,"data":{"has_reported_cves":true,"has_vendors":true,"has_products":true,"cna_id":"CNA-2011-0004","short_name":"dell","organization_name":"Dell","hash":"3c8abc28e1e8d275c5757bc88156bb4d22b2a24318e046b6f7f94b90315cb794","scope":"Dell, Dell EMC, and VCE issues only.","email":"secure@dell.com","domain":"dell.com","country":"USA","policy_url":"https://www.dell.com/support/contents/us/en/04/article/product-support/self-support-knowledgebase/security-antivirus/alerts-vulnerabilities/dell-vulnerability-response-policy","is_root":false,"root":{},"top_level_root":{"shortName":"mitre","organizationName":"MITRE Corporation"},"type":["Vendor"],"roles":[{"role":"CNA","helpText":""}],"contact":[],"form":[],"org_ids":["c550e75a-17ff-4988-97f0-544cde3820fe"],"security_alerts":[],"security_advisories":[{"url":"https://www.dell.com/support/security/en-us","label":"Advisories"}],"resources":[]},"status":200},"orgId":"c550e75a-17ff-4988-97f0-544cde3820fe","reportedCVEsResponse":{"success":true,"data":{"previous_page":null,"next_page":"http://cvedetails-api.blockverse.tech/api/assigner_cves/50d0f415-c707-4733-9afc-8f6c0e9b3f82,8254265b-2729-46b6-b9e3-3dfca2d5bfca/?page=2","total_count":1999,"total_pages":40,"page_size":50,"current_page":1,"results":[{"cve_id":"CVE-2025-38743","title":null,"descriptions":[{"lang":"en","value":"Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.","supportingMedia":[{"type":"text/html","value":"Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.01%","epss_percentile":"1.54%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["iDRAC Service Module (iSM)"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Buffer Access with Incorrect Length Value","cwe_id":"CWE-805"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","base_score":7.8,"base_severity":"HIGH","date_updated":"22 Aug, 2025 | 18:08","date_published":"21 Aug, 2025 | 18:46","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-38742","title":null,"descriptions":[{"lang":"en","value":"Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.","supportingMedia":[{"type":"text/html","value":"Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.01%","epss_percentile":"0.95%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["iDRAC Service Module (iSM)"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Incorrect Permission Assignment for Critical Resource","cwe_id":"CWE-732"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","base_score":5.3,"base_severity":"MEDIUM","date_updated":"22 Aug, 2025 | 18:08","date_published":"21 Aug, 2025 | 18:42","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-21110","title":null,"descriptions":[{"lang":"en","value":"Dell Data Lakehouse, versions prior to 1.5.0.0, contains an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.","supportingMedia":[{"type":"text/html","value":"Dell Data Lakehouse, versions prior to 1.5.0.0, contains an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.02%","epss_percentile":"2.85%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["Data Lakehouse"],"adp_products":[],"nvd_products":["data_lakehouse"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Execution with Unnecessary Privileges","cwe_id":"CWE-250"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H","base_score":6.7,"base_severity":"MEDIUM","date_updated":"18 Aug, 2025 | 14:59","date_published":"14 Aug, 2025 | 18:11","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36613","title":null,"descriptions":[{"lang":"en","value":"SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.","supportingMedia":[{"type":"text/html","value":"SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.01%","epss_percentile":"1.54%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["SupportAssist for Home PCs"],"adp_products":[],"nvd_products":["supportassist_for_business_pcs","supportassist_for_home_pcs"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Incorrect Privilege Assignment","cwe_id":"CWE-266"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","base_score":2.8,"base_severity":"LOW","date_updated":"18 Aug, 2025 | 18:12","date_published":"14 Aug, 2025 | 14:46","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36612","title":null,"descriptions":[{"lang":"en","value":"SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.","supportingMedia":[{"type":"text/html","value":"SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.01%","epss_percentile":"1.19%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["SupportAssist for Business PCs"],"adp_products":[],"nvd_products":["supportassist_for_business_pcs"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Incorrect Privilege Assignment","cwe_id":"CWE-266"}],"vector_string":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","base_score":6.7,"base_severity":"MEDIUM","date_updated":"18 Aug, 2025 | 18:14","date_published":"14 Aug, 2025 | 14:42","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-38738","title":null,"descriptions":[{"lang":"en","value":"SupportAssist for Home PCs Installer exe version(s) 4.8.2.29006 and prior, contain(s) an Incorrect Privilege Assignment vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.","supportingMedia":[{"type":"text/html","value":"SupportAssist for Home PCs Installer exe version(s) 4.8.2.29006 and prior, contain(s) an Incorrect Privilege Assignment vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.01%","epss_percentile":"1.19%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["SupportAssist for Home PCs"],"adp_products":[],"nvd_products":["supportassist_for_home_pcs"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Incorrect Privilege Assignment","cwe_id":"CWE-266"}],"vector_string":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","base_score":6.7,"base_severity":"MEDIUM","date_updated":"18 Aug, 2025 | 18:07","date_published":"14 Aug, 2025 | 14:36","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-38745","title":null,"descriptions":[{"lang":"en","value":"Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.","supportingMedia":[{"type":"text/html","value":"Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.03%","epss_percentile":"7.61%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["OpenManage Enterprise"],"adp_products":[],"nvd_products":["openmanage_enterprise"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Insertion of Sensitive Information into Log File","cwe_id":"CWE-532"}],"vector_string":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N","base_score":4.8,"base_severity":"MEDIUM","date_updated":"19 Aug, 2025 | 19:12","date_published":"14 Aug, 2025 | 14:29","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-26484","title":null,"descriptions":[{"lang":"en","value":"Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.","supportingMedia":[{"type":"text/html","value":"Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.05%","epss_percentile":"14.24%","epss_7_day_change":"0.01%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["CloudLink"],"adp_products":[],"nvd_products":["cloudlink"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Improper Restriction of XML External Entity Reference","cwe_id":"CWE-611"}],"vector_string":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H","base_score":5.5,"base_severity":"MEDIUM","date_updated":"18 Aug, 2025 | 18:20","date_published":"14 Aug, 2025 | 14:24","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36581","title":null,"descriptions":[{"lang":"en","value":"Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and prior, contain(s) an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.","supportingMedia":[{"type":"text/html","value":"Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and prior, contain(s) an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.01%","epss_percentile":"1.43%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["PowerEdge"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Access of Memory Location After End of Buffer","cwe_id":"CWE-788"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","base_score":3.8,"base_severity":"LOW","date_updated":"15 Aug, 2025 | 13:13","date_published":"14 Aug, 2025 | 14:00","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-38746","title":null,"descriptions":[{"lang":"en","value":"Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.","supportingMedia":[{"type":"text/html","value":"Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.02%","epss_percentile":"4.34%","epss_7_day_change":"-0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["SupportAssist OS Recovery"],"adp_products":[],"nvd_products":["supportassist_os_recovery"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Exposure of Sensitive Information to an Unauthorized Actor","cwe_id":"CWE-200"}],"vector_string":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","base_score":3.5,"base_severity":"LOW","date_updated":"18 Aug, 2025 | 15:38","date_published":"06 Aug, 2025 | 19:53","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-38747","title":null,"descriptions":[{"lang":"en","value":"Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges.","supportingMedia":[{"type":"text/html","value":"Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.01%","epss_percentile":"1.13%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["SupportAssist OS Recovery"],"adp_products":[],"nvd_products":["supportassist_os_recovery"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Creation of Temporary File With Insecure Permissions","cwe_id":"CWE-378"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","base_score":7.8,"base_severity":"HIGH","date_updated":"18 Aug, 2025 | 15:36","date_published":"06 Aug, 2025 | 19:48","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-26476","title":null,"descriptions":[{"lang":"en","value":"Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.","supportingMedia":[{"type":"text/html","value":"Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.03%","epss_percentile":"6.78%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["ECS","ObjectScale"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Use of Hard-coded Cryptographic Key","cwe_id":"CWE-321"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","base_score":8.4,"base_severity":"HIGH","date_updated":"07 Aug, 2025 | 03:55","date_published":"04 Aug, 2025 | 18:44","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-21120","title":null,"descriptions":[{"lang":"en","value":"Dell Avamar, versions prior to 19.12 with patch 338905, excluding version 19.10SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.","supportingMedia":[{"type":"text/html","value":"Dell Avamar, versions prior to 19.12 with patch 338905, excluding version 19.10SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.05%","epss_percentile":"13.43%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["Avamar Data Store Gen4T","Avamar Virtual Edition for VMware vSphere only","Avamar Data Store Gen5A","Avamar Virtual Edition for VMware ESXi and vSphere"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Trusting HTTP Permission Methods on the Server Side","cwe_id":"CWE-650"}],"vector_string":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","base_score":8.3,"base_severity":"HIGH","date_updated":"07 Aug, 2025 | 03:55","date_published":"04 Aug, 2025 | 18:33","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-38741","title":null,"descriptions":[{"lang":"en","value":"Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.","supportingMedia":[{"type":"text/html","value":"Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.05%","epss_percentile":"15.93%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["Enterprise SONiC OS"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Use of Hard-coded Cryptographic Key","cwe_id":"CWE-321"}],"vector_string":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","base_score":7.5,"base_severity":"HIGH","date_updated":"05 Aug, 2025 | 15:47","date_published":"04 Aug, 2025 | 18:22","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-38739","title":null,"descriptions":[{"lang":"en","value":"Dell Digital Delivery, versions prior to 5.6.1.0, contains an Insufficiently Protected Credentials vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to Information Disclosure.","supportingMedia":[{"type":"text/html","value":"Dell Digital Delivery, versions prior to 5.6.1.0, contains an Insufficiently Protected Credentials vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to Information Disclosure.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.05%","epss_percentile":"13.29%","epss_7_day_change":"-0.05%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["Dell Digital Delivery"],"adp_products":[],"nvd_products":["digital_delivery"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Insufficiently Protected Credentials","cwe_id":"CWE-522"}],"vector_string":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L","base_score":7.2,"base_severity":"HIGH","date_updated":"18 Aug, 2025 | 15:41","date_published":"04 Aug, 2025 | 15:53","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-30099","title":null,"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.","supportingMedia":[{"type":"text/html","value":"Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.06%","epss_percentile":"19.57%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["PowerProtect Data Domain LTS 2023","PowerProtect Data Domain Feature Release","PowerProtect Data Domain LTS2024"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cwe_id":"CWE-78"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","base_score":7.8,"base_severity":"HIGH","date_updated":"12 Aug, 2025 | 03:55","date_published":"04 Aug, 2025 | 14:47","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-30098","title":null,"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.","supportingMedia":[{"type":"text/html","value":"Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.05%","epss_percentile":"13.66%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["PowerProtect Data Domain LTS 2023","PowerProtect Data Domain Feature Release","PowerProtect Data Domain LTS2024"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cwe_id":"CWE-78"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","base_score":6.7,"base_severity":"MEDIUM","date_updated":"12 Aug, 2025 | 03:55","date_published":"04 Aug, 2025 | 14:42","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-30097","title":null,"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges","supportingMedia":[{"type":"text/html","value":"Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.05%","epss_percentile":"13.66%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["PowerProtect Data Domain LTS 2023","PowerProtect Data Domain Feature Release","PowerProtect Data Domain LTS2024"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cwe_id":"CWE-78"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","base_score":6.7,"base_severity":"MEDIUM","date_updated":"12 Aug, 2025 | 03:55","date_published":"04 Aug, 2025 | 14:38","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-30096","title":null,"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.","supportingMedia":[{"type":"text/html","value":"Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.05%","epss_percentile":"13.66%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["PowerProtect Data Domain LTS 2023","PowerProtect Data Domain Feature Release","PowerProtect Data Domain LTS2024"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cwe_id":"CWE-78"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","base_score":6.7,"base_severity":"MEDIUM","date_updated":"12 Aug, 2025 | 03:55","date_published":"04 Aug, 2025 | 14:32","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36594","title":null,"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Remote unauthenticated user can create account that potentially expose customer info, affect system integrity and availability.","supportingMedia":[{"type":"text/html","value":"Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Remote unauthenticated user can create account that potentially expose customer info, affect system integrity and availability.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.15%","epss_percentile":"36.45%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["PowerProtect Data Domain LTS 2023","PowerProtect Data Domain Feature Release","PowerProtect Data Domain LTS2024"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Authentication Bypass by Spoofing","cwe_id":"CWE-290"}],"vector_string":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","base_score":9.8,"base_severity":"CRITICAL","date_updated":"12 Aug, 2025 | 03:55","date_published":"04 Aug, 2025 | 14:25","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36607","title":null,"descriptions":[{"lang":"en","value":"Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.","supportingMedia":[{"type":"text/html","value":"Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.04%","epss_percentile":"9.44%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["Unity"],"adp_products":[],"nvd_products":["unity_operating_environment"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cwe_id":"CWE-78"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","base_score":7.8,"base_severity":"HIGH","date_updated":"15 Aug, 2025 | 16:08","date_published":"04 Aug, 2025 | 14:12","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36606","title":null,"descriptions":[{"lang":"en","value":"Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.","supportingMedia":[{"type":"text/html","value":"Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.04%","epss_percentile":"9.44%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["Unity"],"adp_products":[],"nvd_products":["unity_operating_environment"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cwe_id":"CWE-78"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","base_score":7.8,"base_severity":"HIGH","date_updated":"15 Aug, 2025 | 16:09","date_published":"04 Aug, 2025 | 14:09","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36605","title":null,"descriptions":[{"lang":"en","value":"Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.","supportingMedia":[{"type":"text/html","value":"Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.08%","epss_percentile":"24.52%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["Unity"],"adp_products":[],"nvd_products":["unity_operating_environment"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cwe_id":"CWE-79"}],"vector_string":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","base_score":6.1,"base_severity":"MEDIUM","date_updated":"15 Aug, 2025 | 16:10","date_published":"04 Aug, 2025 | 14:04","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36604","title":null,"descriptions":[{"lang":"en","value":"Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.","supportingMedia":[{"type":"text/html","value":"Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.73%","epss_percentile":"71.66%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["Unity"],"adp_products":[],"nvd_products":["unity_operating_environment"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cwe_id":"CWE-78"}],"vector_string":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","base_score":7.3,"base_severity":"HIGH","date_updated":"15 Aug, 2025 | 16:10","date_published":"04 Aug, 2025 | 14:00","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-30103","title":null,"descriptions":[{"lang":"en","value":"Dell SmartFabric OS10 Software, versions prior to 10.6.0.5 contains a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.","supportingMedia":[{"type":"text/html","value":"Dell SmartFabric OS10 Software, versions prior to 10.6.0.5 contains a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.01%","epss_percentile":"1.60%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["SmartFabric OS10 Software"],"adp_products":[],"nvd_products":["smartfabric_os10"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Files or Directories Accessible to External Parties","cwe_id":"CWE-552"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","base_score":5.5,"base_severity":"MEDIUM","date_updated":"06 Aug, 2025 | 14:28","date_published":"30 Jul, 2025 | 18:18","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36609","title":null,"descriptions":[{"lang":"en","value":"Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains a Use of Hard-coded Password vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.","supportingMedia":[{"type":"text/html","value":"Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains a Use of Hard-coded Password vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.01%","epss_percentile":"1.15%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["SmartFabric OS10 Software"],"adp_products":[],"nvd_products":["smartfabric_os10"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Use of Hard-coded Password","cwe_id":"CWE-259"}],"vector_string":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","base_score":2.5,"base_severity":"LOW","date_updated":"06 Aug, 2025 | 14:28","date_published":"30 Jul, 2025 | 18:14","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36608","title":null,"descriptions":[{"lang":"en","value":"Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.","supportingMedia":[{"type":"text/html","value":"Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.06%","epss_percentile":"18.54%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["SmartFabric OS10 Software"],"adp_products":[],"nvd_products":["smartfabric_os10"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Improper Restriction of XML External Entity Reference","cwe_id":"CWE-611"}],"vector_string":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","base_score":6.5,"base_severity":"MEDIUM","date_updated":"06 Aug, 2025 | 14:28","date_published":"30 Jul, 2025 | 18:09","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-30480","title":null,"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files.","supportingMedia":[{"type":"text/html","value":"Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.05%","epss_percentile":"15.28%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["PowerProtect Data Manager"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Improper Input Validation","cwe_id":"CWE-20"}],"vector_string":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","base_score":6.5,"base_severity":"MEDIUM","date_updated":"31 Jul, 2025 | 18:42","date_published":"30 Jul, 2025 | 18:01","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-26332","title":null,"descriptions":[{"lang":"en","value":"TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.","supportingMedia":[{"type":"text/html","value":"TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.01%","epss_percentile":"1.79%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["TechAdvisor"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Insertion of Sensitive Information into Log File","cwe_id":"CWE-532"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","base_score":8.8,"base_severity":"HIGH","date_updated":"05 Aug, 2025 | 03:56","date_published":"30 Jul, 2025 | 17:55","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-30105","title":null,"descriptions":[{"lang":"en","value":"Dell XtremIO, version(s) 6.4.0-22, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.","supportingMedia":[{"type":"text/html","value":"Dell XtremIO, version(s) 6.4.0-22, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.01%","epss_percentile":"1.79%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["XtremIO"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Insertion of Sensitive Information into Log File","cwe_id":"CWE-532"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","base_score":8.8,"base_severity":"HIGH","date_updated":"05 Aug, 2025 | 03:56","date_published":"30 Jul, 2025 | 17:50","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36611","title":null,"descriptions":[{"lang":"en","value":"Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.","supportingMedia":[{"type":"text/html","value":"Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.01%","epss_percentile":"0.68%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["Encryption","Security Management Server"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Improper Link Resolution Before File Access ('Link Following')","cwe_id":"CWE-59"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","base_score":7.3,"base_severity":"HIGH","date_updated":"05 Aug, 2025 | 03:56","date_published":"30 Jul, 2025 | 16:18","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-30477","title":null,"descriptions":[{"lang":"en","value":"Dell PowerScale OneFS, versions prior to 9.11.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.","supportingMedia":[{"type":"text/html","value":"Dell PowerScale OneFS, versions prior to 9.11.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.02%","epss_percentile":"2.89%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["PowerScale OneFS"],"adp_products":[],"nvd_products":["powerscale_onefs"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Use of a Broken or Risky Cryptographic Algorithm","cwe_id":"CWE-327"}],"vector_string":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N","base_score":4.4,"base_severity":"MEDIUM","date_updated":"06 Aug, 2025 | 14:33","date_published":"21 Jul, 2025 | 16:32","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-32744","title":null,"descriptions":[{"lang":"en","value":"Dell AppSync, version(s) 4.6.0.0, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.","supportingMedia":[{"type":"text/html","value":"Dell AppSync, version(s) 4.6.0.0, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.26%","epss_percentile":"49.30%","epss_7_day_change":"0.02%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["AppSync"],"adp_products":[],"nvd_products":["appsync"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Unrestricted Upload of File with Dangerous Type","cwe_id":"CWE-434"}],"vector_string":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L","base_score":6.6,"base_severity":"MEDIUM","date_updated":"06 Aug, 2025 | 14:32","date_published":"21 Jul, 2025 | 16:25","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36603","title":null,"descriptions":[{"lang":"en","value":"Dell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.","supportingMedia":[{"type":"text/html","value":"Dell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.\n\n
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.02%","epss_percentile":"3.44%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["AppSync"],"adp_products":[],"nvd_products":["appsync"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Improper Restriction of XML External Entity Reference","cwe_id":"CWE-611"}],"vector_string":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L","base_score":4.2,"base_severity":"MEDIUM","date_updated":"06 Aug, 2025 | 14:30","date_published":"21 Jul, 2025 | 16:20","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-30483","title":null,"descriptions":[{"lang":"en","value":"Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.","supportingMedia":[{"type":"text/html","value":"Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.02%","epss_percentile":"2.22%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["ECS","ObjectScale"],"adp_products":[],"nvd_products":["elastic_cloud_storage","objectscale"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Insertion of Sensitive Information into Log File","cwe_id":"CWE-532"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","base_score":5.5,"base_severity":"MEDIUM","date_updated":"02 Aug, 2025 | 01:26","date_published":"15 Jul, 2025 | 14:30","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36599","title":null,"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account.","supportingMedia":[{"type":"text/html","value":"Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.03%","epss_percentile":"8.43%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["PowerFlex Manager VM"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Insertion of Sensitive Information into Log File","cwe_id":"CWE-532"}],"vector_string":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","base_score":4.3,"base_severity":"MEDIUM","date_updated":"10 Jul, 2025 | 13:17","date_published":"09 Jul, 2025 | 18:30","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36600","title":null,"descriptions":[{"lang":"en","value":"Dell Client Platform BIOS contains an Improper Access Control Applied to Mirrored or Aliased Memory Regions vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.","supportingMedia":[{"type":"text/html","value":"Dell Client Platform BIOS contains an Improper Access Control Applied to Mirrored or Aliased Memory Regions vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.02%","epss_percentile":"2.38%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["Client Platform BIOS"],"adp_products":[],"nvd_products":["latitude_12_rugged_extreme_7214_firmware","latitude_12_rugged_extreme_7214"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Improper Access Control Applied to Mirrored or Aliased Memory Regions","cwe_id":"CWE-1257"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","base_score":8.2,"base_severity":"HIGH","date_updated":"18 Aug, 2025 | 18:55","date_published":"08 Jul, 2025 | 14:17","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36582","title":null,"descriptions":[{"lang":"en","value":"Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.","supportingMedia":[{"type":"text/html","value":"Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.10%","epss_percentile":"28.14%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["NetWorker"],"adp_products":[],"nvd_products":["networker"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')","cwe_id":"CWE-757"}],"vector_string":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","base_score":4.8,"base_severity":"MEDIUM","date_updated":"14 Aug, 2025 | 20:53","date_published":"01 Jul, 2025 | 13:12","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36593","title":null,"descriptions":[{"lang":"en","value":"Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS protocol. An attacker with local network access could potentially exploit this vulnerability to forge a valid protocol accept message in response to a failed authentication request.","supportingMedia":[{"type":"text/html","value":"Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS protocol. An attacker with local network access could potentially exploit this vulnerability to forge a valid protocol accept message in response to a failed authentication request.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.05%","epss_percentile":"16.43%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["OpenManage Network Integration"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Authentication Bypass by Capture-replay","cwe_id":"CWE-294"}],"vector_string":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","base_score":8.8,"base_severity":"HIGH","date_updated":"03 Jul, 2025 | 15:14","date_published":"30 Jun, 2025 | 18:29","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36595","title":null,"descriptions":[{"lang":"en","value":"Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.","supportingMedia":[{"type":"text/html","value":"Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.10%","epss_percentile":"28.96%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["Unisphere for PowerMax vApp"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')","cwe_id":"CWE-96"}],"vector_string":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","base_score":7.2,"base_severity":"HIGH","date_updated":"30 Jun, 2025 | 18:38","date_published":"27 Jun, 2025 | 13:51","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2024-53298","title":null,"descriptions":[{"lang":"en","value":"Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity.","supportingMedia":[{"type":"text/html","value":"Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity.","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.20%","epss_percentile":"41.83%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["PowerScale OneFS"],"adp_products":[],"nvd_products":["powerscale_onefs"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Missing Authorization","cwe_id":"CWE-862"}],"vector_string":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","base_score":9.8,"base_severity":"CRITICAL","date_updated":"11 Jul, 2025 | 12:36","date_published":"20 Jun, 2025 | 13:51","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-32753","title":null,"descriptions":[{"lang":"en","value":"Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, information disclosure, and information tampering.","supportingMedia":[{"type":"text/html","value":"Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, information disclosure, and information tampering.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.02%","epss_percentile":"3.11%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["PowerScale OneFS"],"adp_products":[],"nvd_products":["powerscale_onefs"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","cwe_id":"CWE-89"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","base_score":5.3,"base_severity":"MEDIUM","date_updated":"11 Jul, 2025 | 12:34","date_published":"20 Jun, 2025 | 13:46","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-27689","title":null,"descriptions":[{"lang":"en","value":"Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.","supportingMedia":[{"type":"text/html","value":"Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.02%","epss_percentile":"2.81%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["iDRAC Tools"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Improper Access Control","cwe_id":"CWE-284"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","base_score":7.8,"base_severity":"HIGH","date_updated":"16 Jun, 2025 | 12:32","date_published":"12 Jun, 2025 | 20:36","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36573","title":null,"descriptions":[{"lang":"en","value":"Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability. A user with local access could potentially exploit this vulnerability, leading to Information disclosure.","supportingMedia":[{"type":"text/html","value":"Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability. A user with local access could potentially exploit this vulnerability, leading to Information disclosure.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.02%","epss_percentile":"3.09%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["Smart Dock"],"adp_products":[],"nvd_products":[],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Insertion of Sensitive Information into Log File","cwe_id":"CWE-532"}],"vector_string":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","base_score":7.1,"base_severity":"HIGH","date_updated":"16 Jun, 2025 | 12:32","date_published":"12 Jun, 2025 | 15:18","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36576","title":null,"descriptions":[{"lang":"en","value":"Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.","supportingMedia":[{"type":"text/html","value":"Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.03%","epss_percentile":"5.20%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["Wyse Management Suite"],"adp_products":[],"nvd_products":["wyse_management_suite"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Cross-Site Request Forgery (CSRF)","cwe_id":"CWE-352"}],"vector_string":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L","base_score":2.7,"base_severity":"LOW","date_updated":"11 Jul, 2025 | 15:25","date_published":"10 Jun, 2025 | 17:48","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36577","title":null,"descriptions":[{"lang":"en","value":"Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.","supportingMedia":[{"type":"text/html","value":"Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.04%","epss_percentile":"11.55%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["Wyse Management Suite"],"adp_products":[],"nvd_products":["wyse_management_suite"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cwe_id":"CWE-79"}],"vector_string":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N","base_score":6.1,"base_severity":"MEDIUM","date_updated":"11 Jul, 2025 | 15:26","date_published":"10 Jun, 2025 | 17:43","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36580","title":null,"descriptions":[{"lang":"en","value":"Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection","supportingMedia":[{"type":"text/html","value":"Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.04%","epss_percentile":"10.74%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["Wyse Management Suite"],"adp_products":[],"nvd_products":["wyse_management_suite"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cwe_id":"CWE-79"}],"vector_string":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N","base_score":6.1,"base_severity":"MEDIUM","date_updated":"11 Jul, 2025 | 15:30","date_published":"10 Jun, 2025 | 17:39","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36578","title":null,"descriptions":[{"lang":"en","value":"Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.","supportingMedia":[{"type":"text/html","value":"Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.05%","epss_percentile":"16.30%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["Wyse Management Suite"],"adp_products":[],"nvd_products":["wyse_management_suite"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Incorrect Authorization","cwe_id":"CWE-863"}],"vector_string":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","base_score":6.8,"base_severity":"MEDIUM","date_updated":"11 Jul, 2025 | 15:26","date_published":"10 Jun, 2025 | 17:34","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36574","title":null,"descriptions":[{"lang":"en","value":"Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Unauthorized access.","supportingMedia":[{"type":"text/html","value":"Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Unauthorized access.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.46%","epss_percentile":"63.29%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["Wyse Management Suite"],"adp_products":[],"nvd_products":["wyse_management_suite"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Absolute Path Traversal","cwe_id":"CWE-36"}],"vector_string":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","base_score":8.2,"base_severity":"HIGH","date_updated":"11 Jul, 2025 | 15:25","date_published":"10 Jun, 2025 | 17:27","date_rejected":null,"yt_videos":null},{"cve_id":"CVE-2025-36575","title":null,"descriptions":[{"lang":"en","value":"Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.","supportingMedia":[{"type":"text/html","value":"Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
","base64":false}]}],"cna_name":"Dell","org_id":"c550e75a-17ff-4988-97f0-544cde3820fe","source_identifier":"security_alert@emc.com","epss_score":"0.09%","epss_percentile":"25.59%","epss_7_day_change":"0.00%","is_kev":false,"required_action":null,"due_date":null,"cna_vendors":[],"adp_vendors":[],"nvd_vendors":[],"cisa_vendors":[],"boss_vendors":["Dell Inc."],"cna_products":["Wyse Management Suite"],"adp_products":[],"nvd_products":["wyse_management_suite"],"cisa_products":[],"boss_products":[],"cwes":[{"name":"Exposure of Sensitive Information Through Data Queries","cwe_id":"CWE-202"}],"vector_string":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","base_score":7.5,"base_severity":"HIGH","date_updated":"11 Jul, 2025 | 15:25","date_published":"10 Jun, 2025 | 17:19","date_rejected":null,"yt_videos":null}]},"status":200}}]

Dell

Short Name

Program Role

Top Level Root

Security Advisories

Domain

Country

Scope