Vulnerabilities (CVE)

Filtered by vendor Dell Subscribe
Total 968 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-21585 1 Dell 1 Openmanage Enterprise 2021-08-13 9.0 HIGH 7.2 HIGH
Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands.
CVE-2021-21562 1 Dell 1 Emc Powerscale Onefs 2021-08-11 2.1 LOW 4.4 MEDIUM
Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application’s direct control.
CVE-2021-21553 1 Dell 1 Powerscale Onefs 2021-08-11 7.2 HIGH 8.8 HIGH
Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest.
CVE-2021-21563 1 Dell 1 Emc Powerscale Onefs 2021-08-11 4.0 MEDIUM 6.5 MEDIUM
Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper Check for Unusual or Exceptional Conditions in its auditing component.This can lead to an authenticated user with low-privileges to trigger a denial of service event.
CVE-2021-21577 1 Dell 1 Emc Idrac9 Firmware 2021-08-09 4.3 MEDIUM 6.1 MEDIUM
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
CVE-2021-21578 1 Dell 1 Emc Idrac9 Firmware 2021-08-09 5.8 MEDIUM 6.1 MEDIUM
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
CVE-2021-21579 1 Dell 1 Emc Idrac9 Firmware 2021-08-09 5.8 MEDIUM 6.1 MEDIUM
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
CVE-2021-21580 1 Dell 2 Emc Idrac8 Firmware, Emc Idrac9 Firmware 2021-08-09 4.3 MEDIUM 4.3 MEDIUM
Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message is legitimate.
CVE-2021-21581 1 Dell 1 Emc Idrac9 Firmware 2021-08-09 4.3 MEDIUM 6.1 MEDIUM
Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
CVE-2021-21576 1 Dell 1 Emc Idrac9 Firmware 2021-08-09 4.3 MEDIUM 6.1 MEDIUM
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
CVE-2020-5353 1 Dell 2 Emc Isilon Onefs, Emc Powerscale Onefs 2021-08-06 9.0 HIGH 8.8 HIGH
The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system.
CVE-2021-21538 1 Dell 1 Idrac9 Firmware 2021-08-06 7.5 HIGH 10.0 CRITICAL
Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console.
CVE-2020-26180 1 Dell 2 Emc Isilon Onefs, Emc Powerscale Onefs 2021-08-06 6.5 MEDIUM 8.8 HIGH
Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols.
CVE-2020-5329 1 Dell 1 Emc Avamar Server 2021-08-06 5.8 MEDIUM 6.1 MEDIUM
Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
CVE-2020-5341 1 Dell 2 Emc Avamar Server, Emc Integrated Data Protection Appliance Firmware 2021-08-05 10.0 HIGH 9.8 CRITICAL
Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system.
CVE-2021-21546 1 Dell 1 Emc Networker 2021-08-05 2.1 LOW 5.5 MEDIUM
Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files.
CVE-2016-6645 2 Dell, Emc 3 Emc Unisphere, Solutions Enabler, Unisphere 2021-08-05 9.0 HIGH 8.8 HIGH
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class.
CVE-2016-6646 2 Dell, Emc 3 Emc Unisphere, Solutions Enabler, Unisphere 2021-08-05 10.0 HIGH 9.8 CRITICAL
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class.
CVE-2013-3287 1 Dell 1 Emc Unisphere 2021-08-05 1.9 LOW N/A
EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console.
CVE-2016-0889 1 Dell 1 Emc Unisphere 2021-08-05 10.0 HIGH 9.8 CRITICAL
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname.