Vulnerabilities (CVE)

Filtered by vendor Dell Subscribe
Total 968 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-21536 1 Dell 1 Hybrid Client 2021-05-06 2.1 LOW 5.5 MEDIUM
Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to register the client to a server in order to view sensitive information.
CVE-2021-21526 1 Dell 1 Powerscale Onefs 2021-04-27 7.2 HIGH 6.7 MEDIUM
Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root.
CVE-2021-21545 1 Dell 1 Peripheral Manager 2021-04-26 7.2 HIGH 7.8 HIGH
Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user.
CVE-2016-6257 4 Amazonbasics, Dell, Lenovo and 1 more 14 Firmware, Usb Dongle, Wireless Keyboard and 11 more 2021-04-22 3.3 LOW 6.5 MEDIUM
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."
CVE-2021-21524 1 Dell 2 Storage Monitoring And Reporting, Storage Resource Manager 2021-04-22 10.0 HIGH 9.8 CRITICAL
Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Critical as this may lead to system compromise by unauthenticated attackers.
CVE-2021-21533 1 Dell 1 Wyse Management Suite 2021-04-08 4.0 MEDIUM 4.3 MEDIUM
Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job details
CVE-2021-21529 1 Dell 1 System Update 2021-04-08 4.9 MEDIUM 5.5 MEDIUM
Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to cause the system to run out of memory by running multiple instances of the vulnerable application.
CVE-2021-21518 1 Dell 3 Supportassist Client Promanage, Supportassist For Business Pcs, Supportassist For Home Pcs 2021-03-19 7.2 HIGH 7.8 HIGH
Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.
CVE-2021-21506 1 Dell 1 Emc Powerscale Onefs 2021-03-12 6.5 MEDIUM 8.8 HIGH
PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISI_PRIV_SYS_SUPPORT and ISI_PRIV_LOGIN_PAPI privileges could potentially exploit this vulnerability, leading to potential privileges escalation.
CVE-2021-21503 1 Dell 1 Emc Powerscale Onefs 2021-03-12 4.6 MEDIUM 7.8 HIGH
PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation.
CVE-2021-21514 1 Dell 1 Openmanage Server Administrator 2021-03-09 4.0 MEDIUM 4.9 MEDIUM
Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request.
CVE-2021-21515 1 Dell 1 Emc Sourceone 2021-03-08 3.5 LOW 5.4 MEDIUM
Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessions or to trick a victim application user to unknowingly send arbitrary requests to the server.
CVE-2021-21517 1 Dell 1 Emc Srs Policy Manager 2021-03-08 6.4 MEDIUM 7.2 HIGH
SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service.
CVE-2021-21512 1 Dell 1 Emc Powerprotect Cyber Recovery 2021-02-25 3.6 LOW 6.0 MEDIUM
Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account.
CVE-2020-26196 1 Dell 1 Emc Powerscale Onefs 2021-02-12 2.1 LOW 5.5 MEDIUM
Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data outside of the intended file system location.
CVE-2020-26194 1 Dell 1 Emc Powerscale Onefs 2021-02-12 4.6 MEDIUM 7.8 HIGH
Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to compromised cryptographic operations. Note: no non-admin users or roles have these privileges by default.
CVE-2020-26193 1 Dell 1 Emc Powerscale Onefs 2021-02-12 7.2 HIGH 7.8 HIGH
Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.
CVE-2020-26192 1 Dell 1 Emc Powerscale Onefs 2021-02-12 4.6 MEDIUM 7.8 HIGH
Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no non-admin users or roles have these privileges by default.
CVE-2020-5361 1 Dell 1 Cpg Bios 2021-01-29 7.2 HIGH 7.6 HIGH
Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication.
CVE-2020-29495 1 Dell 2 Emc Avamar Server, Emc Integrated Data Protection Appliance 2021-01-21 10.0 HIGH 10.0 CRITICAL
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.