Filtered by vendor Dell
Subscriptions
Total
1077 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-28979 | 1 Dell | 1 Openmanage Enterprise | 2024-11-21 | 5.1 Medium |
Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. | ||||
CVE-2024-28978 | 1 Dell | 1 Openmanage Enterprise | 2024-11-21 | 5.2 Medium |
Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources. | ||||
CVE-2024-28970 | 1 Dell | 28 G7 7500, G7 7500 Firmware, G7 7700 and 25 more | 2024-11-21 | 4.7 Medium |
Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service. | ||||
CVE-2024-28969 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | 4.3 Medium |
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources. | ||||
CVE-2024-28968 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | 5.4 Medium |
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. | ||||
CVE-2024-28967 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | 5.4 Medium |
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. | ||||
CVE-2024-28966 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | 5.4 Medium |
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. | ||||
CVE-2024-28965 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | 5.4 Medium |
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. | ||||
CVE-2024-28964 | 1 Dell | 1 Common Event Enabler | 2024-11-21 | 7.8 High |
Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file. | ||||
CVE-2024-25958 | 1 Dell | 1 Grab For Windows | 2024-11-21 | 6.7 Medium |
Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of application data and service disruption. | ||||
CVE-2024-25956 | 1 Dell | 1 Grab | 2024-11-21 | 5.5 Medium |
Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system information. | ||||
CVE-2024-25949 | 1 Dell | 1 Networking Os10 | 2024-11-21 | 8.8 High |
Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges. | ||||
CVE-2024-22464 | 1 Dell | 1 Emc Appsync | 2024-11-21 | 6.2 Medium |
Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account. | ||||
CVE-2024-22455 | 1 Dell | 1 E-lab Navigator | 2024-11-21 | 4.4 Medium |
Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks. | ||||
CVE-2024-22454 | 1 Dell | 1 Powerprotect Data Manager | 2024-11-21 | 8.8 High |
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change | ||||
CVE-2024-22449 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 6.6 Medium |
Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access. | ||||
CVE-2024-22445 | 1 Dell | 1 Powerprotect Data Manager | 2024-11-21 | 7.2 High |
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | ||||
CVE-2024-22433 | 1 Dell | 1 Data Protection Search | 2024-11-21 | 8.8 High |
Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices. | ||||
CVE-2024-22432 | 1 Dell | 1 Networker | 2024-11-21 | 7.8 High |
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account. | ||||
CVE-2024-22430 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 5.5 Medium |
Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service. |