Filtered by vendor Dell
Subscribe
Total
1209 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8011 | 1 Dell | 4 Emc M\&r, Emc Storage Monitoring And Reporting, Emc Vipr Srm and 1 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system. | |||||
| CVE-2017-14375 | 2 Dell, Emc | 4 Emc Unisphere, Solutions Enabler, Vasa and 1 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2015-7273 | 1 Dell | 3 Integrated Remote Access Controller 7, Integrated Remote Access Controller 8, Integrated Remote Access Controller Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. | |||||
| CVE-2015-7274 | 1 Dell | 2 Integrated Remote Access Controller 6, Integrated Remote Access Controller Firmware | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands. | |||||
| CVE-2015-4057 | 1 Dell | 1 Vce Vision Intelligent Operations | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network. | |||||
| CVE-2017-10949 | 1 Dell | 1 Storage Manager 2016 | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459. | |||||
| CVE-2016-8216 | 1 Dell | 1 Emc Data Domain Os | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-4997 | 1 Dell | 1 Emc Vasa Provider Virtual Appliance | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2015-7272 | 1 Dell | 4 Integrated Remote Access Controller 6, Integrated Remote Access Controller 7, Integrated Remote Access Controller 8 and 1 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input. | |||||
| CVE-2017-8001 | 2 Dell, Linux | 2 Emc Scaleio, Linux Kernel | 2025-04-20 | 2.1 LOW | 8.4 HIGH |
| An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials. | |||||
| CVE-2017-14386 | 1 Dell | 4 2335dn, 2335dn Firmware, 2355dn and 1 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website. | |||||
| CVE-2016-8217 | 1 Dell | 1 Bsafe Crypto-j | 2025-04-20 | 4.3 MEDIUM | 3.7 LOW |
| EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file to the toolkit and guess the current MAC one byte at a time. This is possible because Crypto-J uses a non-constant-time method to compare the stored MAC with the calculated MAC. This vulnerability is similar to the issue described in CVE-2015-2601. | |||||
| CVE-2016-9683 | 1 Dell | 1 Sonicwall Secure Remote Access Server | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doesn't properly escape the information it's passed when processing a particular multi-part form request involving scripts. The filename of the 'scriptname' variable is read in unsanitized before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. This is SonicWall Issue ID 181195. | |||||
| CVE-2015-7270 | 1 Dell | 4 Integrated Remote Access Controller 6, Integrated Remote Access Controller 7, Integrated Remote Access Controller 8 and 1 more | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal. | |||||
| CVE-2017-8012 | 1 Dell | 4 Emc M\&r, Emc Storage Monitoring And Reporting, Emc Vipr Srm and 1 more | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities. | |||||
| CVE-2016-9684 | 1 Dell | 1 Sonicwall Secure Remote Access Server | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL certificate information. The CGI application doesn't properly escape the information it's passed in the 'CERT' variable before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. | |||||
| CVE-2017-4983 | 1 Dell | 1 Emc Data Domain Os | 2025-04-20 | 4.6 MEDIUM | 6.7 MEDIUM |
| EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system. | |||||
| CVE-2015-0536 | 1 Dell | 2 Bsafe, Bsafe Ssl-c | 2025-04-12 | 4.3 MEDIUM | 7.5 HIGH |
| EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allow remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero, a similar issue to CVE-2015-1787. | |||||
| CVE-2016-0912 | 1 Dell | 1 Emc Data Domain Os | 2025-04-12 | 9.0 HIGH | 9.8 CRITICAL |
| EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account's session at an unattended workstation. | |||||
| CVE-2016-6645 | 2 Dell, Emc | 3 Emc Unisphere, Solutions Enabler, Unisphere | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class. | |||||