Filtered by vendor Dell
Subscribe
Total
1199 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21553 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 7.2 HIGH | 7.3 HIGH |
| Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest. | |||||
| CVE-2021-21552 | 2 Dell, Microsoft | 4 Wyse 5070 Thin Client, Wyse 5470 All-in-one Thin Client, Wyse 5470 Thin Client and 1 more | 2024-11-21 | 7.2 HIGH | 5.2 MEDIUM |
| Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system. | |||||
| CVE-2021-21550 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 7.2 HIGH | 6.0 MEDIUM |
| Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | |||||
| CVE-2021-21549 | 1 Dell | 3 Xtremio Management Server, Xtremio X1, Xtremio X2 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attacker could potentially exploit this vulnerability, leading to a privileged victim application user being tricked into sending state-changing requests to the vulnerable application, causing unintended server operations. | |||||
| CVE-2021-21548 | 1 Dell | 3 Emc Unisphere For Powermax, Emc Unisphere For Powermax Virtual Appliance, Powermax Os | 2024-11-21 | N/A | 7.4 HIGH |
| Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit. | |||||
| CVE-2021-21547 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-11-21 | 2.1 LOW | 6.4 MEDIUM |
| Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | |||||
| CVE-2021-21546 | 1 Dell | 1 Emc Networker | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files. | |||||
| CVE-2021-21545 | 1 Dell | 1 Peripheral Manager | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user. | |||||
| CVE-2021-21544 | 1 Dell | 1 Idrac9 Firmware | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user. | |||||
| CVE-2021-21543 | 1 Dell | 1 Idrac9 Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | |||||
| CVE-2021-21542 | 1 Dell | 1 Idrac9 Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | |||||
| CVE-2021-21541 | 1 Dell | 1 Idrac9 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2021-21540 | 1 Dell | 1 Idrac9 Firmware | 2024-11-21 | 5.5 MEDIUM | 5.9 MEDIUM |
| Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload. | |||||
| CVE-2021-21539 | 1 Dell | 1 Idrac9 Firmware | 2024-11-21 | 4.6 MEDIUM | 5.9 MEDIUM |
| Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface. | |||||
| CVE-2021-21538 | 1 Dell | 1 Idrac9 Firmware | 2024-11-21 | 7.5 HIGH | 9.6 CRITICAL |
| Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console. | |||||
| CVE-2021-21537 | 1 Dell | 1 Hybrid Client | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to view and exfiltrate sensitive information on the system. | |||||
| CVE-2021-21536 | 1 Dell | 1 Hybrid Client | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to register the client to a server in order to view sensitive information. | |||||
| CVE-2021-21535 | 1 Dell | 1 Hybrid Client | 2024-11-21 | 7.2 HIGH | 7.4 HIGH |
| Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system. | |||||
| CVE-2021-21534 | 1 Dell | 1 Hybrid Client | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain access to sensitive information via the local API. | |||||
| CVE-2021-21533 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job details | |||||