Filtered by vendor Dell
Subscriptions
Total
1196 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-21539 | 1 Dell | 1 Idrac9 Firmware | 2024-11-21 | 5.9 Medium |
| Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface. | ||||
| CVE-2021-21538 | 1 Dell | 1 Idrac9 Firmware | 2024-11-21 | 9.6 Critical |
| Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console. | ||||
| CVE-2021-21537 | 1 Dell | 1 Hybrid Client | 2024-11-21 | 6.2 Medium |
| Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to view and exfiltrate sensitive information on the system. | ||||
| CVE-2021-21536 | 1 Dell | 1 Hybrid Client | 2024-11-21 | 6.2 Medium |
| Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to register the client to a server in order to view sensitive information. | ||||
| CVE-2021-21535 | 1 Dell | 1 Hybrid Client | 2024-11-21 | 7.4 High |
| Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system. | ||||
| CVE-2021-21534 | 1 Dell | 1 Hybrid Client | 2024-11-21 | 4 Medium |
| Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain access to sensitive information via the local API. | ||||
| CVE-2021-21533 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 4.3 Medium |
| Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job details | ||||
| CVE-2021-21532 | 1 Dell | 1 Wyse Thinos | 2024-11-21 | 5 Medium |
| Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file. | ||||
| CVE-2021-21531 | 1 Dell | 5 Powermax Os, Solutions Enabler, Solutions Enabler Virtual Appliance and 2 more | 2024-11-21 | 8.1 High |
| Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions. | ||||
| CVE-2021-21530 | 1 Dell | 1 Openmanage Enterprise-modular | 2024-11-21 | 8.3 High |
| Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive information in the system, resulting in information disclosure and elevation of privilege. | ||||
| CVE-2021-21529 | 1 Dell | 1 System Update | 2024-11-21 | 3.8 Low |
| Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to cause the system to run out of memory by running multiple instances of the vulnerable application. | ||||
| CVE-2021-21528 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 7.5 High |
| Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions. | ||||
| CVE-2021-21527 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 6 Medium |
| Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | ||||
| CVE-2021-21526 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 6 Medium |
| Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root. | ||||
| CVE-2021-21524 | 1 Dell | 2 Storage Monitoring And Reporting, Storage Resource Manager | 2024-11-21 | 9.8 Critical |
| Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Critical as this may lead to system compromise by unauthenticated attackers. | ||||
| CVE-2021-21522 | 1 Dell | 56 Latitude 5285 2-in-1, Latitude 5285 2-in-1 Firmware, Latitude 5289 2-in-1 and 53 more | 2024-11-21 | 8.2 High |
| Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface. | ||||
| CVE-2021-21518 | 1 Dell | 3 Supportassist Client Promanage, Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-11-21 | 7.8 High |
| Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges. | ||||
| CVE-2021-21517 | 1 Dell | 1 Emc Srs Policy Manager | 2024-11-21 | 7.2 High |
| SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service. | ||||
| CVE-2021-21515 | 1 Dell | 1 Emc Sourceone | 2024-11-21 | 9 Critical |
| Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessions or to trick a victim application user to unknowingly send arbitrary requests to the server. | ||||
| CVE-2021-21514 | 1 Dell | 1 Openmanage Server Administrator | 2024-11-21 | 4.9 Medium |
| Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request. | ||||