The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2023-39256 | Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product installation and upgrade, leading to privilege escalation on the system. | -- | Dec 3, 2023 | n/a |
CVE-2023-44292 | Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | -- | Nov 16, 2023 | n/a |
CVE-2023-44282 | Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | -- | Nov 16, 2023 | n/a |
CVE-2024-22426 | Dell RecoverPoint for Virtual Machines 5.3.x contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise. | -- | Feb 16, 2024 | n/a |
CVE-2024-22425 | Dell RecoverPoint for Virtual Machines 5.3.x contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner. | -- | Feb 16, 2024 | n/a |
CVE-2023-32469 | Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution. | -- | Nov 16, 2023 | n/a |
CVE-2023-28062 | Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions. | -- | Apr 11, 2023 | n/a |
CVE-2023-32478 | Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure. | -- | Jul 21, 2023 | n/a |
CVE-2023-32449 | Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks | -- | Jun 22, 2023 | n/a |
CVE-2022-34444 | Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak. | -- | Feb 12, 2023 | n/a |
CVE-2022-45099 | Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise | -- | Feb 1, 2023 | n/a |
CVE-2022-45100 | Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system. | -- | Feb 1, 2023 | n/a |
CVE-2022-33934 | Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields. | -- | Feb 12, 2023 | n/a |
CVE-2022-34445 | Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure. | -- | Feb 12, 2023 | n/a |
CVE-2023-32457 | Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentially exploit this vulnerability, leading to escalation of privileges. | -- | Aug 29, 2023 | n/a |
CVE-2023-32493 | Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution. | -- | Aug 16, 2023 | n/a |
CVE-2022-45098 | Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure. | -- | Feb 1, 2023 | n/a |
CVE-2023-32495 | Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability. An authorized local attacker could potentially exploit this vulnerability, leading to escalation of privileges. | -- | Aug 16, 2023 | n/a |
CVE-2023-32488 | Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure. | -- | Aug 16, 2023 | n/a |
CVE-2022-45095 | Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion. | -- | Feb 1, 2023 | n/a |
CVE-2023-32487 | Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service, code execution and information disclosure. | -- | Aug 16, 2023 | n/a |
CVE-2023-44288 | Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, leading to denial of service. | -- | Dec 5, 2023 | n/a |
CVE-2022-45096 | Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information. | -- | Feb 1, 2023 | n/a |
CVE-2023-32494 | Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also. | -- | Aug 16, 2023 | n/a |
CVE-2024-22449 | Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access. | -- | Feb 1, 2024 | n/a |
CVE-2023-25941 | Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee. | -- | Apr 4, 2023 | n/a |
CVE-2023-25942 | Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service. | -- | Apr 4, 2023 | n/a |
CVE-2024-22430 | Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service. | -- | Feb 1, 2024 | n/a |
CVE-2023-44295 | Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to loss of information, and information disclosure. | -- | Dec 5, 2023 | n/a |
CVE-2023-25940 | Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees. | -- | Apr 4, 2023 | n/a |
CVE-2023-32486 | Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. A low privilege local attacker could potentially exploit this vulnerability, leading to escalation of privileges. | -- | Aug 16, 2023 | n/a |
CVE-2023-32491 | Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure. | -- | Aug 16, 2023 | n/a |
CVE-2023-32492 | Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files. | -- | Aug 16, 2023 | n/a |
CVE-2023-25536 | Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to a potential system takeover. | -- | Mar 2, 2023 | n/a |
CVE-2023-25540 | Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service. | -- | Feb 28, 2023 | n/a |
CVE-2023-22572 | Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover. | -- | Feb 1, 2023 | n/a |
CVE-2022-45097 | Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure. | -- | Feb 1, 2023 | n/a |
CVE-2022-45101 | Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution. | -- | Feb 1, 2023 | n/a |
CVE-2023-22574 | Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service. | -- | Feb 1, 2023 | n/a |
CVE-2023-32490 | Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability. A high privilege local attacker could potentially exploit this vulnerability, leading to system takeover. | -- | Aug 16, 2023 | n/a |
CVE-2023-32489 | Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain elevated privileges. | -- | Aug 16, 2023 | n/a |
CVE-2023-43076 | Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. A low privilege remote attacker could potentially exploit this vulnerability to cause an out of memory (OOM) condition. | -- | Nov 2, 2023 | n/a |
CVE-2023-43087 | Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure. | -- | Nov 2, 2023 | n/a |
CVE-2022-46679 | Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | -- | Feb 1, 2023 | n/a |
CVE-2023-23689 | Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. This may allow an unauthenticated network host to impair built-in hardware management functionality and trigger OneFS data protection mechanism causing a denial of service. | -- | Feb 28, 2023 | n/a |
CVE-2023-48668 | Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application\'s underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC. | -- | Dec 14, 2023 | n/a |
CVE-2023-44277 | Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\'s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | -- | Dec 14, 2023 | n/a |
CVE-2023-48667 | Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\'s underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker. | -- | Dec 14, 2023 | n/a |
CVE-2023-44285 | Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege. | -- | Dec 14, 2023 | n/a |
CVE-2023-44284 | Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application\'s backend database causing unauthorized read access to application data. | -- | Dec 14, 2023 | n/a |