The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2023-44286 | Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user\'s DOM environment in the browser. . Exploitation may lead to information disclosure, session theft, or client-side request forgery. | -- | Dec 14, 2023 | n/a |
| CVE-2023-44278 | Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application. | -- | Dec 14, 2023 | n/a |
| CVE-2023-44279 | Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker | -- | Dec 14, 2023 | n/a |
| CVE-2024-22445 | Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\'s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | -- | Feb 13, 2024 | n/a |
| CVE-2024-22454 | Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change | -- | Feb 13, 2024 | n/a |
| CVE-2023-44298 | Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service. | -- | Dec 5, 2023 | n/a |
| CVE-2023-44297 | Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service. | -- | Dec 5, 2023 | n/a |
| CVE-2023-32460 | Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation. | -- | Dec 8, 2023 | n/a |
| CVE-2022-34423 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | -- | Mar 16, 2023 | n/a |
| CVE-2022-34422 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | -- | Mar 16, 2023 | n/a |
| CVE-2022-34421 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | -- | Mar 16, 2023 | n/a |
| CVE-2022-34420 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | -- | Mar 16, 2023 | n/a |
| CVE-2022-34419 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | -- | Mar 16, 2023 | n/a |
| CVE-2022-34418 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | -- | Mar 16, 2023 | n/a |
| CVE-2022-34417 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | -- | Mar 16, 2023 | n/a |
| CVE-2022-34416 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | -- | Mar 16, 2023 | n/a |
| CVE-2022-34415 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | -- | Mar 16, 2023 | n/a |
| CVE-2022-34414 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | -- | Mar 16, 2023 | n/a |
| CVE-2022-34413 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | -- | Mar 16, 2023 | n/a |
| CVE-2022-34412 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | -- | Mar 16, 2023 | n/a |
| CVE-2022-34411 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | -- | Mar 16, 2023 | n/a |
| CVE-2022-34410 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | -- | Mar 16, 2023 | n/a |
| CVE-2022-34409 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | -- | Mar 16, 2023 | n/a |
| CVE-2022-34408 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | -- | Mar 16, 2023 | n/a |
| CVE-2022-34407 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | -- | Mar 16, 2023 | n/a |
| CVE-2022-34406 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | -- | Mar 16, 2023 | n/a |
| CVE-2023-32461 | Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. | -- | Sep 15, 2023 | n/a |
| CVE-2023-25537 | Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege. | -- | May 22, 2023 | n/a |
| CVE-2023-32465 | Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker. | -- | Jun 14, 2023 | n/a |
| CVE-2023-25543 | Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system. | -- | Feb 6, 2024 | n/a |
| CVE-2023-32450 | Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access. | -- | Jul 27, 2023 | n/a |
| CVE-2023-28051 | Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system. | -- | Apr 7, 2023 | n/a |
| CVE-2023-44281 | Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial of Service. | -- | Jan 24, 2024 | n/a |
| CVE-2023-39248 | Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity. | -- | Dec 5, 2023 | n/a |
| CVE-2023-32462 | Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity. | -- | Feb 15, 2024 | n/a |
| CVE-2023-28078 | Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity. | -- | Feb 15, 2024 | n/a |
| CVE-2023-39253 | Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system. | -- | Nov 24, 2023 | n/a |
| CVE-2023-39259 | Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system. | -- | Nov 16, 2023 | n/a |
| CVE-2023-28066 | Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system. | -- | Jun 1, 2023 | n/a |
| CVE-2023-43079 | Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system. Exploitation may lead to a complete system compromise. | -- | Oct 13, 2023 | n/a |
| CVE-2022-34396 | Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise. | -- | Feb 1, 2023 | n/a |
| CVE-2023-32484 | Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity. | -- | Feb 15, 2024 | n/a |
| CVE-2023-28055 | Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity. | -- | Sep 29, 2023 | n/a |
| CVE-2023-24568 | Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates. | -- | May 30, 2023 | n/a |
| CVE-2023-28053 | Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure. | -- | Dec 18, 2023 | n/a |
| CVE-2023-24567 | Dell NetWorker versions 19.5 and earlier contain \'RabbitMQ\' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks. | -- | Mar 1, 2023 | n/a |
| CVE-2023-25544 | Dell NetWorker versions 19.5 and earlier contain \'Apache Tomcat\' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks. | -- | Mar 1, 2023 | n/a |
| CVE-2023-25539 | Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application\'s underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity. | -- | May 31, 2023 | n/a |
| CVE-2023-24575 | Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system | -- | Feb 21, 2023 | n/a |
| CVE-2022-34435 | Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update. | -- | Jan 26, 2023 | n/a |
