Security
Headlines
HeadlinesLatestCVEs

Tag

#dell

CVE-2020-35169: DSA-2020-286: Dell BSAFE Crypto-C Micro Edition 4.1.5 and Dell BSAFE Micro Edition Suite 4.6 Multiple Security Vulnerabilities

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.

CVE
Open in Source
#vulnerability#dell
CVE-2022-35414: Re: [PATCH v2] softmmu: Always initialize xlat in address_space_translate_for_iotlb

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.

CVE-2022-33936: DSA-2022-182: Cloud Mobility for Dell EMC Storage Security Update for a Path Traversal/RCE Vulnerability

Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity.

CVE-2022-32481: DSA-2022-163: Dell EMC Cyber Recovery Security Update for Multiple Vulnerabilities

Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover.

Google cracks down on sites with ties to hack-for-hire groups in UAE, Russia, India

By Deeba Ahmed Currently, over 30 sites have been marked as malicious by Google’s Safe Browsing feature. Google TAG (Threat Analysis… This is a post from HackRead.com Read the original post: Google cracks down on sites with ties to hack-for-hire groups in UAE, Russia, India

CVE-2022-31229: DSA-2022-118: Dell EMC PowerScale OneFS Security Update

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.

CVE-2022-31230: DSA-2022-118: Dell EMC PowerScale OneFS Security Update

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.

CVE-2022-29097: DSA-2022-143: Dell Wyse Management Suite Security Update for Multiple Vulnerabilities.

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

CVE-2022-26864: DSA-2022-096: Dell Client Security Update for Multiple Vulnerabilities

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.