Security
Headlines
HeadlinesLatestCVEs

Tag

#dell

CVE-2022-29085: DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

CVE
Open in Source
#sql#vulnerability#apache#js#intel#auth#dell#docker#ssl
CVE-2022-29098: DSA-2022-082: Dell EMC PowerScale OneFS Security Weak Password Requirement Vulnerability

Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise.

CVE-2020-26185

Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.

CVE-2022-24422: DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.

CVE-2022-29082: DSA-2022-103: Dell EMC NetWorker Security Update for Multiple Vulnerabilities

Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates.

CVE-2022-29091: DSA-2022-138: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for a Cross-Site Scripting Vulnerability

Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CVE-2022-24417: DSA-2022-095: Dell Client Platform Security Update for SMM Vulnerabilities

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

CVE-2022-26865: DSA-2022-102: Dell Client SupportAssist OS Recovery Security Update for an Authentication Bypass Vulnerability

Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator.

CVE-2022-24414: DSA-2022-064: Dell EMC CloudLink Security Update for Security Vulnerabilities

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks.

CVE-2022-26857: DSA-2022-077: Dell OpenManage Enterprise Security Update for an Authorization Bypass Vulnerability

Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions.