Filtered by vendor Dell
Subscribe
Total
1261 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-24904 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | N/A | 7.6 HIGH |
| Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2024-24906 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | N/A | 7.6 HIGH |
| Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2024-24900 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | N/A | 5.8 MEDIUM |
| Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosure and unauthorized access to the system. | |||||
| CVE-2024-24905 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | N/A | 7.6 HIGH |
| Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2024-24907 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | N/A | 7.6 HIGH |
| Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2025-23382 | 1 Dell | 1 Secure Connect Gateway | 2025-05-20 | N/A | 5.5 MEDIUM |
| Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.c | |||||
| CVE-2024-29169 | 1 Dell | 1 Secure Connect Gateway | 2025-05-20 | N/A | 5.4 MEDIUM |
| Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data. | |||||
| CVE-2025-26475 | 1 Dell | 1 Secure Connect Gateway | 2025-05-20 | N/A | 5.5 MEDIUM |
| Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack exposure, preventing accidental misconfigurations, and ensuring security controls remain active. | |||||
| CVE-2025-30101 | 1 Dell | 1 Powerscale Onefs | 2025-05-16 | N/A | 4.4 MEDIUM |
| Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check time-of-use (TOCTOU) race condition vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to denial of service and information tampering. | |||||
| CVE-2025-30102 | 1 Dell | 1 Powerscale Onefs | 2025-05-16 | N/A | 5.5 MEDIUM |
| Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2025-23379 | 1 Dell | 1 Storage Manager | 2025-05-13 | N/A | 3.5 LOW |
| Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection. | |||||
| CVE-2025-22479 | 1 Dell | 1 Storage Manager | 2025-05-13 | N/A | 3.5 LOW |
| Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection. | |||||
| CVE-2025-22478 | 1 Dell | 1 Storage Manager | 2025-05-13 | N/A | 8.1 HIGH |
| Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering. | |||||
| CVE-2025-22477 | 1 Dell | 1 Storage Manager | 2025-05-13 | N/A | 8.3 HIGH |
| Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2025-23375 | 1 Dell | 1 Powerprotect Data Manager | 2025-05-13 | N/A | 7.8 HIGH |
| Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2025-23376 | 1 Dell | 1 Powerprotect Data Manager | 2025-05-13 | N/A | 2.3 LOW |
| Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2025-23377 | 1 Dell | 1 Powerprotect Data Manager | 2025-05-13 | N/A | 4.2 MEDIUM |
| Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs. | |||||
| CVE-2024-49561 | 1 Dell | 1 Smartfabric Os10 | 2025-05-08 | N/A | 7.8 HIGH |
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2022-34438 | 1 Dell | 1 Emc Powerscale Onefs | 2025-05-07 | N/A | 6.7 MEDIUM |
| Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters. | |||||
| CVE-2024-0166 | 1 Dell | 1 Unity Operating Environment | 2025-05-06 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges. | |||||