Filtered by vendor Dell
Subscriptions
Total
1482 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-23861 | 1 Dell | 1 Unisphere For Powermax | 2026-02-18 | 5.4 Medium |
| Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | ||||
| CVE-2025-36597 | 2 Dell, Emc | 3 Avamar Server, Powerprotect Dp Series Appliance (idpa), Avamar Virtual Edition | 2026-02-18 | 4.7 Medium |
| Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2025-36598 | 1 Dell | 2 Avamar Virtual Edition, Powerprotect Dp Series Appliance (idpa) | 2026-02-18 | 6.5 Medium |
| Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to upload malicious files. | ||||
| CVE-2026-26357 | 1 Dell | 2 Unisphere For Powermax, Unisphere For Powermax Virtual Appliance | 2026-02-18 | 5.4 Medium |
| Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | ||||
| CVE-2026-22276 | 1 Dell | 3 Ecs Streamer, Elastic Cloud Storage, Objectscale | 2026-02-18 | 5.5 Medium |
| Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | ||||
| CVE-2026-22275 | 1 Dell | 3 Ecs Streamer, Elastic Cloud Storage, Objectscale | 2026-02-18 | 4.4 Medium |
| Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | ||||
| CVE-2026-22274 | 1 Dell | 3 Ecs Streamer, Elastic Cloud Storage, Objectscale | 2026-02-18 | 6.5 Medium |
| Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker with remote access could potentially exploit this vulnerability to intercept and modify information in transit. | ||||
| CVE-2025-46684 | 1 Dell | 1 Supportassist Os Recovery | 2026-02-13 | 6.6 Medium |
| Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering. | ||||
| CVE-2026-22764 | 1 Dell | 1 Openmanage Network Integration | 2026-02-13 | 4.3 Medium |
| Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | ||||
| CVE-2025-21104 | 1 Dell | 2 Networker, Networker Management Console | 2026-02-13 | 4.3 Medium |
| Dell NetWorker, versions prior to 19.11.0.4 and version 19.12, contains an URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in NetWorker Management Console. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. | ||||
| CVE-2026-21417 | 1 Dell | 1 Cloudboost Virtual Appliance | 2026-02-06 | 7 High |
| Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2025-46676 | 1 Dell | 3 Data Domain Operating System, Powerprotect Data Domain, Powerprotect Dd | 2026-02-05 | 2.7 Low |
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | ||||
| CVE-2025-46643 | 1 Dell | 1 Data Domain Operating System | 2026-02-05 | 2.3 Low |
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain a Heap-based Buffer Overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service. | ||||
| CVE-2025-46699 | 1 Dell | 1 Data Protection Advisor | 2026-01-28 | 4.3 Medium |
| Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | ||||
| CVE-2026-22279 | 1 Dell | 1 Powerscale Onefs | 2026-01-28 | 4.3 Medium |
| Dell PowerScale OneFS, versions prior 9.13.0.0, contains an insufficient logging vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information tampering. | ||||
| CVE-2026-22280 | 1 Dell | 1 Powerscale Onefs | 2026-01-28 | 5 Medium |
| Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains an incorrect permission assignment for critical resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2026-22281 | 1 Dell | 1 Powerscale Onefs | 2026-01-28 | 3.5 Low |
| Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2025-36589 | 1 Dell | 2 Unisphere For Powermax, Unisphere For Powermax Virtual Appliance | 2026-01-22 | 7.6 High |
| Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control. | ||||
| CVE-2024-37143 | 1 Dell | 5 Data Lakehouse, Insightiq, Powerflex Appliance Intelligent Catalog and 2 more | 2026-01-22 | 10 Critical |
| Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Improper Link Resolution Before File Access vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system. | ||||
| CVE-2024-37144 | 1 Dell | 5 Data Lakehouse, Insightiq, Powerflex Appliance Intelligent Catalog and 2 more | 2026-01-22 | 8.2 High |
| Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Insecure Storage of Sensitive Information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use information disclosed to gain unauthorized access to pods within the cluster. | ||||