Vulnerabilities > Dell > EMC Idrac9 Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-11-23 CVE-2021-36299 SQL Injection vulnerability in Dell EMC Idrac9 Firmware 4.40.10.00/4.40.20.00/5.00.00.00
Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability.
network
low complexity
dell CWE-89
5.5
5.5
2021-11-23 CVE-2021-36300 SQL Injection vulnerability in Dell EMC Idrac9 Firmware
iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability.
network
low complexity
dell CWE-89
6.4
6.4
2021-11-23 CVE-2021-36301 Out-of-bounds Write vulnerability in Dell EMC Idrac8 Firmware and EMC Idrac9 Firmware
Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm.
network
low complexity
dell CWE-787
6.5
6.5
2021-08-03 CVE-2021-21576 Cross-site Scripting vulnerability in Dell EMC Idrac9 Firmware
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability.
network
dell CWE-79
4.3
4.3
2021-08-03 CVE-2021-21577 Cross-site Scripting vulnerability in Dell EMC Idrac9 Firmware
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability.
network
dell CWE-79
4.3
4.3
2021-08-03 CVE-2021-21578 Open Redirect vulnerability in Dell EMC Idrac9 Firmware
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability.
network
dell CWE-601
5.8
5.8
2021-08-03 CVE-2021-21579 Open Redirect vulnerability in Dell EMC Idrac9 Firmware
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability.
network
dell CWE-601
5.8
5.8
2021-08-03 CVE-2021-21580 Injection vulnerability in Dell EMC Idrac8 Firmware and EMC Idrac9 Firmware
Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message is legitimate.
network
dell CWE-74
4.3
4.3
2021-08-03 CVE-2021-21581 Cross-site Scripting vulnerability in Dell EMC Idrac9 Firmware
Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability.
network
dell CWE-79
4.3
4.3