Vulnerabilities > Dell
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-03 | CVE-2016-8211 | Path Traversal vulnerability in Dell EMC Data Protection Advisor EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system. | 7.5 |
| 2016-11-29 | CVE-2016-5685 | Injection vulnerability in Dell Idrac7 Firmware and Idrac8 Firmware Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. | 8.8 |
| 2016-10-05 | CVE-2016-6646 | Improper Input Validation vulnerability in multiple products The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class. | 9.8 |
| 2016-10-05 | CVE-2016-6645 | Improper Input Validation vulnerability in multiple products The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class. | 8.8 |
| 2016-09-18 | CVE-2016-0923 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Bsafe The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used. | 7.5 |
| 2016-08-02 | CVE-2016-6257 | Cryptographic Issues vulnerability in multiple products The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack." | 6.5 |
| 2016-06-19 | CVE-2016-0912 | Permissions, Privileges, and Access Controls vulnerability in Dell EMC Data Domain OS EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account's session at an unattended workstation. | 9.8 |
| 2016-06-19 | CVE-2016-0911 | Permissions, Privileges, and Access Controls vulnerability in Dell EMC Data Domain OS EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root privileges. | 8.2 |
| 2016-04-15 | CVE-2016-0889 | Improper Input Validation vulnerability in Dell EMC Unisphere An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname. | 9.8 |
| 2016-04-12 | CVE-2016-0887 | Information Exposure vulnerability in Dell products EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session. | 5.9 |