Vulnerabilities > Dell
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-06 | CVE-2020-5368 | Missing Authorization vulnerability in Dell Vxrail D560 Firmware and Vxrail D560F Firmware Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. | 7.5 |
| 2020-07-06 | CVE-2020-5356 | Files or Directories Accessible to External Parties vulnerability in Dell products Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. | 6.5 |
| 2020-07-06 | CVE-2020-5352 | OS Command Injection vulnerability in Dell EMC Data Protection Advisor 18.1/6.4/6.5 Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. | 8.8 |
| 2020-06-23 | CVE-2020-5367 | Improper Certificate Validation vulnerability in Dell products Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. | 8.1 |
| 2020-06-23 | CVE-2020-5345 | Missing Authorization vulnerability in Dell products Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. | 5.4 |
| 2020-06-17 | CVE-2020-11899 | Out-of-bounds Read vulnerability in multiple products The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. | 5.4 |
| 2020-06-15 | CVE-2020-5358 | Incorrect Permission Assignment for Critical Resource vulnerability in Dell Encryption and Endpoint Security Suite Enterprise Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. | 7.8 |
| 2020-06-10 | CVE-2020-5363 | Unspecified vulnerability in Dell products Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. | 6.7 |
| 2020-06-10 | CVE-2020-5362 | Missing Authorization vulnerability in Dell products Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values. | 4.4 |
| 2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |