Vulnerabilities > Dell > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-08 | CVE-2018-1215 | Unrestricted Upload of File with Dangerous Type vulnerability in Dell products An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). | 9.0 |
2017-11-01 | CVE-2017-14375 | Authentication Bypass by Spoofing vulnerability in multiple products EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system. | 10.0 |
2017-10-03 | CVE-2017-8021 | Insecure Default Initialization of Resource vulnerability in Dell Elastic Cloud Storage 3.0 EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. | 10.0 |
2017-07-17 | CVE-2017-8011 | Use of Hard-coded Credentials vulnerability in Dell products EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. | 10.0 |
2017-06-29 | CVE-2017-4997 | Improper Input Validation vulnerability in Dell EMC Vasa Provider Virtual Appliance 8.3.0 EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 10.0 |
2017-02-22 | CVE-2016-9684 | Command Injection vulnerability in Dell Sonicwall Secure Remote Access Server 8.1.0.214Sv The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. | 10.0 |
2017-02-22 | CVE-2016-9683 | Command Injection vulnerability in Dell Sonicwall Secure Remote Access Server 8.1.0.214Sv The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. | 10.0 |
2017-02-22 | CVE-2016-9682 | Command Injection vulnerability in Dell Sonicwall Secure Remote Access Server 8.1.0.214Sv The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. | 10.0 |
2016-11-29 | CVE-2016-5685 | Injection vulnerability in Dell Idrac7 Firmware and Idrac8 Firmware Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. | 9.0 |
2016-10-05 | CVE-2016-6646 | Improper Input Validation vulnerability in multiple products The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class. | 10.0 |