Vulnerabilities > Dell > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-05 | CVE-2016-6646 | Improper Input Validation vulnerability in multiple products The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class. | 10.0 |
| 2016-06-19 | CVE-2016-0912 | Permissions, Privileges, and Access Controls vulnerability in Dell EMC Data Domain OS EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account's session at an unattended workstation. | 9.0 |
| 2016-04-15 | CVE-2016-0889 | Improper Input Validation vulnerability in Dell EMC Unisphere An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname. | 10.0 |
| 2015-05-29 | CVE-2015-4067 | Numeric Errors vulnerability in Dell Netvault Backup 10.0.5 Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which triggers a heap-based buffer overflow. | 10.0 |
| 2014-06-02 | CVE-2014-2959 | OS Command Injection vulnerability in multiple products logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter. | 9.0 |
| 2014-01-20 | CVE-2013-3594 | Improper Input Validation vulnerability in Dell products The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22. | 10.0 |
| 2013-07-10 | CVE-2013-2352 | Credentials Management vulnerability in HP San/Iq LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password. | 9.4 |
| 2013-07-08 | CVE-2013-4783 | Improper Authentication vulnerability in Dell Idrac6 BMC The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. | 10.0 |
| 2013-07-08 | CVE-2013-4785 | Unspecified vulnerability in Dell Idrac6 Firmware 1.7 The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html. | 10.0 |
| 2011-11-12 | CVE-2011-4047 | Code Injection vulnerability in Dell Kace K2000 Systems Deployment Appliance The Dell KACE K2000 System Deployment Appliance allows remote attackers to execute arbitrary commands by leveraging database write access. | 9.3 |