Vulnerabilities > Dell > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-25 CVE-2021-36295 OS Command Injection vulnerability in Dell EMC Unity Operating Environment
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability.
network
low complexity
dell CWE-78
7.2
7.2
2022-01-25 CVE-2021-36296 OS Command Injection vulnerability in Dell EMC Unity Operating Environment
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability.
network
low complexity
dell CWE-78
7.2
7.2
2022-01-25 CVE-2021-36347 Out-of-bounds Write vulnerability in Dell products
iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability.
network
low complexity
dell CWE-787
7.2
7.2
2022-01-25 CVE-2021-36348 Injection vulnerability in Dell Integrated Dell Remote Access Controller 9 Firmware
iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability.
network
low complexity
dell CWE-74
8.1
8.1
2022-01-24 CVE-2021-43588 Improper Input Validation vulnerability in Dell EMC Data Protection Central
Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability.
network
low complexity
dell CWE-20
7.5
7.5
2022-01-21 CVE-2021-36338 Reliance on Cookies without Validation and Integrity Checking vulnerability in Dell products
Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability.
low complexity
dell CWE-565
8.0
8.0
2022-01-21 CVE-2021-36339 Unspecified vulnerability in Dell products
The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts.
local
low complexity
dell
7.8
7.8
2022-01-21 CVE-2022-22551 Session Fixation vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings.
low complexity
dell CWE-384
8.8
8.8
2021-12-21 CVE-2021-36316 Improper Privilege Management vulnerability in Dell EMC Avamar Server
Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI.
network
low complexity
dell CWE-269
7.2
7.2
2021-12-21 CVE-2021-36337 Inadequate Encryption Strength vulnerability in Dell Wyse Management Suite
Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data.
network
high complexity
dell CWE-326
7.4
7.4