Vulnerabilities > Dell > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-06-19 | CVE-2009-0695 | Improper Authentication vulnerability in Dell Wyse Device Manager 4.7.0/4.7.1/4.7.2 hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action. | 7.5 |
2012-06-19 | CVE-2009-0693 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Dell Wyse Device Manager 4.7.0/4.7.1/4.7.2 Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe. | 7.5 |
2012-03-22 | CVE-2012-1844 | Credentials Management vulnerability in multiple products The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors. | 7.5 |
2006-08-25 | CVE-2006-2112 | Permissions, Privileges, and Access Controls vulnerability in multiple products Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted. | 7.5 |
2006-07-10 | CVE-2006-3470 | Remote Security vulnerability in Openmanage Cd The Dell Openmanage CD launches X11 and SSH daemons that do not require authentication, which allows remote attackers to gain privileges. | 7.5 |
2004-11-23 | CVE-2004-0079 | NULL Pointer Dereference vulnerability in multiple products The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | 7.5 |
2001-09-12 | CVE-2001-1105 | RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure. | 7.5 |