High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-06	CVE-2020-5372	Incorrect Authorization vulnerability in Dell products Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. network low complexity dell CWE-863	7.5
2020-07-06	CVE-2020-5371	Incorrect Permission Assignment for Critical Resource vulnerability in Dell EMC Isilon Onefs and EMC Powerscale Onefs Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. network low complexity dell CWE-732	8.8
2020-07-06	CVE-2020-5368	Missing Authorization vulnerability in Dell Vxrail D560 Firmware and Vxrail D560F Firmware Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. network low complexity dell CWE-862	7.5
2020-07-06	CVE-2020-5352	OS Command Injection vulnerability in Dell EMC Data Protection Advisor 18.1/6.4/6.5 Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. network low complexity dell CWE-78	8.8
2020-06-23	CVE-2020-5367	Improper Certificate Validation vulnerability in Dell products Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. network high complexity dell CWE-295	8.1
2020-06-15	CVE-2020-5358	Incorrect Permission Assignment for Critical Resource vulnerability in Dell Encryption and Endpoint Security Suite Enterprise Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. local low complexity dell CWE-732	7.8
2020-06-08	CVE-2020-12695	Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. network high complexity ui w1-fi asus broadcom canon cisco dlink dell epson hp huawei nec netgear ruckussecurity tp-link zte zyxel microsoft fedoraproject debian canonical CWE-276	7.5
2020-05-20	CVE-2020-5365	Use of Insufficiently Random Values vulnerability in Dell EMC Isilon Onefs Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. network low complexity dell CWE-330	7.5
2020-05-20	CVE-2020-5364	Information Exposure vulnerability in Dell EMC Isilon Onefs Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. network low complexity dell CWE-200	7.5
2020-05-04	CVE-2020-5343	Incorrect Authorization vulnerability in Dell OS Recovery Image for Microsoft Windows 10 Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. local low complexity dell CWE-863	7.8