Vulnerabilities > Dell > High

DATE CVE VULNERABILITY TITLE RISK
2019-06-20 CVE-2019-3735 Improper Privilege Management vulnerability in Dell products
Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability.
local
low complexity
dell CWE-269
7.8
2019-06-19 CVE-2019-3737 Path Traversal vulnerability in Dell Avamar Data Migration Enabler web Interface 1.0.50/1.0.51
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.
network
low complexity
dell CWE-22
7.5
2019-06-06 CVE-2019-3722 XXE vulnerability in Dell EMC Openmanage Server Administrator
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability.
network
low complexity
dell CWE-611
7.5
2019-04-25 CVE-2019-3721 Allocation of Resources Without Limits or Throttling vulnerability in Dell EMC Openmanage Server Administrator
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability.
network
low complexity
dell CWE-770
7.5
2019-04-18 CVE-2019-3719 Unspecified vulnerability in Dell Supportassist
Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability.
low complexity
dell
8.0
2019-04-18 CVE-2019-3718 Cross-Site Request Forgery (CSRF) vulnerability in Dell Supportassist
Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability.
network
low complexity
dell CWE-352
8.8
2019-03-28 CVE-2019-3710 Use of Hard-coded Credentials vulnerability in Dell EMC Networking Os10
Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs.
network
high complexity
dell CWE-798
8.1
2019-03-07 CVE-2019-3712 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dell products
Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability.
low complexity
dell CWE-119
8.8
2019-02-13 CVE-2018-15781 Use of Hard-coded Credentials vulnerability in Dell Wyse Thinlinux 2.0
The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability.
low complexity
dell CWE-798
8.0
2019-02-07 CVE-2019-3704 OS Command Injection vulnerability in Dell EMC Vnx2 Firmware
VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability.
local
low complexity
dell CWE-78
7.8