Vulnerabilities > Dell > High

DATE CVE VULNERABILITY TITLE RISK
2019-02-04 CVE-2018-15778 Improper Input Validation vulnerability in Dell Networking Os10 10.3.2R2/10.4.0R3S/10.4.1.4
Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI).
local
low complexity
dell CWE-20
7.8
2019-01-18 CVE-2018-15784 Improper Certificate Validation vulnerability in Dell Networking Os10
Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake.
network
high complexity
dell CWE-295
7.4
2018-12-13 CVE-2018-15774 Incorrect Authorization vulnerability in Dell Idrac7 Firmware, Idrac8 Firmware and Idrac9 Firmware
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability.
network
low complexity
dell CWE-863
8.8
2018-11-30 CVE-2018-15767 Incorrect Authorization vulnerability in Dell Openmanage Network Manager 6.5.0/6.5.2
The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file.
network
low complexity
dell CWE-863
8.8
2018-11-16 CVE-2018-15769 RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue.
network
low complexity
dell oracle
7.5
2018-11-13 CVE-2018-15772 Resource Exhaustion vulnerability in Dell products
Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability.
local
low complexity
dell CWE-400
7.1
2018-11-02 CVE-2018-11062 Use of Hard-coded Credentials vulnerability in Dell EMC Integrated Data Protection Appliance 2.0/2.1/2.2
Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords.
network
low complexity
dell CWE-798
8.8
2018-10-11 CVE-2018-15766 Weak Password Requirements vulnerability in Dell Encryption and Endpoint Security Suite Enterprise
On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to a value of 1 on that device.
network
low complexity
dell CWE-521
7.5
2018-10-05 CVE-2018-11064 Incorrect Permission Assignment for Critical Resource vulnerability in Dell products
Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability.
local
low complexity
dell CWE-732
7.8
2018-10-02 CVE-2018-11072 Uncontrolled Search Path Element vulnerability in Dell Digital Delivery
Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability.
local
low complexity
dell CWE-427
7.8