Vulnerabilities > Dell > High

DATE CVE VULNERABILITY TITLE RISK
2018-09-28 CVE-2018-1251 Open Redirect vulnerability in Dell EMC Unity Firmware and EMC Unityvsa
Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability.
network
low complexity
dell CWE-601
8.1
2018-09-11 CVE-2018-11078 Incorrect Permission Assignment for Critical Resource vulnerability in Dell EMC Vplex Geosynchrony 5.4/5.5/6.0
Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability.
network
high complexity
dell CWE-732
7.5
2018-08-31 CVE-2018-11054 Integer Overflow or Wraparound vulnerability in multiple products
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability.
network
low complexity
dell oracle CWE-190
7.5
2018-08-23 CVE-2018-15748 Weak Password Requirements vulnerability in Dell products
On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of the Email Settings webpage.
network
low complexity
dell CWE-521
8.8
2018-08-10 CVE-2018-11063 Unquoted Search Path or Element vulnerability in Dell Wyse Management Suite 1.0/1.1
Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities.
local
low complexity
dell CWE-428
7.8
2018-08-10 CVE-2018-11048 XXE vulnerability in Dell products
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API.
network
low complexity
dell CWE-611
8.1
2018-08-01 CVE-2018-11050 Insufficiently Protected Credentials vulnerability in Dell EMC Networker
Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component.
low complexity
dell CWE-522
8.8
2018-07-02 CVE-2018-1244 Command Injection vulnerability in Dell Idrac7 Firmware, Idrac8 Firmware and Idrac9 Firmware
Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent.
network
low complexity
dell CWE-77
8.8
2018-07-02 CVE-2018-1243 Improperly Implemented Security Check for Standard vulnerability in Dell products
Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability.
network
low complexity
dell CWE-358
7.5
2018-07-02 CVE-2018-1212 Command Injection vulnerability in Dell Idrac6 Modular and Idrac6 Monolithic
The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability.
network
low complexity
dell CWE-77
8.8