Vulnerabilities > Dell > High

DATE CVE VULNERABILITY TITLE RISK
2017-09-22 CVE-2017-8012 Unspecified vulnerability in Dell products
In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition.
network
high complexity
dell
7.4
2017-09-22 CVE-2017-8007 Path Traversal vulnerability in Dell products
In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability.
network
low complexity
dell CWE-22
8.8
2017-08-04 CVE-2017-10949 Path Traversal vulnerability in Dell Storage Manager 2016 R2.1
Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations.
network
low complexity
dell CWE-22
7.5
2017-06-14 CVE-2017-4981 Improper Certificate Validation vulnerability in Dell Bsafe Cert-C 2.7
EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability.
network
low complexity
dell CWE-295
7.5
2017-04-10 CVE-2015-7274 Permissions, Privileges, and Access Controls vulnerability in Dell Integrated Remote Access Controller Firmware 1.99
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands.
network
low complexity
dell CWE-264
8.8
2017-04-10 CVE-2015-7270 Path Traversal vulnerability in Dell Integrated Remote Access Controller Firmware 1.99/2.20.20.20
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.
local
low complexity
dell CWE-22
7.8
2017-02-21 CVE-2015-4057 Information Exposure vulnerability in Dell VCE Vision Intelligent Operations 2.5/2.6/2.6.4
The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network.
network
low complexity
dell CWE-200
7.5
2017-02-03 CVE-2016-8212 Improper Resource Shutdown or Release vulnerability in Dell Bsafe Crypto-J
An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2.
network
low complexity
dell CWE-404
7.5
2017-02-03 CVE-2016-8211 Path Traversal vulnerability in Dell EMC Data Protection Advisor
EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system.
network
low complexity
dell CWE-22
7.5
2016-11-29 CVE-2016-5685 Injection vulnerability in Dell Idrac7 Firmware and Idrac8 Firmware
Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection.
network
low complexity
dell CWE-74
8.8