Vulnerabilities > Dell > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-04 | CVE-2017-10949 | Path Traversal vulnerability in Dell Storage Manager 2016 R2.1 Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. | 7.5 |
| 2017-06-14 | CVE-2017-4981 | Improper Certificate Validation vulnerability in Dell Bsafe Cert-C 2.7 EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability. | 7.5 |
| 2017-04-10 | CVE-2015-7274 | Permissions, Privileges, and Access Controls vulnerability in Dell Integrated Remote Access Controller Firmware 1.99 Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands. | 8.8 |
| 2017-04-10 | CVE-2015-7270 | Path Traversal vulnerability in Dell Integrated Remote Access Controller Firmware 1.99/2.20.20.20 Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal. | 7.8 |
| 2017-02-21 | CVE-2015-4057 | Information Exposure vulnerability in Dell VCE Vision Intelligent Operations 2.5/2.6/2.6.4 The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network. | 7.5 |
| 2017-02-03 | CVE-2016-8212 | Improper Resource Shutdown or Release vulnerability in Dell Bsafe Crypto-J An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. | 7.5 |
| 2017-02-03 | CVE-2016-8211 | Path Traversal vulnerability in Dell EMC Data Protection Advisor EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system. | 7.5 |
| 2016-11-29 | CVE-2016-5685 | Injection vulnerability in Dell Idrac7 Firmware and Idrac8 Firmware Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. | 8.8 |
| 2016-10-05 | CVE-2016-6645 | Improper Input Validation vulnerability in multiple products The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class. | 8.8 |
| 2016-09-18 | CVE-2016-0923 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Bsafe The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used. | 7.5 |