Vulnerabilities > Dell > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-03 CVE-2016-8216 Permissions, Privileges, and Access Controls vulnerability in Dell EMC Data Domain OS
EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.
local
low complexity
dell CWE-264
6.7
2016-08-02 CVE-2016-6257 Cryptographic Issues vulnerability in multiple products
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."
6.5
2016-04-12 CVE-2016-0887 Information Exposure vulnerability in Dell products
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.
network
high complexity
dell CWE-200
5.9
2016-04-12 CVE-2016-4004 Path Traversal vulnerability in Dell Openmanage Server Administrator 8.2
Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.
network
low complexity
dell CWE-22
4.9
2016-04-06 CVE-2016-1346 Resource Management Errors vulnerability in multiple products
The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673.
network
high complexity
dell netgear samsung zyxel zzinc CWE-399
5.9
2016-02-08 CVE-2016-2268 Cryptographic Issues vulnerability in Dell Secureworks 2.0.6
Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
dell CWE-310
6.8
2015-08-01 CVE-2015-2890 Unspecified vulnerability in Dell Bios
The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.
local
low complexity
dell
6.0