Vulnerabilities > Dell > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-04 | CVE-2017-14383 | Cross-site Scripting vulnerability in Dell EMC Vnx1 Firmware and EMC Vnx2 Firmware In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. | 6.1 |
| 2017-12-07 | CVE-2017-14386 | Cross-site Scripting vulnerability in Dell 2335Dn Firmware and 2355Dn Firmware The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vulnerability. | 6.1 |
| 2017-05-04 | CVE-2017-4983 | Unspecified vulnerability in Dell EMC Data Domain OS EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system. | 6.7 |
| 2017-04-10 | CVE-2015-7275 | Cross-site Scripting vulnerability in Dell Integrated Remote Access Controller Firmware Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. | 6.1 |
| 2017-02-21 | CVE-2015-4056 | Cryptographic Issues vulnerability in Dell VCE Vision Intelligent Operations 2.5/2.6/2.6.4 The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access. | 6.7 |
| 2017-02-03 | CVE-2016-8216 | Permissions, Privileges, and Access Controls vulnerability in Dell EMC Data Domain OS EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 6.7 |
| 2016-08-02 | CVE-2016-6257 | Cryptographic Issues vulnerability in multiple products The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack." | 6.5 |
| 2016-04-12 | CVE-2016-0887 | Information Exposure vulnerability in Dell products EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session. | 5.9 |
| 2016-04-12 | CVE-2016-4004 | Path Traversal vulnerability in Dell Openmanage Server Administrator 8.2 Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile. | 4.9 |
| 2016-04-06 | CVE-2016-1346 | Resource Management Errors vulnerability in multiple products The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673. | 5.9 |