Vulnerabilities > Dell > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-09-03 CVE-2019-3754 Cross-site Scripting vulnerability in Dell products
Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page.
network
low complexity
dell CWE-79
6.1
2019-08-20 CVE-2019-3753 Insufficiently Protected Credentials vulnerability in Dell products
Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability.
network
low complexity
dell CWE-522
6.5
2019-08-05 CVE-2019-3717 Unspecified vulnerability in Dell products
Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability.
low complexity
dell
6.8
2019-07-18 CVE-2019-3734 Unspecified vulnerability in Dell products
Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an improper authorization vulnerability in NAS Server quotas configuration.
network
low complexity
dell
4.3
2019-05-15 CVE-2019-3727 OS Command Injection vulnerability in Dell products
Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI.
local
low complexity
dell CWE-78
6.7
2019-04-25 CVE-2019-3720 Path Traversal vulnerability in Dell EMC Openmanage Server Administrator
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability.
network
low complexity
dell CWE-22
4.9
2018-12-13 CVE-2018-15776 Unspecified vulnerability in Dell Idrac7 Firmware and Idrac8 Firmware
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability.
low complexity
dell
6.8
2018-12-05 CVE-2018-15773 Information Exposure vulnerability in Dell Data Protection | Encryption
Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability.
low complexity
dell CWE-200
4.3
2018-11-30 CVE-2018-15768 Incorrect Permission Assignment for Critical Resource vulnerability in Dell Openmanage Network Manager
Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database.
network
low complexity
dell CWE-732
6.5
2018-11-26 CVE-2018-11077 OS Command Injection vulnerability in multiple products
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability.
local
low complexity
dell vmware CWE-78
6.7