cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-48010,https://securityvulnerability.io/vulnerability/CVE-2024-48010,PowerProtect DD Vulnerability Could Lead to Escalation of Privilege,"Dell PowerProtect DD versions prior to 8.1.0.0, along with specific earlier versions, are susceptible to an access control vulnerability. This issue allows remote attackers with high privileges to potentially exploit the vulnerability, leading to unauthorized escalation of privileges within the application. It is crucial for organizations using affected versions to apply recommended security updates promptly to mitigate risks associated with potential exploits.",Dell,Powerprotect Dd,7.2,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-11-08T03:01:01.903Z,0 CVE-2024-45759,https://securityvulnerability.io/vulnerability/CVE-2024-45759,Dell PowerProtect Data Domain Vulnerability: Local Privilege Escalation Risk,"The vulnerability in Dell PowerProtect Data Domain prior to version 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50 allows local low privileged attackers to exploit the system. By executing certain commands, attackers may overwrite system configuration, which can disrupt its functionalities, leading to potential denial of service. This highlights a significant risk to the security and integrity of the affected products.",Dell,Powerprotect Dd,7.3,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-08T02:48:42.259Z,0 CVE-2024-48011,https://securityvulnerability.io/vulnerability/CVE-2024-48011,Dell PowerProtect DD Vulnerability: Exposure of Sensitive Information to Unauthorized Actor,"The vulnerability in Dell PowerProtect DD versions prior to 7.7.5.50 presents an exposure of sensitive information that could be exploited by a low privileged attacker with remote access. This exposure could potentially lead to unauthorized access to sensitive data, making it imperative for organizations using affected versions to implement necessary security updates and patches. Proper measures must be taken to protect valuable information and maintain the integrity of the security posture.",Dell,Powerprotect Dd,6.5,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-11-08T02:30:27.068Z,0 CVE-2024-37141,https://securityvulnerability.io/vulnerability/CVE-2024-37141,Dell PowerProtect DD Vulnerability Could Lead to Information Disclosure,"Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.",Dell,Powerprotect Dd,3.5,LOW,0.00044999999227002263,false,false,false,false,,false,false,2024-06-26T04:00:34.863Z,0 CVE-2024-37140,https://securityvulnerability.io/vulnerability/CVE-2024-37140,Dell PowerProtect DD Vulnerability Could Lead to System Takeover,"An OS command injection vulnerability exists in Dell PowerProtect DD versions before 8.0 and certain LTS releases. This flaw can be targeted by remote attackers with low privileges, enabling them to execute arbitrary OS commands on the underlying operating system. Successful exploitation could allow adversaries to gain control over the system, posing a severe risk to data and service integrity. For detailed guidance on mitigation and security updates, consult Dell's official advisory.",Dell,Powerprotect Dd,8.8,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2024-06-26T03:54:38.461Z,0 CVE-2024-37139,https://securityvulnerability.io/vulnerability/CVE-2024-37139,Dell PowerProtect DD Vulnerability Could Lead to Denial of Service,"Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource constraint of system application. Exploitation may lead to denial of service of the application.",Dell,Powerprotect Dd,6.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-06-26T03:38:45.473Z,0 CVE-2024-37138,https://securityvulnerability.io/vulnerability/CVE-2024-37138,Dell PowerProtect DD Vulnerability Could Lead to Unauthorized File Access,"Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system.",Dell,Powerprotect Dd,6.8,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-06-26T03:24:40.504Z,0 CVE-2024-29175,https://securityvulnerability.io/vulnerability/CVE-2024-29175,Dell PowerProtect Data Domain Vulnerability Could Lead to Man-in-the-Middle Attacks,"Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information.",Dell,Powerprotect Dd,5.9,MEDIUM,0.0008699999889358878,false,false,false,false,,false,false,2024-06-26T03:03:06.155Z,0 CVE-2024-29174,https://securityvulnerability.io/vulnerability/CVE-2024-29174,Dell Data Domain SQL Injection Vulnerability Affects Data Security,"Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data.",Dell,Powerprotect Dd,4.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-06-26T02:57:41.758Z,0 CVE-2024-29173,https://securityvulnerability.io/vulnerability/CVE-2024-29173,Dell PowerProtect DD Vulnerable to Server-Side Request Forgery (SSRF) Attacks,"Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client.",Dell,Powerprotect Dd,6.8,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-06-26T02:51:56.989Z,0 CVE-2024-29177,https://securityvulnerability.io/vulnerability/CVE-2024-29177,Temporary Sensitive Information Vulnerability Affects Dell PowerProtect DD Versions,"Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain unauthorized access to the application report.",Dell,Powerprotect Dd,2.7,LOW,0.00044999999227002263,false,false,false,false,,false,false,2024-06-26T02:46:55.073Z,0 CVE-2024-29176,https://securityvulnerability.io/vulnerability/CVE-2024-29176,Buffer Overflow Vulnerability Affects Dell PowerProtect DD Versions,"The Out-of-bounds Write vulnerability in Dell PowerProtect DD affects multiple versions including 8.0 and several 7.x releases. This weakness allows a low privileged attacker with remote access the potential to exploit the software, possibly leading to unauthorized code execution. It is crucial for users to be aware of this vulnerability and apply the necessary security updates to mitigate associated risks.",Dell,Powerprotect Dd,8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-06-26T02:37:54.785Z,0 CVE-2024-28973,https://securityvulnerability.io/vulnerability/CVE-2024-28973,Dell PowerProtect DD Vulnerable to Stored Cross-Site Scripting Attacks,"Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery",Dell,Powerprotect Dd,5.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-06-26T02:31:10.767Z,0 CVE-2023-44286,https://securityvulnerability.io/vulnerability/CVE-2023-44286,," Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user's DOM environment in the browser. . Exploitation may lead to information disclosure, session theft, or client-side request forgery. ",Dell,"PowerProtect DD ",8.8,HIGH,0.0011699999449774623,false,false,false,false,,false,false,2023-12-14T16:15:00.000Z,0 CVE-2023-44284,https://securityvulnerability.io/vulnerability/CVE-2023-44284,," Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized read access to application data. ",Dell,Powerprotect Dd,4.3,MEDIUM,0.0007099999929778278,false,false,false,false,,false,false,2023-12-14T16:15:00.000Z,0 CVE-2023-44285,https://securityvulnerability.io/vulnerability/CVE-2023-44285,," Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege. ",Dell,PowerProtect DD,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2023-12-14T16:15:00.000Z,0 CVE-2023-48668,https://securityvulnerability.io/vulnerability/CVE-2023-48668,," Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC. ",Dell," PowerProtect DD",8.2,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-12-14T16:15:00.000Z,0 CVE-2023-44278,https://securityvulnerability.io/vulnerability/CVE-2023-44278,," Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application. ",Dell,PowerProtect DD,6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-12-14T16:15:00.000Z,0 CVE-2023-44279,https://securityvulnerability.io/vulnerability/CVE-2023-44279,," Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker ",Dell,Powerprotect Dd,6.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-12-14T16:15:00.000Z,0 CVE-2023-48667,https://securityvulnerability.io/vulnerability/CVE-2023-48667,," Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker. ",Dell,PowerProtect DD,7.2,HIGH,0.001180000021122396,false,false,false,false,,false,false,2023-12-14T16:15:00.000Z,0 CVE-2023-44277,https://securityvulnerability.io/vulnerability/CVE-2023-44277,," Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. ",Dell,PowerProtect DD,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-12-14T15:15:00.000Z,0