cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-36348,https://securityvulnerability.io/vulnerability/CVE-2021-36348,Input Injection Vulnerability in iDRAC9 by Dell,"iDRAC9 versions prior to 5.00.20.00 are vulnerable to an input injection flaw. This vulnerability could be exploited by a remote authenticated malicious user with limited access privileges, potentially leading to information disclosure or denial of service. By supplying specially crafted input data, the attacker could manipulate the iDRAC9 functionality to perform unauthorized actions.",Dell,Integrated Dell Remote Access Controller (idrac),5.9,MEDIUM,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-01-25T23:15:00.000Z,0
CVE-2021-36347,https://securityvulnerability.io/vulnerability/CVE-2021-36347,Stack-Based Buffer Overflow Vulnerability in iDRAC9 and iDRAC8 by Dell,"Dell's iDRAC9 and iDRAC8 systems are susceptible to a stack-based buffer overflow vulnerability. This flaw allows an authenticated remote attacker with high privileges to exploit the vulnerability, potentially facilitating control over process execution and unauthorized access to the iDRAC operating system. Prompt updates to the latest versions are essential for mitigating this risk.",Dell,Integrated Dell Remote Access Controller (idrac),6.2,MEDIUM,0.0024500000290572643,false,,false,false,false,,,false,false,,2022-01-25T23:15:00.000Z,0
CVE-2021-36346,https://securityvulnerability.io/vulnerability/CVE-2021-36346,Denial of Service Vulnerability in Dell iDRAC 8,"A vulnerability exists in Dell iDRAC 8 that allows an unauthenticated remote attacker to potentially exploit a denial of service condition. This may prevent legitimate users from accessing the iDRAC web server, creating potential downtime and operational disruption. It is crucial for users of affected versions to apply necessary updates to mitigate this security risk.",Dell,Integrated Dell Remote Access Controller (idrac),5.3,MEDIUM,0.0016599999507889152,false,,false,false,false,,,false,false,,2022-01-25T23:15:00.000Z,0
CVE-2021-36299,https://securityvulnerability.io/vulnerability/CVE-2021-36299,SQL Injection Vulnerability in Dell iDRAC9 Remote Management System,"The SQL injection vulnerability in Dell iDRAC9 allows remote authenticated users with limited privileges to exploit the system. By submitting specially crafted input data, an attacker could potentially disclose sensitive information or disrupt services. This issue arises in specific versions of the iDRAC9 system, necessitating immediate attention and remediation.",Dell,Integrated Dell Remote Access Controller (idrac),7.1,HIGH,0.0008200000156648457,false,,false,false,false,,,false,false,,2021-11-23T20:15:00.000Z,0
CVE-2021-36301,https://securityvulnerability.io/vulnerability/CVE-2021-36301,Stack Buffer Overflow Vulnerability in Dell iDRAC 8 and 9 Devices,"Dell iDRAC 8 and iDRAC 9 have a security flaw that allows an authenticated remote attacker to exploit a Stack Buffer Overflow in the Racadm utility. This vulnerability could lead to unauthorized control over process execution, enabling the attacker to access the host operating system. Users with affected devices should update to the latest versions to mitigate potential risks.",Dell,Integrated Dell Remote Access Controller (idrac),5.9,MEDIUM,0.002050000010058284,false,,false,false,false,,,false,false,,2021-11-23T20:15:00.000Z,0
CVE-2021-36300,https://securityvulnerability.io/vulnerability/CVE-2021-36300,Improper Input Validation in iDRAC9 by Dell Technologies,"iDRAC9 versions before 5.00.00.00 are susceptible to an improper input validation vulnerability. This flaw allows unauthenticated remote attackers to exploit the system by sending specially crafted requests. Such exploitation could lead to the crashing of the webserver or, even more critically, the potential for information disclosure.",Dell,Integrated Dell Remote Access Controller (idrac),6.5,MEDIUM,0.004170000087469816,false,,false,false,false,,,false,false,,2021-11-23T20:15:00.000Z,0
CVE-2021-21580,https://securityvulnerability.io/vulnerability/CVE-2021-21580,Content Spoofing in Dell EMC iDRAC Products,"Dell EMC iDRAC8 and iDRAC9 versions prior to specified releases are susceptible to a vulnerability that allows attackers to inject malicious URLs. This results in content spoofing, where a malicious actor can present misleading information to users, potentially leading to phishing attacks. The attacker can manipulate the displayed text, tricking users into trusting false messages that appear legitimate. It is crucial for users of affected iDRAC versions to apply the necessary updates to safeguard against this risk.",Dell,Integrated Dell Remote Access Controller (idrac),4.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2021-08-03T16:15:00.000Z,0
CVE-2021-21576,https://securityvulnerability.io/vulnerability/CVE-2021-21576,DOM-Based Cross-Site Scripting in Dell EMC iDRAC9,"The Dell EMC iDRAC9 contains a DOM-based cross-site scripting vulnerability in versions earlier than 4.40.40.00. By exploiting this vulnerability, an attacker can deceive users into clicking on a specially crafted link, which may result in the execution of malicious HTML or JavaScript in the victim’s web browser. This can lead to unauthorized actions being performed on behalf of the user, compromising the security of the affected systems.",Dell,Integrated Dell Remote Access Controller (idrac),6.1,MEDIUM,0.0011500000255182385,false,,false,false,false,,,false,false,,2021-08-03T16:15:00.000Z,0
CVE-2021-21577,https://securityvulnerability.io/vulnerability/CVE-2021-21577,DOM-Based Cross-Site Scripting Vulnerability in Dell EMC iDRAC9,"The Dell EMC iDRAC9 versions prior to 4.40.40.00 are susceptible to a DOM-based cross-site scripting vulnerability. This flaw allows remote attackers to potentially execute malicious HTML or JavaScript in the context of the victim's browser. By manipulating victims into clicking on specially crafted links, attackers can exploit this vulnerability to compromise the integrity and confidentiality of the user's session, leading to unauthorized actions or data exposure.",Dell,Integrated Dell Remote Access Controller (idrac),6.1,MEDIUM,0.0011500000255182385,false,,false,false,false,,,false,false,,2021-08-03T16:15:00.000Z,0
CVE-2021-21578,https://securityvulnerability.io/vulnerability/CVE-2021-21578,Open Redirect Vulnerability in Dell EMC iDRAC9 Products,"Dell EMC iDRAC9 prior to version 4.40.40.00 is susceptible to an open redirect vulnerability that allows remote unauthenticated attackers to manipulate URLs. By crafting deceptive links, attackers can trick users into clicking, leading them to potentially harmful external sites, thus posing a significant threat to the security of affected systems.",Dell,Integrated Dell Remote Access Controller (idrac),6.1,MEDIUM,0.001230000052601099,false,,false,false,false,,,false,false,,2021-08-03T16:15:00.000Z,0
CVE-2021-21579,https://securityvulnerability.io/vulnerability/CVE-2021-21579,Open Redirect Vulnerability in Dell EMC iDRAC9,"The vulnerability in Dell EMC iDRAC9 allows remote, unauthenticated attackers to exploit an open redirect issue. By crafting deceptive URLs, attackers can manipulate victims into clicking seemingly benign links that lead to arbitrary web URLs, facilitating redirection to malicious content. System administrators should ensure their iDRAC9 instances are updated to version 4.40.40.00 or later to mitigate this risk.",Dell,Integrated Dell Remote Access Controller (idrac),6.1,MEDIUM,0.001230000052601099,false,,false,false,false,,,false,false,,2021-08-03T16:15:00.000Z,0
CVE-2021-21581,https://securityvulnerability.io/vulnerability/CVE-2021-21581,Cross-Site Scripting Vulnerability in Dell EMC iDRAC9,"Dell EMC iDRAC9 prior to version 5.00.00.00 is affected by a cross-site scripting vulnerability. This flaw enables remote attackers to exploit the vulnerability by crafting a malicious link that, when followed by the victim, executes harmful HTML or JavaScript within the victim's browser. This can lead to unauthorized actions in the context of the user's session.",Dell,Integrated Dell Remote Access Controller (idrac),6.5,MEDIUM,0.0011500000255182385,false,,false,false,false,,,false,false,,2021-08-03T16:15:00.000Z,0
CVE-2021-21538,https://securityvulnerability.io/vulnerability/CVE-2021-21538,Improper Authentication in Dell EMC iDRAC9,"The Dell EMC iDRAC9 has a vulnerability in versions 4.40.00.00 through prior to 4.40.10.00, which allows a remote unauthenticated attacker to exploit the system. This can lead to unauthorized access to the virtual console, posing risks to security and data integrity for affected users. It is essential for organizations using these versions to apply relevant security patches and updates to mitigate this vulnerability.",Dell,Integrated Dell Remote Access Controller (idrac),9.6,CRITICAL,0.006339999847114086,false,,false,false,false,,,false,false,,2021-07-29T16:15:00.000Z,0
CVE-2021-21539,https://securityvulnerability.io/vulnerability/CVE-2021-21539,,Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface.,Dell,Integrated Dell Remote Access Controller (idrac),5.9,MEDIUM,0.0014299999456852674,false,,false,false,false,,,false,false,,2021-04-30T21:15:00.000Z,0
CVE-2021-21541,https://securityvulnerability.io/vulnerability/CVE-2021-21541,,Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application.,Dell,Integrated Dell Remote Access Controller (idrac),6.1,MEDIUM,0.001509999972768128,false,,false,false,false,,,false,false,,2021-04-30T21:15:00.000Z,0
CVE-2021-21542,https://securityvulnerability.io/vulnerability/CVE-2021-21542,,"Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.",Dell,Integrated Dell Remote Access Controller (idrac),4.8,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2021-04-30T21:15:00.000Z,0
CVE-2021-21543,https://securityvulnerability.io/vulnerability/CVE-2021-21543,,"Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.",Dell,Integrated Dell Remote Access Controller (idrac),4.8,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2021-04-30T21:15:00.000Z,0
CVE-2021-21544,https://securityvulnerability.io/vulnerability/CVE-2021-21544,,Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user.,Dell,Integrated Dell Remote Access Controller (idrac),2.7,LOW,0.0008200000156648457,false,,false,false,false,,,false,false,,2021-04-30T21:15:00.000Z,0
CVE-2021-21540,https://securityvulnerability.io/vulnerability/CVE-2021-21540,,Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload.,Dell,Integrated Dell Remote Access Controller (idrac),5.9,MEDIUM,0.0013699999544769526,false,,false,false,false,,,false,false,,2021-04-30T21:15:00.000Z,0
CVE-2021-21510,https://securityvulnerability.io/vulnerability/CVE-2021-21510,,Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.,Dell,Integrated Dell Remote Access Controller (idrac),6.1,MEDIUM,0.001230000052601099,false,,false,false,false,,,false,false,,2021-03-08T22:15:00.000Z,0
CVE-2020-26198,https://securityvulnerability.io/vulnerability/CVE-2020-26198,,Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.,Dell,Integrated Dell Remote Access Controller (idrac),6.1,MEDIUM,0.0011500000255182385,false,,false,false,false,,,false,false,,2020-12-16T16:15:00.000Z,0
CVE-2020-5366,https://securityvulnerability.io/vulnerability/CVE-2020-5366,,Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.,Dell,Integrated Dell Remote Access Controller (idrac),7.1,HIGH,0.0021800000686198473,false,,false,false,false,,,false,false,,2020-07-09T14:15:00.000Z,0
CVE-2020-5344,https://securityvulnerability.io/vulnerability/CVE-2020-5344,,"Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.",Dell,Integrated Dell Remote Access Controller (idrac),7,HIGH,0.00937000010162592,false,,false,false,false,,,false,false,,2020-03-31T22:15:00.000Z,0
CVE-2019-3764,https://securityvulnerability.io/vulnerability/CVE-2019-3764,,"Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.",Dell,Integrated Dell Remote Access Controller (idrac),5,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2019-11-07T18:15:00.000Z,0
CVE-2015-7275,https://securityvulnerability.io/vulnerability/CVE-2015-7275,,Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.,Dell,Dell Integrated Remote Access Controller (idrac),6.1,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2017-04-10T03:00:00.000Z,0