cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-53295,https://securityvulnerability.io/vulnerability/CVE-2024-53295,Improper Access Control in Dell PowerProtect DD Products,"An improper access control vulnerability exists in Dell PowerProtect DD that could be exploited by a local attacker with limited privileges. By leveraging this flaw, the attacker may gain the ability to escalate their privileges, potentially allowing unauthorized access to sensitive functions within the affected systems. This vulnerability is present in several versions of the product, highlighting the importance of keeping systems updated and implementing strict access controls.",Dell,Powerprotect Dd,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-01T04:12:10.402Z,0
CVE-2024-51534,https://securityvulnerability.io/vulnerability/CVE-2024-51534,Path Traversal Vulnerability in Dell PowerProtect DD Software,"A path traversal vulnerability exists in Dell PowerProtect DD prior to specified versions, allowing a local user with low privileges to exploit the system. Successfully exploiting this vulnerability can lead to unauthorized overwriting of operating system files on the server's filesystem. This compromise may result in denial of service, affecting the overall performance and availability of the system. Users are advised to update their software to the latest versions to mitigate potential risks.",Dell,Powerprotect Dd,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-01T04:02:24.954Z,0
CVE-2025-21107,https://securityvulnerability.io/vulnerability/CVE-2025-21107,Unquoted Search Path Vulnerability in Dell NetWorker,"Dell NetWorker versions prior to 19.11.0.3, including all versions of 19.10 and earlier, are susceptible to an Unquoted Search Path vulnerability. This flaw allows local attackers with low privileges to exploit the system, potentially leading to unauthorized code execution. Organizations using affected versions should implement recommended updates to mitigate associated risks. For further details, refer to Dell's official security advisory.",Dell,Networker,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T09:15:51.866Z,0
CVE-2025-23374,https://securityvulnerability.io/vulnerability/CVE-2025-23374,Information Exposure Vulnerability in Dell Networking Switches Running Enterprise SONiC OS,Dell Networking Switches running earlier versions of Enterprise SONiC OS are affected by a vulnerability that allows privileged attackers to exploit remote access and potentially gain sensitive information logged by the system. This issue highlights the importance of timely updates and robust security measures to protect network infrastructure.,Dell,Enterprise Sonic Os,8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T04:14:04.226Z,0
CVE-2025-22394,https://securityvulnerability.io/vulnerability/CVE-2025-22394,Race Condition Vulnerability in Dell Display Manager Affecting Local Users,"Dell Display Manager, in versions prior to 2.3.2.18, is susceptible to a Time-of-check Time-of-use (TOCTOU) race condition. This flaw enables a low-privileged user with local access to exploit the system by potentially executing arbitrary code, which in turn may lead to privilege escalation. It is crucial for users of affected versions to apply security updates to mitigate these risks.",Dell,Dell Display Manager,7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T04:41:21.868Z,0
CVE-2025-22395,https://securityvulnerability.io/vulnerability/CVE-2025-22395,Local Privilege Escalation in Dell Update Package Framework,"The Dell Update Package Framework, prior to version 22.01.02, contains a vulnerability that allows low-privileged local attackers to exploit the system. This exploitation could lead to the execution of arbitrary remote scripts, potentially resulting in service disruptions. It highlights the importance of keeping software updated to prevent unauthorized access and mitigate the risk of attack.",Dell,Dell Update Package (dup) Framework,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-07T02:52:54.624Z,0
CVE-2024-53291,https://securityvulnerability.io/vulnerability/CVE-2024-53291,Sensitive Information Exposure in Dell NativeEdge,"Dell NativeEdge version 2.1.0.0 has been identified with a vulnerability that enables the exposure of sensitive information through its metadata. An unauthenticated remote attacker could exploit this flaw to access confidential data, highlighting a significant concern for users relying on this software. It is essential for organizations to promptly apply recommended security updates and take necessary precautions to safeguard their information.",Dell,Nativeedge,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-12-25T15:02:42.544Z,0
CVE-2024-47978,https://securityvulnerability.io/vulnerability/CVE-2024-47978,Execution with Unnecessary Privileges in Dell NativeEdge,"Dell NativeEdge version 2.1.0.0 has a vulnerability that permits local attackers with low privileges to potentially exploit the system. This flaw can lead to elevated privileges, giving unauthorized users increased access to sensitive operations within the system. It is crucial for users and administrators of Dell NativeEdge to stay informed about this vulnerability and take immediate actions as recommended by Dell's security advisory to safeguard their environments.",Dell,Nativeedge,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-25T14:57:00.389Z,0
CVE-2024-52535,https://securityvulnerability.io/vulnerability/CVE-2024-52535,Privilege Escalation Vulnerability in Dell SupportAssist Software,"Dell SupportAssist for Home PCs and Business PCs contains a vulnerability related to symbolic link attacks in the software's remediation component. This issue allows low-privileged, authenticated users to exploit the vulnerability, potentially escalating their privileges. Such exploitation may result in unauthorized deletion of files and folders from affected systems, posing significant risks to data integrity. Users are urged to update to the latest versions to mitigate potential threats and enhance security.",Dell,"Supportassist For Home Pcs,Supportassist For Business Pcs",8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-12-25T14:41:36.996Z,0
CVE-2024-51532,https://securityvulnerability.io/vulnerability/CVE-2024-51532,Argument Injection Vulnerability in Dell PowerStore Affects Data Integrity,"CVE-2024-51532 is a vulnerability identified in the Dell PowerStore that stems from improper neutralization of argument delimiters in command processing, also known as Argument Injection. This issue allows a low privileged attacker with local access to exploit the vulnerability, potentially leading to unauthorized modification of arbitrary system files. Such an attack could compromise the integrity and availability of the affected PowerStore systems, making it critical for users to understand the implications and apply necessary security updates as stated in Dell's advisory.",Dell,Powerstore,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T01:40:17.525Z,0
CVE-2024-47480,https://securityvulnerability.io/vulnerability/CVE-2024-47480,Improper Link Resolution Issue in Dell Inventory Collector Client,"The vulnerability identified as CVE-2024-47480 affects Dell Inventory Collector Client versions prior to 12.7.0 and stems from an Improper Link Resolution Before File Access. This security flaw can be exploited by low-privilege attackers who have local access to the system. If successfully exploited, it may lead to Elevation of Privileges, granting unauthorized access to the file system, thereby compromising the integrity and confidentiality of sensitive data. To mitigate this vulnerability, it is crucial for users to update their Dell Inventory Collector Client to version 12.7.0 or later, as outlined in Dell's advisory.",Dell,Inventory Collector,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-18T03:15:00.000Z,0
CVE-2024-28980,https://securityvulnerability.io/vulnerability/CVE-2024-28980,Cryptographic Algorithm Vulnerability in Dell RecoverPoint for VMs,"Dell RecoverPoint for VMs versions 6.0.x are susceptible to a vulnerability involving the use of a broken cryptographic algorithm within SSH. This flaw may allow unauthenticated attackers with remote access the potential to exploit the system, leading to remote code execution. System administrators are urged to consult Dell's security advisory and implement necessary updates to mitigate associated risks.",Dell,Recoverpoint For Virtual Machines,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-13T14:20:15.834Z,0
CVE-2024-38488,https://securityvulnerability.io/vulnerability/CVE-2024-38488,Improper Authentication Vulnerability in Dell RecoverPoint for Virtual Machines,"Dell RecoverPoint for Virtual Machines 6.0.x contains an improper restriction of excessive authentication vulnerability. This flaw allows a network attacker to potentially exploit the RecoverPoint login form through automated brute force or dictionary attacks on valid user passwords, which could lead to a complete system compromise. It is critical for users to apply necessary updates and security measures to protect against such vulnerabilities.",Dell,Recoverpoint For Virtual Machines,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-13T14:06:25.845Z,0
CVE-2024-48007,https://securityvulnerability.io/vulnerability/CVE-2024-48007,Hard-Coded Credentials Vulnerability in Dell RecoverPoint for Virtual Machines,"Dell RecoverPoint for Virtual Machines 6.0.x is vulnerable to unauthorized access due to hard-coded credentials. This flaw allows a remote attacker, who has access to the source code, to retrieve sensitive secrets easily. Once exploited, this can lead to unauthorized access to the system and sensitive data, raising significant security concerns for the affected users.",Dell,Recoverpoint For Virtual Machines,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-13T14:00:56.270Z,0
CVE-2024-22461,https://securityvulnerability.io/vulnerability/CVE-2024-22461,Dell RecoverPoint for Virtual Machines Vulnerability - root access risk,"An OS command injection vulnerability has been identified in Dell RecoverPoint for Virtual Machines 6.0.x, which allows low-privileged remote attackers to execute arbitrary commands on the system. This flaw could be exploited to gain root-level access, leading to a total compromise of the system. The exploitation of this vulnerability presents significant risks, emphasizing the need for timely patches and security measures to protect critical infrastructure.",Dell,Recoverpoint For Virtual Machines,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-13T13:25:25.661Z,0
CVE-2024-53289,https://securityvulnerability.io/vulnerability/CVE-2024-53289,Dell ThinOS Race Condition Vulnerability Could Lead to Elevated Privileges,"A race condition vulnerability exists in Dell ThinOS version 2408, where a low privileged local attacker could exploit a Time-of-Check Time-of-Use (TOCTOU) flaw. This weakness may enable the attacker to escalate privileges, allowing them to perform unauthorized actions within the system. Proper mitigation strategies are essential to prevent such exploits and protect system integrity.",Dell,Thinos,7,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-11T08:15:00.000Z,0
CVE-2024-53290,https://securityvulnerability.io/vulnerability/CVE-2024-53290,Dell ThinOS Command Injection Vulnerability Leads to Unauthorized Command Execution,"A vulnerability exists in Dell ThinOS version 2408 that allows an unauthenticated attacker with local access to execute arbitrary commands through improper neutralization of special command elements, potentially compromising system integrity and security.",Dell,Thinos,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-11T08:15:00.000Z,0
CVE-2024-47977,https://securityvulnerability.io/vulnerability/CVE-2024-47977,Avamar SQL Injection Vulnerability Could Lead to Command Execution,"Dell Avamar versions 19.x are susceptible to an SQL injection vulnerability that allows low privileged attackers with remote access to exploit the system. This weakness arises from improper neutralization of special elements utilized in SQL commands. Successful exploitation could facilitate command execution, potentially compromising the integrity and security of the data managed by Avamar. Users are advised to apply available security updates to mitigate the risk associated with this vulnerability.",Dell,Avamar,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T10:26:54.861Z,0
CVE-2024-47484,https://securityvulnerability.io/vulnerability/CVE-2024-47484,Dell Avamar SQL Injection Vulnerability,"The vulnerability in Dell Avamar's 19.x versions involves improper neutralization of input elements used in SQL commands, commonly referred to as SQL injection. An attacker lacking authentication can exploit this vulnerability remotely, potentially enabling them to execute arbitrary commands on the affected system. This issue necessitates immediate attention to safeguard against unauthorized access and command execution risks.",Dell,Avamar,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T10:21:56.484Z,0
CVE-2024-52538,https://securityvulnerability.io/vulnerability/CVE-2024-52538,Dell Avamar SQL Injection Vulnerability Affects Server Data Security,"The vulnerability in Dell Avamar versions 19.x involves an improper neutralization of special elements utilized in SQL commands, leading to potential SQL injection attacks. An attacker with low privileges and remote access may exploit this vulnerability, enabling unauthorized script injection and further manipulation of the application. Organizations using affected versions of Dell Avamar should apply relevant security updates promptly to mitigate potential risks associated with this vulnerability.",Dell,Avamar,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T10:16:04.791Z,0
CVE-2024-37143,https://securityvulnerability.io/vulnerability/CVE-2024-37143,Dell PowerFlex Appliance Vulnerable to Improper Link Resolution Before File Access,"The identified vulnerability involves improper link resolution prior to file access in various Dell products, including Dell PowerFlex, InsightIQ, and Data Lakehouse. This flaw allows an unauthenticated attacker with remote access to potentially exploit the system, enabling them to execute arbitrary code. Affected versions of the products include several iterations of the PowerFlex appliance and rack, PowerFlex Manager, InsightIQ and Data Lakehouse, highlighting the significance of timely updates to mitigate potential risks associated with this vulnerability.",Dell,"Dell Powerflex Appliance,Dell Powerflex Rack,Dell Powerflex Custom Node,Dell Insightiq,Dell Data Lakehouse",10,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T02:25:33.225Z,0
CVE-2024-37144,https://securityvulnerability.io/vulnerability/CVE-2024-37144,Dell PowerFlex Appliance and Rack Versions vulnerable to Information Disclosure,"The vulnerability in Dell PowerFlex appliances, including certain rack versions and related software products, arises from insecure storage of sensitive information. A privileged attacker with local access could exploit this weakness, potentially leading to unauthorized information disclosure. This exposure might enable the attacker to gain access to critical components within the cluster, which raises serious security concerns. Organizations utilizing affected versions are advised to upgrade to the latest releases to mitigate risks associated with this vulnerability.",Dell,"Dell Powerflex Appliance,Dell Powerflex Rack,Dell Powerflex Custom Node,Dell Insightiq,Dell Data Lakehouse",8.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T02:11:13.298Z,0
CVE-2024-45761,https://securityvulnerability.io/vulnerability/CVE-2024-45761,Improper Input Validation in Dell OpenManage Server Administrator,"Dell OpenManage Server Administrator versions 11.0.1.0 and earlier exhibit a vulnerability related to improper input validation. This allows a remote, low-privileged attacker to exploit the flaw by loading malicious web plugins or Java classes, potentially compromising the integrity of applications or the operating system. Exploitation may also lead to a Denial of Service condition, affecting the availability of the server management functionalities.",Dell,OpenManage Server Administrator,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-09T17:15:00.000Z,0
CVE-2024-45760,https://securityvulnerability.io/vulnerability/CVE-2024-45760,Improper Access Control in Dell OpenManage Server Administrator,"Dell OpenManage Server Administrator versions prior to 11.0.1.0 exhibit an improper access control vulnerability. This issue allows a remote user with low privileges to leverage the HTTP GET method, potentially performing unauthorized actions with escalated privileges on the system. It's crucial for users to review their deployment and apply the necessary updates to mitigate the risks associated with this vulnerability.",Dell,OpenManage Server Administrator,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-09T17:15:00.000Z,0
CVE-2024-49600,https://securityvulnerability.io/vulnerability/CVE-2024-49600,Improper Access Control in Dell Power Manager,"Dell Power Manager has an improper access control vulnerability that can be exploited by a low privileged attacker with local access. This security flaw could allow unauthorized code execution and enable the attacker to elevate their privileges within the system. As a result, it poses significant risks to system integrity and data protection for users reliant on this software.",Dell,Power Manager,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-09T15:15:00.000Z,0