cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-21107,https://securityvulnerability.io/vulnerability/CVE-2025-21107,Unquoted Search Path Vulnerability in Dell NetWorker,"Dell NetWorker versions prior to 19.11.0.3, including all versions of 19.10 and earlier, are susceptible to an Unquoted Search Path vulnerability. This flaw allows local attackers with low privileges to exploit the system, potentially leading to unauthorized code execution. Organizations using affected versions should implement recommended updates to mitigate associated risks. For further details, refer to Dell's official security advisory.",Dell,Networker,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T09:15:51.866Z,0
CVE-2024-42422,https://securityvulnerability.io/vulnerability/CVE-2024-42422,Dell NetWorker Vulnerability Could Lead to Information Disclosure,"An authorization bypass vulnerability in Dell NetWorker, specifically in version 19.10, allows unauthenticated remote attackers to exploit user-controlled keys. Successful exploitation could lead to unauthorized access and potential information disclosure, posing significant risks for data integrity and confidentiality. Organizations using this software should immediately evaluate their security posture and apply necessary updates to mitigate this vulnerability.",Dell,Networker,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-12-03T12:15:28.497Z,0
CVE-2024-47476,https://securityvulnerability.io/vulnerability/CVE-2024-47476,Un authenticated attacker could execute code with local access,"The vulnerability in Dell NetWorker Management Console versions 19.11 arises from an improper verification of cryptographic signatures. This security flaw may enable an unauthenticated local attacker to exploit the system, potentially leading to unauthorized code execution. Proper verification mechanisms are essential to safeguarding systems against such vulnerabilities.",Dell,Networker Management Console,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-03T09:59:07.362Z,0
CVE-2024-25949,https://securityvulnerability.io/vulnerability/CVE-2024-25949,Improper Authorization in Dell OS10 Networking Switches,"Dell OS10 Networking Switches are affected by an improper authorization vulnerability, which allows a remote authenticated attacker to exploit the system. This flaw can potentially lead to privilege escalation, granting the attacker unauthorized access and control over the affected networking devices. The vulnerability is present in several versions of the OS10 Networking Switches, underscoring the importance of timely updates and patches to mitigate risk.",Dell,Networking Os10,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-06-12T13:15:00.000Z,0
CVE-2024-22432,https://securityvulnerability.io/vulnerability/CVE-2024-22432,Plain-text Password Vulnerability in Dell Networker Products,"The Dell Networker software, specifically version 19.9 and earlier, has a security vulnerability that involves the storage of user passwords in plain-text format within temporary configuration files during the backup process of MySQL databases. This design flaw grants users with low privilege access the potential to exploit this weakness. By leveraging their access, attackers could gain visibility into sensitive MySQL database user credentials, which may lead to unauthorized access to the associated application database. The implications of this weakness underscore the importance of secure credential management and safeguarding database access.",Dell,Networker Module For Databases And Applications - Oracle,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-01-25T14:53:01.205Z,0
CVE-2023-28053,https://securityvulnerability.io/vulnerability/CVE-2023-28053,Cryptographic Weakness in Dell NetWorker Virtual Edition,"Dell NetWorker Virtual Edition versions up to 19.8 are susceptible to a cryptographic vulnerability due to the use of outdated algorithms in the SSH component. This flaw allows a remote, unauthenticated attacker to potentially exploit the system, which may result in the exposure of sensitive information. To mitigate these risks, it is essential for users to upgrade to the latest version and implement best security practices.",Dell,NetWorker Virtual Edition,5.3,MEDIUM,0.0011099999537691474,false,,false,false,false,,,false,false,,2023-12-18T12:15:00.000Z,0
CVE-2023-39248,https://securityvulnerability.io/vulnerability/CVE-2023-39248,Uncontrolled Resource Consumption Vulnerability in Dell OS10 Networking Switches,"Dell OS10 Networking Switches, specifically versions 10.5.2.x and above, are vulnerable to an Uncontrolled Resource Consumption flaw that can lead to Denial of Service when utilizing Virtual Link Trunking (VLT) and Virtual Router Redundancy Protocol (VRRP). This vulnerability enables a remote unauthenticated user to flood the network, effectively disrupting service for legitimate users. It is crucial for organizations using these switches to implement recommended security updates promptly to mitigate potential outages.",Dell,Dell Networking OS10,7.5,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2023-12-05T06:15:00.000Z,0
CVE-2023-28055,https://securityvulnerability.io/vulnerability/CVE-2023-28055,Improper Authorization Vulnerability in Dell NetWorker Client by Dell,"Dell NetWorker contains an improper authorization vulnerability within its client. An unauthenticated attacker on the same network could exploit this weakness by manipulating commands, which may grant them complete access to server files. This could lead to information leaks, a denial of service, and the potential for arbitrary code execution on the affected system. Dell urges customers to upgrade to a secure version promptly to mitigate these risks.",Dell,Networker,8.8,HIGH,0.0005499999970197678,false,,false,false,false,,,false,false,,2023-09-27T15:18:00.000Z,0
CVE-2023-25539,https://securityvulnerability.io/vulnerability/CVE-2023-25539,OS Command Injection Vulnerability in Dell NetWorker Software,"Dell NetWorker version 19.6.1.2 is vulnerable to an OS command injection flaw in the NetWorker client. This security issue allows remote unauthenticated attackers to execute arbitrary OS commands on the underlying system with the same privileges as the application. As a result, an attacker could gain complete control of the affected system. To mitigate this risk, Dell recommends that customers upgrade to a secure version as soon as possible.",Dell,NetWorker NVE,9.8,CRITICAL,0.0027099999133497477,false,,false,false,false,,,false,false,,2023-05-31T05:15:00.000Z,0
CVE-2023-24568,https://securityvulnerability.io/vulnerability/CVE-2023-24568,Improper Certificate Validation in Dell NetWorker Affecting RabbitMQ,"Dell NetWorker presents a vulnerability related to the RabbitMQ port, featuring improper validation of certificates which could prevent the successful replacement of CA-signed certificates. This issue could expose systems to potential security threats if not addressed. For more details and mitigation strategies, visit the vendor advisory. ",Dell,NetWorker,4.3,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2023-05-30T16:15:00.000Z,0
CVE-2023-25544,https://securityvulnerability.io/vulnerability/CVE-2023-25544,Apache Tomcat Version Disclosure Vulnerability in Dell NetWorker,"Dell NetWorker versions 19.5 and earlier exhibit a vulnerability related to version disclosure of Apache Tomcat. This flaw allows users with remote access to the NetWorker clients to potentially exploit the weakness, leading to targeted attacks specific to the disclosed version. Awareness of this vulnerability is crucial for system administrators and security professionals to safeguard their environments and mitigate risks associated with unauthorized access.",Dell,"Dell NetWorker, NVE",6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2023-03-01T15:15:00.000Z,0
CVE-2023-24567,https://securityvulnerability.io/vulnerability/CVE-2023-24567,Version Disclosure Vulnerability in Dell NetWorker Software,"The vulnerability found in Dell NetWorker allows a user with remote access to the NetWorker clients to obtain sensitive version information of the RabbitMQ component. This may enable attackers to tailor their exploits against specific targets, potentially compromising system integrity and leading to unauthorized access. Organizations utilizing affected versions should take immediate steps to apply security updates and mitigate risks associated with this vulnerability.",Dell,"Dell NetWorker, NVE",6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2023-03-01T15:15:00.000Z,0
CVE-2023-24576,https://securityvulnerability.io/vulnerability/CVE-2023-24576,Unauthenticated Remote Code Execution Vulnerability in EMC NetWorker,"EMC NetWorker is potentially exposed to a vulnerability that allows for unauthenticated remote code execution via the NetWorker Client execution service (nsrexecd). This issue enables an attacker to execute arbitrary code on the affected system without requiring authentication, posing a significant threat to the security of the network and data integrity.",Dell,"NetWorker, NVE",9.8,CRITICAL,0.007060000207275152,false,,false,false,false,,,false,false,,2023-02-03T19:15:00.000Z,0
CVE-2022-34424,https://securityvulnerability.io/vulnerability/CVE-2022-34424,Networking Operating System Vulnerability in Dell EMC SmartFabric,"Dell EMC SmartFabric OS10, specifically versions 10.5.1.x, 10.5.2.x, and 10.5.3.x, contains a vulnerability that can be exploited by an attacker to initiate a system crash through targeted security scans. This exposure necessitates immediate attention to ensure the stability and security of the network environment. Proper updates and security measures should be implemented to mitigate potential risks associated with this vulnerability.",Dell,Dell Networking Os10,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-09-28T21:15:00.000Z,0
CVE-2022-34394,https://securityvulnerability.io/vulnerability/CVE-2022-34394,Improper Certificate Validation in Dell Networking OS10 Support Assist,"Dell Networking OS10, specifically version 10.5.3.4, is susceptible to an improper certificate validation issue within its Support Assist feature. This vulnerability presents an opportunity for remote unauthenticated attackers to exploit, possibly compromising limited switch configuration data. Attackers may leverage this flaw to execute man-in-the-middle attacks, thereby gaining unauthorized access to sensitive Support Assist information. It’s vital for users of affected versions to implement mitigations and stay updated with security patches.",Dell,Dell Networking Os10,3.7,LOW,0.001500000013038516,false,,false,false,false,,,false,false,,2022-09-28T21:15:00.000Z,0
CVE-2022-29089,https://securityvulnerability.io/vulnerability/CVE-2022-29089,Information Disclosure in Dell Networking OS10 with Smart Fabric Services,"Dell Networking OS10 versions released prior to October 2021, specifically those with Smart Fabric Services enabled, are exposed to an information disclosure risk. An attacker, without authentication, could leverage this vulnerability to reverse engineer and extract sensitive information, gaining unauthorized access to the REST API with administrative privileges. This poses significant risks to the confidentiality and integrity of network configurations and operations.",Dell,Dell Networking Os10,6.4,MEDIUM,0.0012600000482052565,false,,false,false,false,,,false,false,,2022-09-28T21:15:00.000Z,0
CVE-2022-34368,https://securityvulnerability.io/vulnerability/CVE-2022-34368,Improper Handling of Permissions in Dell EMC NetWorker,"Dell EMC NetWorker versions 19.2.1.x through 19.7.0.0 are susceptible to a vulnerability that allows authenticated non-administrative users to exploit insufficient permissions. This can enable unauthorized access to restricted resources, potentially leading to significant security risks. Users of the affected NetWorker versions are advised to apply the necessary updates to mitigate these risks.",Dell,Networker Management Console,6.1,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-08-30T21:15:00.000Z,0
CVE-2022-29082,https://securityvulnerability.io/vulnerability/CVE-2022-29082,Improper Certificate Validation in Dell EMC NetWorker Affecting Multiple Versions,"Dell EMC NetWorker versions listed are susceptible to a vulnerability that arises from improper validation of certificates with host mismatches on RabbitMQ's port 5671. This weakness can enable remote attackers to execute spoofing attacks by presenting fraudulent certificates, potentially leading to unauthorized access or data manipulation. Organizations using affected versions must assess their systems' security posture and apply the recommended patches to mitigate this vulnerability.",Dell,Networker,3.7,LOW,0.0007900000200606883,false,,false,false,false,,,false,false,,2022-05-26T16:15:00.000Z,0
CVE-2021-36311,https://securityvulnerability.io/vulnerability/CVE-2021-36311,Improper Authorization in Dell EMC Networker Affects Local User Security,"Dell EMC Networker versions prior to 19.5 feature a vulnerability that allows a local user with networker user privileges to exploit improper authorization. This security flaw permits the malicious user to upload files to unauthorized locations within the system, potentially leading to execution of harmful files. Organizations utilizing affected versions should implement necessary security measures and update to the latest version to mitigate the risk.",Dell,Networker,6,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-11-23T20:15:00.000Z,0
CVE-2021-36319,https://securityvulnerability.io/vulnerability/CVE-2021-36319,Information Exposure in Dell Networking OS10 Affecting Authentication Messages,"Dell Networking OS10 includes a vulnerability that allows low-privileged authenticated users to exploit access to SNMP authentication failure messages. This information exposure can lead to unauthorized insights about network configurations and security measures, potentially positioning attackers to enhance their malicious strategies.",Dell,Dell Networking Os10,3.3,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-11-20T02:15:00.000Z,0
CVE-2021-36307,https://securityvulnerability.io/vulnerability/CVE-2021-36307,Privilege Escalation Vulnerability in Networking OS10 by Dell,"The Networking OS10 platform by Dell features a security flaw related to the RESTCONF API, allowing low privileged users with specific access rights to escalate their privileges. This situation compromises the system by giving these users the ability to perform actions reserved for administrators. The vulnerability lies in versions of the software released before October 2021, highlighting the importance of regular updates and monitoring of API access controls to safeguard against potential exploit attempts.",Dell,Networking Os,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2021-11-20T02:15:00.000Z,0
CVE-2021-36308,https://securityvulnerability.io/vulnerability/CVE-2021-36308,Authentication Bypass in Networking OS10 by Dell,"A vulnerability exists in Dell's Networking OS10, specifically in versions prior to October 2021 with Smart Fabric Services enabled. An unauthenticated remote attacker can exploit this weakness to gain unauthorized access to the system, potentially leading to unauthorized actions and compromise of the affected network configuration.",Dell,Networking Os,5.9,MEDIUM,0.006149999797344208,false,,false,false,false,,,false,false,,2021-11-20T02:15:00.000Z,0
CVE-2021-36321,https://securityvulnerability.io/vulnerability/CVE-2021-36321,Improper Input Validation in Dell Networking X-Series Firmware,"Dell Networking X-Series firmware versions prior to 3.0.1.8 are affected by a vulnerability that arises from improper input validation. This flaw allows a remote attacker, who does not require authentication, to exploit the vulnerability by sending specially crafted data, potentially leading to a denial of service condition. Users are advised to upgrade to the latest firmware versions to mitigate this risk.",Dell,Networking X-series,7.5,HIGH,0.0017900000093504786,false,,false,false,false,,,false,false,,2021-11-20T02:15:00.000Z,0
CVE-2021-36322,https://securityvulnerability.io/vulnerability/CVE-2021-36322,Host Header Injection Vulnerability in Dell Networking X-Series Firmware,"The Dell Networking X-Series firmware before version 3.0.1.8 is susceptible to a host header injection vulnerability. This allows remote unauthenticated attackers to inject arbitrary host header values, potentially compromising web cache integrity and leading to unintended redirections. Such vulnerabilities can significantly impact a network's security posture by enabling attackers to manipulate cached content and control user sessions.",Dell,Networking X-series,6.1,MEDIUM,0.001230000052601099,false,,false,false,false,,,false,false,,2021-11-20T02:15:00.000Z,0
CVE-2021-36306,https://securityvulnerability.io/vulnerability/CVE-2021-36306,Authentication Bypass in Dell Networking OS10 with RESTCONF API,"Dell Networking OS10, specifically versions released before October 2021, is susceptible to an authentication bypass vulnerability when the RESTCONF API is enabled. This flaw allows remote, unauthenticated attackers to exploit the system, gaining unauthorized access to perform various actions. It is crucial for organizations to review their deployments and implement necessary updates to mitigate this risk and enhance overall network security.",Dell,Networking Os,8.1,HIGH,0.006149999797344208,false,,false,false,false,,,false,false,,2021-11-20T02:15:00.000Z,0