Security
Headlines
HeadlinesLatestCVEs

Tag

#dell

CVE-2020-26185

Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.

CVE
Open in Source
#vulnerability#dell
CVE-2022-29082: DSA-2022-103: Dell EMC NetWorker Security Update for Multiple Vulnerabilities

Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates.

CVE-2022-29091: DSA-2022-138: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for a Cross-Site Scripting Vulnerability

Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CVE-2022-24414: DSA-2022-064: Dell EMC CloudLink Security Update for Security Vulnerabilities

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks.

CVE-2022-24417: DSA-2022-095: Dell Client Platform Security Update for SMM Vulnerabilities

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

CVE-2022-26865: DSA-2022-102: Dell Client SupportAssist OS Recovery Security Update for an Authentication Bypass Vulnerability

Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator.

CVE-2022-26857: DSA-2022-077: Dell OpenManage Enterprise Security Update for an Authorization Bypass Vulnerability

Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions.

CVE-2022-24422: DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.

Exploit Persistent XSS And Unsanitized Injection Vectors For Layer 2 Bypass And COOLHANDLUKE Protocol Creation

This whitepaper demonstrates leveraging cross site scripting and polyglot exploitation in an exploit called COOLHANDLUKE to violate network segmentation / layer 2 VLAN policies while routing and sending a file between isolated, air gapped networks without a router. This issue affects HPE Procurve, Aruba Networks, Cisco, Dell, and Netgear products.

Valeo Networks Acquires Next I.T.

Next I.T. is the sixth and largest acquisition to date for Valeo Networks.