CVE-2024-32853
https://notcve.org/view.php?id=CVE-2024-32853
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. Dell PowerScale OneFS versiones 8.2.2.x a 9.7.0.2 contienen una vulnerabilidad de ejecución con privilegios innecesarios. Un atacante local con pocos privilegios podría explotar esta vulnerabilidad, lo que provocaría una escalada de privilegios. • https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-250: Execution with Unnecessary Privileges •
CVE-2024-32852
https://notcve.org/view.php?id=CVE-2024-32852
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographic algorithm vulnerability. An unprivileged network malicious attacker could potentially exploit this vulnerability, leading to data leaks. Dell PowerScale OneFS versiones 8.2.2.x a 9.7.0.0 contienen el uso de una vulnerabilidad de algoritmo criptográfico roto o riesgoso. Un atacante malicioso de red sin privilegios podría explotar esta vulnerabilidad y provocar fugas de datos. • https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2024-0158
https://notcve.org/view.php?id=CVE-2024-0158
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges Dell BIOS contiene una vulnerabilidad de validación de entrada incorrecta. Un usuario malicioso local autenticado con privilegios de administrador podría explotar esta vulnerabilidad para modificar una variable UEFI, lo que provocaría una denegación de servicio y una escalada de privilegios. • https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability • CWE-20: Improper Input Validation •
CVE-2024-25943
https://notcve.org/view.php?id=CVE-2024-25943
iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application. iDRAC9, versiones anteriores a 7.00.00.172 para la 14.ª generación y 7.10.50.00 para las 15.ª y 16.ª generación, contiene una vulnerabilidad de secuestro de sesión en IPMI. Un atacante remoto podría explotar esta vulnerabilidad, lo que provocaría la ejecución de código arbitrario en la aplicación vulnerable. • https://www.dell.com/support/kbdoc/en-us/000226503/dsa-2024-099-security-update-for-dell-idrac9-ipmi-session-vulnerability • CWE-330: Use of Insufficiently Random Values •
CVE-2024-37137
https://notcve.org/view.php?id=CVE-2024-37137
Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information disclosure. • https://www.dell.com/support/kbdoc/en-us/000226476/dsa-2024-294-security-update-for-dell-cloudlink-vulnerability • CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation •