CVE-2021-21529
https://notcve.org/view.php?id=CVE-2021-21529
Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to cause the system to run out of memory by running multiple instances of the vulnerable application. Dell System Update (DSU) versiones 1.9 y anteriores, contienen una vulnerabilidad de denegación de servicio. Un usuario malicioso local autenticado poco privilegiado puede explotar esta vulnerabilidad para causar que el sistema se quede sin memoria al ejecutar múltiples instancias de la aplicación vulnerable. • https://www.dell.com/support/kbdoc/en-us/000184608/dsa-2021-059-dell-emc-system-update-dsu-security-update-for-denial-of-service-vulnerability • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-21518
https://notcve.org/view.php?id=CVE-2021-21518
Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges. Dell SupportAssist Client for Consumer PCs versiones 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versiones 2.0.x, 2.1.x, 2.2.x y Dell SupportAssist Client ProManage versión 1.x, contienen una vulnerabilidad de inyección DLL en el plugin Costura Fody. Un usuario local poco privilegiado podría explotar esta vulnerabilidad, conllevando a una ejecución de un ejecutable arbitrario en el sistema operativo con privilegios SYSTEM • https://www.dell.com/support/kbdoc/en-us/000184012/dsa-2021-052-dell-supportassist-for-home-pcs-business-pcs-security-update-for-pc-doctor-plugin-vulnerability • CWE-427: Uncontrolled Search Path Element •
CVE-2021-21510
https://notcve.org/view.php?id=CVE-2021-21510
Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections. Dell iDRAC8 versiones anteriores a 2.75.100.75, contienen una vulnerabilidad de inyección de encabezado host. Un atacante remoto no autenticado podría explotar esta vulnerabilidad inyectando valores de encabezado "Host" arbitrarios para envenenar una caché web o desencadenar redireccionamientos • https://www.dell.com/support/kbdoc/en-us/000183758/dsa-2021-041-dell-emc-idrac-8-security-update-for-a-host-header-injection-vulnerability • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2021-21506
https://notcve.org/view.php?id=CVE-2021-21506
PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISI_PRIV_SYS_SUPPORT and ISI_PRIV_LOGIN_PAPI privileges could potentially exploit this vulnerability, leading to potential privileges escalation. PowerScale OneFS versiones 8.1.2, 8.2.2 y 9.1.0, contiene un problema de saneamiento de entrada inapropiado en su controlador de API. Un usuario sin autorización con privilegios ISI_PRIV_SYS_SUPPORT e ISI_PRIV_LOGIN_PAPI podría explotar esta vulnerabilidad, conllevando una posible escalada de privilegios • https://www.dell.com/support/kbdoc/000183717 • CWE-20: Improper Input Validation •
CVE-2021-21503
https://notcve.org/view.php?id=CVE-2021-21503
PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation. PowerScale OneFS versiones 8.1.2, 8.2.2 y 9.1.0, contiene un problema de saneamiento de entrada inapropiado en un comando. El usuario de Compadmin podría aprovechar esta vulnerabilidad, conllevando a una posible escalada de privilegios • https://www.dell.com/support/kbdoc/000183717 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •