CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2020-29493
https://notcve.org/view.php?id=CVE-2020-29493
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity. DELL EMC Avamar Server, versiones 19.1, 19.2, 19.3, contienen una vulnerabilidad de inyección SQL en Fitness Analyzer. • https://www.dell.com/support/kbdoc/en-us/000181806/dsa-2020-272-dell-emc-avamar-server-security-update-for-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26186
https://notcve.org/view.php?id=CVE-2020-26186
Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM). Dell Inspiron 5675 BIOS versiones anteriores a 1.4.1, contienen una vulnerabilidad de sobrescritura de UEFI BIOS RuntimeServices. Un atacante local con acceso a una memoria del sistema puede explotar esta vulnerabilidad al sobrescribir la estructura de RuntimeServices para ejecutar código arbitrario en System Management Mode (SMM) • https://www.dell.com/support/kbdoc/en-us/000180645/dsa-2020-247-dell-client-platform-security-update-for-uefi-bios-runtimeservices-overwrite-vulnerability • CWE-642: External Control of Critical State Data CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35170
https://notcve.org/view.php?id=CVE-2020-35170
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users’ sessions. Dell EMC Unisphere para PowerMax versiones anteriores a 9.1.0.9, Dell EMC Unisphere para PowerMax versiones anteriores a 9.0.2.16 y Dell EMC PowerMax OS versiones 5978.221.221 y 5978.479.479, contienen una vulnerabilidad de tipo Cross-Site Scripting (XSS). Un usuario malicioso autenticado puede potencialmente explotar esta vulnerabilidad para inyectar código javascript y afectar las sesiones de otros usuarios autenticados • https://www.dell.com/support/kbdoc/000181212 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-29502
https://notcve.org/view.php?id=CVE-2020-29502
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Dell EMC PowerStore versiones anteriores a 1.0.3.0.5.007, contienen una vulnerabilidad de Almacenamiento de Contraseña de Texto Plano en entornos PowerStore X & T. Un atacante autenticado localmente podría potencialmente explotar esta vulnerabilidad, conllevando a la divulgación de determinadas credenciales de usuario. • https://www.dell.com/support/kbdoc/000180775 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2020-29501
https://notcve.org/view.php?id=CVE-2020-29501
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Dell EMC PowerStore versiones anteriores a 1.0.3.0.5.007, contienen una vulnerabilidad de Almacenamiento de Contraseña de Texto Plano en entornos PowerStore X & T. Un atacante autenticado localmente podría potencialmente explotar esta vulnerabilidad, conllevando a la divulgación de determinadas credenciales de usuario. • https://www.dell.com/support/kbdoc/000180775 • CWE-312: Cleartext Storage of Sensitive Information •