Page 168 of 1115 results (0.004 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-5385

https://notcve.org/view.php?id=CVE-2020-5385

Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link. Dell Encryption versiones anteriores a 10.8 y Dell Endpoint Security Suite versiones anteriores a 2.8, contienen una vulnerabilidad de escalada de privilegios debido a una corrección incompleta para el CVE-2020-5358. Un usuario malicioso local con pocos privilegios podría explotar esta vulnerabilidad para alcanzar privilegios elevados en el sistema afectado con la ayuda de un enlace simbólico. • https://www.dell.com/support/article/SLN322456 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.1EPSS: 44%CPEs: 1EXPL: 3

CVE-2020-5377 – Dell OpenManage Server Administrator 9.4.0.0 - Arbitrary File Read

https://notcve.org/view.php?id=CVE-2020-5377

Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station. Dell EMC OpenManage Server Administrator (OMSA) versiones 9.4 y anteriores, contienen múltiples vulnerabilidades de salto de ruta. Un atacante remoto no autenticado podría explotar potencialmente estas vulnerabilidades mediante el envío de una petición Web API diseñada que contenga secuencias de caracteres de salto de directorio para conseguir acceso al sistema de archivos en la estación de administración comprometida • https://www.exploit-db.com/exploits/49750 https://github.com/N3rdyN3xus/CVE-2020-5377 http://packetstormsecurity.com/files/162110/Dell-OpenManage-Server-Administrator-9.4.0.0-File-Read.html https://www.dell.com/support/article/en-us/sln322304/dsa-2020-172-dell-emc-openmanage-server-administrator-omsa-path-traversal-vulnerability?lang=en • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-5374

https://notcve.org/view.php?id=CVE-2020-5374

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker may exploit this vulnerability to gain access to the appliance data for remotely managed devices. Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) para SCCM y SCVMM versiones anteriores a 7.2.1, contiene una vulnerabilidad de clave embebida. Un atacante remoto no autenticado puede explotar esta vulnerabilidad para conseguir acceso a los datos del dispositivo para dispositivos administrados remotamente • https://www.dell.com/support/article/en-us/sln322169/dsa-2020-163-dell-emc-openmanage-integration-for-microsoft-system-center-multiple-vulnerabilities?lang=en • CWE-256: Plaintext Storage of a Password CWE-798: Use of Hard-coded Credentials •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-5373

https://notcve.org/view.php?id=CVE-2020-5373

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device. Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) para SCCM y SCVMM versiones anteriores a 7.2.1, contiene una vulnerabilidad de autenticación inapropiada. Un atacante remoto no autenticado puede explotar esta vulnerabilidad para recuperar los datos de inventario del sistema del dispositivo administrado • https://www.dell.com/support/article/en-us/sln322169/dsa-2020-163-dell-emc-openmanage-integration-for-microsoft-system-center-multiple-vulnerabilities?lang=en • CWE-306: Missing Authentication for Critical Function •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-5366

https://notcve.org/view.php?id=CVE-2020-5366

Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files. Dell EMC iDRAC9 versiones anteriores a 4.20.20.20, contienen una vulnerabilidad de Salto de Ruta. Un usuario malicioso autenticado remoto con pocos privilegios podría explotar esta vulnerabilidad al manipular los parámetros de entrada para conseguir acceso de lectura no autorizado a los archivos arbitrarios • https://www.dell.com/support/article/en-us/sln322125/dsa-2020-128-idrac-local-file-inclusion-vulnerability?lang=en • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •