CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3750
https://notcve.org/view.php?id=CVE-2019-3750
Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly. Dell Command Update versiones anteriores a 3.1, contienen una Vulnerabilidad de Eliminación Arbitraria de Archivos. Un usuario malicioso autenticado local con bajos privilegios podría explotar esta vulnerabilidad para suprimir archivos arbitrarios al crear un enlace simbólico desde el archivo "Temp\IC\ICDebugLog.txt" hacia cualquier archivo apuntado. • https://www.dell.com/support/article/SLN319697 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-427: Uncontrolled Search Path Element •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3749
https://notcve.org/view.php?id=CVE-2019-3749
Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly. Dell Command Update versiones anteriores a 3.1, contienen una Vulnerabilidad de Eliminación Arbitraria de Archivos. Un usuario malicioso autenticado local con bajos privilegios podría explotar esta vulnerabilidad para suprimir archivos arbitrarios al crear un enlace simbólico desde el archivo "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" hacia cualquier archivo apuntado. • https://www.dell.com/support/article/SLN319697 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18580 – Dell EMC Storage Monitoring and Reporting Java RMI Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-18580
Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host. Dell EMC Storage Monitoring and Reporting versión 4.3.1, contiene una vulnerabilidad de Deserialización Datos No Confiables RMI de Java . Un atacante remoto no autenticado puede explotar esta vulnerabilidad al enviar una petición RMI diseñada para ejecutar código arbitrario en el host de destino. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dell EMC Storage Monitoring and Reporting. • https://www.dell.com/support/security/en-us/details/538977/DSA-2019-176-Dell-EMC-Storage-Monitoring-and-Reporting-SMR-Java-RMI-Deserialization-of-Untruste • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2019-3764
https://notcve.org/view.php?id=CVE-2019-3764
Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes. Dell EMC iDRAC7 versiones anteriores a 2.65.65.65, iDRAC8 versiones anteriores a 2.70.70.70, e iDRAC9 versiones anteriores a 3.36.36.36 contienen una vulnerabilidad de autorización inapropiada. Un usuario malicioso autenticado remoto de iDRAC con pocos privilegios puede explotar potencialmente esta vulnerabilidad para obtener información confidencial, tal y como el hash de contraseñas. • https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en • CWE-285: Improper Authorization •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3767
https://notcve.org/view.php?id=CVE-2019-3767
Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems. Las versiones de Dell ImageAssist en versiones anteriores a la 8.7.15 contienen una vulnerabilidad de divulgación de información. Dell ImageAssist almacena información confidencial cifrada en las imágenes que crea. • https://www.dell.com/support/article/us/en/19/sln318831/dsa-2019-139 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •