CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47241
https://notcve.org/view.php?id=CVE-2024-47241
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access and modification of transmitted data. • https://www.dell.com/support/kbdoc/en-us/000237211/dsa-2024-407-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47240
https://notcve.org/view.php?id=CVE-2024-47240
Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update failure condition. • https://www.dell.com/support/kbdoc/en-us/000237211/dsa-2024-407-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities • CWE-276: Incorrect Default Permissions •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45767
https://notcve.org/view.php?id=CVE-2024-45767
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. Dell OpenManage Enterprise, versión(es) OME 4.1 y anteriores, contiene(n) una vulnerabilidad de neutralización inadecuada de elementos especiales utilizados en un comando SQL ("inyección SQL"). Un atacante con privilegios reducidos y acceso remoto podría aprovechar esta vulnerabilidad, lo que daría lugar a la divulgación de información. • https://www.dell.com/support/kbdoc/en-us/000237300/dsa-2024-426-security-update-for-dell-openmanage-enterprise-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45766
https://notcve.org/view.php?id=CVE-2024-45766
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. Dell OpenManage Enterprise, versión(es) OME 4.1 y anteriores, contiene(n) una vulnerabilidad de control inadecuado de generación de código ("inyección de código"). Un atacante con privilegios reducidos y acceso remoto podría aprovechar esta vulnerabilidad, lo que provocaría la ejecución de código. • https://www.dell.com/support/kbdoc/en-us/000237300/dsa-2024-426-security-update-for-dell-openmanage-enterprise-vulnerabilities • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 2.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39586
https://notcve.org/view.php?id=CVE-2024-39586
Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000234216/dsa-2024-420-security-update-for-dell-emc-appsync-for-multiple-vulnerabilities • CWE-611: Improper Restriction of XML External Entity Reference •