CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0167
https://notcve.org/view.php?id=CVE-2024-0167
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges. Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyección de comandos del sistema operativo en la utilidad svc_topstats. Un atacante autenticado podría explotar esta vulnerabilidad, lo que permitiría sobrescribir archivos arbitrarios en el sistema de archivos con privilegios de root. • https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0168
https://notcve.org/view.php?id=CVE-2024-0168
Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges. Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyección de comandos en la utilidad svc_oscheck. Un atacante autenticado podría explotar esta vulnerabilidad, lo que le permitiría inyectar comandos arbitrarios del sistema operativo. • https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0169
https://notcve.org/view.php?id=CVE-2024-0169
Dell Unity, versions prior to 5.4, contains a cross-site scripting (XSS) vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading users to download and execute malicious software crafted by this product's feature to compromise their systems. Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de Cross-Site Scripting (XSS). Un atacante autenticado podría explotar esta vulnerabilidad, lo que llevaría a los usuarios a descargar y ejecutar software malicioso creado por la característica de este producto para comprometer sus sistemas. Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. • https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0170
https://notcve.org/view.php?id=CVE-2024-0170
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyección de comandos del sistema operativo en su utilidad svc_cava. Un atacante autenticado podría explotar esta vulnerabilidad, escapar del shell restringido y ejecutar comandos arbitrarios del sistema operativo con privilegios de root. • https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28077
https://notcve.org/view.php?id=CVE-2023-28077
Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. Dell BSAFE SSL-J, versiones anteriores a 6.5 y versiones 7.0 y 7.1 contienen un mensaje de depuración que revela una vulnerabilidad de información innecesaria. Esto puede llevar a revelar información confidencial a un usuario con privilegios locales. • https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-1295: Debug Messages Revealing Unnecessary Information •