CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43069
https://notcve.org/view.php?id=CVE-2023-43069
Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker. Dell SmartFabric Storage Software v1.4 (y anteriores) contiene una vulnerabilidad de inyección de comandos del sistema operativo en la CLI. Un atacante local autenticado podría explotar esta vulnerabilidad, lo que provocaría una posible inyección de parámetros en curl o docker. • https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43068
https://notcve.org/view.php?id=CVE-2023-43068
Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands. Dell SmartFabric Storage Software v1.4 (y anteriores) contiene una vulnerabilidad de inyección de comandos del sistema operativo en el shell restringido en SSH. Un atacante remoto autenticado podría explotar esta vulnerabilidad, lo que llevaría a ejecutar comandos arbitrarios. • https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4401
https://notcve.org/view.php?id=CVE-2023-4401
Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access. Dell SmartFabric Storage Software v1.4 (y anteriores) contiene una vulnerabilidad de inyección de comandos del sistema operativo en el uso de la CLI del comando "more". Un atacante autenticado local o remoto podría explotar esta vulnerabilidad, lo que le permitiría obtener acceso a nivel de root. • https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32477
https://notcve.org/view.php?id=CVE-2023-32477
Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. A local low-privileged malicious user may potentially exploit this vulnerability to gain elevated privileges. Dell Common Event Enabler 8.9.8.2 para Windows y versiones anteriores contiene una vulnerabilidad de control de acceso inadecuado. Un usuario malintencionado local con pocos privilegios podría explotar esta vulnerabilidad para obtener privilegios elevados. • https://www.dell.com/support/kbdoc/en-us/000218120/dsa-2023-310-security-update-for-dell-emc-common-event-enabler • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4129
https://notcve.org/view.php?id=CVE-2023-4129
Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext. Dell Data Protection Central, versión 19.9, contiene una vulnerabilidad de Inadequate Encryption Strength. Un atacante de red no autenticado podría explotar esta vulnerabilidad, permitiéndole recuperar texto sin cifrar de un bloque de texto cifrado. • https://www.dell.com/support/kbdoc/en-us/000218045/dsa-2023-346-security-update-for-dell-data-protection-central • CWE-326: Inadequate Encryption Strength •