CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25948
https://notcve.org/view.php?id=CVE-2024-25948
Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. El módulo de servicio Dell iDRAC versión 5.3.0.0 y anteriores contiene una vulnerabilidad de escritura fuera de los límites. Un atacante local privilegiado podría ejecutar código arbitrario, lo que podría provocar un evento de denegación de servicio. • https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities • CWE-787: Out-of-bounds Write •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25947
https://notcve.org/view.php?id=CVE-2024-25947
Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. Dell iDRAC Service Module versión 5.3.0.0 y anteriores contiene una vulnerabilidad de lectura fuera de los límites. Un atacante local privilegiado podría ejecutar código arbitrario, lo que podría provocar un evento de denegación de servicio. • https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities • CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37135
https://notcve.org/view.php?id=CVE-2024-37135
DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. • https://www.dell.com/support/kbdoc/en-us/000227424/dsa-2024-290-security-update-for-dell-powerprotect-data-manager-appliance-dm5500-for-multiple-vulnerabilities • CWE-256: Plaintext Storage of a Password •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37129
https://notcve.org/view.php?id=CVE-2024-37129
Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system. • https://www.dell.com/support/kbdoc/en-us/000225779/dsa-2024-263 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32857
https://notcve.org/view.php?id=CVE-2024-32857
Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege • https://www.dell.com/support/kbdoc/en-us/000225474/dsa-2024-242 • CWE-427: Uncontrolled Search Path Element •