CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27688
https://notcve.org/view.php?id=CVE-2025-27688
18 Mar 2025 — Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. • https://www.dell.com/support/kbdoc/en-us/000289886/dsa-2025-107 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26331
https://notcve.org/view.php?id=CVE-2025-26331
07 Mar 2025 — Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution. • https://www.dell.com/support/kbdoc/en-us/000289886/dsa-2025-107 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28963
https://notcve.org/view.php?id=CVE-2024-28963
24 Apr 2024 — Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information. Telemetry Dashboard v1.0.0.7 para Dell ThinOS 2402 contiene una vulnerabilidad de divulgación de información confidencial. Un usuario no autenticado con acceso local al dispositivo podría aprovechar esta vulnerabilidad para leer información confidencial de configuraci... • https://www.dell.com/support/kbdoc/en-us/000224317/dsa-2024-170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-32447
https://notcve.org/view.php?id=CVE-2023-32447
20 Jul 2023 — Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. • https://www.dell.com/support/kbdoc/en-us/000215864/dsa-2023-247 • CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-32446
https://notcve.org/view.php?id=CVE-2023-32446
20 Jul 2023 — Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. • https://www.dell.com/support/kbdoc/en-us/000215864/dsa-2023-247 • CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-32455
https://notcve.org/view.php?id=CVE-2023-32455
20 Jul 2023 — Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. • https://www.dell.com/support/kbdoc/en-us/000215864/dsa-2023-247 • CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-34402
https://notcve.org/view.php?id=CVE-2022-34402
10 Oct 2022 — Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service. Dell Wyse ThinOS versión 2205, contiene una vulnerabilidad de Denegación de Servicio por Expresión Regular en la Interfaz de Usuario. Un atacante con privilegios de administrador podría explotar esta vulnerabilidad, conllevando a una denegación de servicio • https://www.dell.com/support/kbdoc/en-us/000203376/dsa-2022-247-dell-wyse-thinos-security-update-for-a-regular-expression-vulnerability • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 3.9EPSS: 0%CPEs: 6EXPL: 0CVE-2021-21598
https://notcve.org/view.php?id=CVE-2021-21598
10 Aug 2021 — Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. An authenticated attacker with physical access to the system could exploit this vulnerability to read sensitive Smartcard data in log files. Dell Wyse ThinOS, versiones 9.0, 9.1 y 9.1 MR1, contienen una Vulnerabilidad de Divulgación de Información Confidencial. Un atacante autenticado con acceso físico al sistema podría explotar potencialmente esta vulnerabilidad para leer datos confidenciales de la t... • https://www.dell.com/support/kbdoc/000189543 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2021-21597
https://notcve.org/view.php?id=CVE-2021-21597
10 Aug 2021 — Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. An authenticated malicious user with physical access to the system could exploit this vulnerability to read sensitive information written to the log files. Dell Wyse ThinOS, versión 9.0, contiene una Vulnerabilidad de Divulgación de Información Confidencial. Un usuario malicioso autenticado con acceso físico al sistema podría explotar potencialmente esta vulnerabilidad para leer información confidencial escrita en los ... • https://www.dell.com/support/kbdoc/000189543 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21532
https://notcve.org/view.php?id=CVE-2021-21532
02 Apr 2021 — Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file. Dell Wyse ThinOS versión 8.6, MR9 contiene una corrección para una vulnerabilidad de comprobación inapropiada del servidor de administración que podría ser potencialmente explotada para redireccionar un cliente a un servid... • https://www.dell.com/support/kbdoc/en-us/000184665/dsa-2021-069-dell-wyse-thinos-8-6-security-update-for-an-improper-management-server-validation-vulnerabilitydsa-2021-069-dell-wyse-thinos-8-6-security-update-for-an-improper-management-server-validation- • CWE-16: Configuration CWE-20: Improper Input Validation •