Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-5685 | 1 Dell | 4 Idrac7, Idrac7 Firmware, Idrac8 and 1 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. | |||||
CVE-2014-8272 | 2 Dell, Intel | 4 Idrac6 Modular, Idrac6 Monolithic, Idrac7 and 1 more | 2024-11-21 | 5.0 MEDIUM | N/A |
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack. | |||||
CVE-2013-3589 | 1 Dell | 4 Idrac6 Firmware, Idrac6 Monolithic, Idrac7 and 1 more | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter. | |||||
CVE-2020-5344 | 1 Dell | 6 Idrac7, Idrac7 Firmware, Idrac8 and 3 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data. |