CVE-2024-44984 bnxt_en: Fix double DMA unmapping for XDP_REDIRECT

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix double DMA unmapping for XDPREDIRECT Remove the dmaunmappageattrs call in the driver's XDPREDIRECT code path. This should have been removed when we let the page pool handle the DMA mapping. This bug causes the warning...

Dell Client BIOS Improper Input Validation (DSA-2024-167)

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. Note that Nessus has not tested for this issue but has...

CVE-2024-36919

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spinlockbh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required as...

CVE-2024-26743

In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix qedrcreateuserqp error flow Avoid the following warning by making sure to free the allocated resources in case that qedrinituserqueue fail. ----------- cut here ----------- WARNING: CPU: 0 PID: 143192 at...

Dell NetWorker Encryption Issue Vulnerability

Dell NetWorker is an application from Dell USA Inc. Provides forum discussion features for Dell Inc. A cryptographic issue vulnerability exists in Dell NetWorker Virtual Edition 19.8 and prior versions, which stems from the use of an unrecommended encryption algorithm by the SSH component, and ca...

Dell Client BIOS Improper Authentication (DSA-2023-190)

The Dell BIOS on the remote device is missing a security patch and is, therefore, affected by a improper authentication vulnerability.A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowled...

Dell PowerPath Management Appliance Elevation of Privilege Vulnerability

The Dell PowerPath Management Appliance is a PowerPath host management application from Dell Inc. that offers two models: a virtual machine-based appliance and a Docker containerized appliance. An elevation of privilege vulnerability exists in Dell PowerPath Management Appliance version 3.3, whic...

Dell SupportAssist for Home PCs Information Disclosure Vulnerability

Dell SupportAssist for Home PCs is a client application for home computers from Dell USA. The program provides automation, proactive and predictive techniques for troubleshooting and more. An information disclosure vulnerability exists in Dell SupportAssist for Home PCs version 3.11.2 and prior...

Dell System Update has an unspecified vulnerability

Dell System Update is an application package from Dell, Inc. that provides application updates. A security vulnerability exists in Dell System Update version 2.0.0 and prior versions, which stems from the inclusion of incorrect certificate validation in the data parser module. No details of the...

Dell GeoDrive Information Disclosure Vulnerability

Dell GeoDrive is a free application from Dell, Inc. It provides access to Dell EMC ECS and Atmos storage from Microsoft Windows desktops and servers. An information disclosure vulnerability exists in Dell GeoDrive versions 2.1 and later, 2.2 and earlier. The vulnerability arises from insufficient...

Dell Enterprise SONiC OS has an unspecified vulnerability

Dell Enterprise SONiC OS Dell Enterprise Sonic Operating System is an open source network operating system from Dell, Inc. A remote attacker could exploit this vulnerability to cause unauthorized access to communications...

Wyse Management Suite has an unspecified vulnerability (CNVD-2022-56662)

Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell, Inc. The product includes centralized management of Wyse endpoints, asset tracking and automated device discovery.Wyse Management Suite 3.6.1 and prior versions contain a security vulnerability that...

Dell VNX2 OE for File sensitive information disclosure vulnerability

Dell Vnx2 Oe For File is an operating environment from Dell, Inc. A sensitive information vulnerability exists in Dell VNX2 OE for File versions 8.1.21.266 and earlier, which stems from an application exporting too much data. An attacker could use this vulnerability to obtain log information...

DELL EMC AppSync has an unspecified vulnerability

DELL EMC AppSync is a replication data management software from Dell USA Inc. The security vulnerability in DELL EMC AppSync stems from the fact that Dell EMC AppSync versions 3.9 through 4.3 contain an "over-authentication Improper Attempt Limitation" vulnerability, which can be exploited from t...

Dell Emc Secure Connect Gateway Log Information Disclosure Vulnerability

Dell Emc Secure Connect Gateway Dell Emc Scg is a secure connectivity gateway from Dell, Inc. The vulnerability can be exploited to read sensitive information...

Dell EMC PowerStore OS Command Injection Vulnerability

Dell EMC PowerStore is a storage device from Dell Dell, Inc. Dell EMC PowerStore versions prior to 1.0.3.0.5.006 have an operating system command injection vulnerability that can be exploited by a locally authenticated attacker to execute arbitrary OS commands on the underlying PowerStore operati...

Dell Lost Control of Key Customer Support Domain for a Month in 2017

A Web site set up by PC maker Dell Inc. to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, KrebsOnSecurity has learned. There is a program installed on virtually all...

Dell SonicWALL Global Management System GMS 8.1 Adobe Flex SOP Bypass Vulnerability

Dell SonicWALL GMS versions 8.1 and below are compiled with a vulnerable version of Adobe Flex SDK allowing for same-origin request forgery and cross-site content hijacking i? Dell SonicWALL Global Management System GMS 8.1 Adobe Flex SOP Bypass Vendor: Dell Inc. Product web page:...

Dell SonicWALL Global Management System GMS 8.1 - Blind SQL Injection

Dell SonicWALL Global Management System GMS 8.1 Blind SQL Injection Vendor: Dell Inc. Product web page: https://www.sonicwall.com/products/sonicwall-gms/ Affected version: 8.1 8.0 SP1 Build 8048.1410 Flow Server Virtual Appliance Fixed in: 8.2 VR-2016-01-C0V Summary: Provide your organization,...

Dell EMC OpenManage Server Administrator (OMSA) Detection (HTTP)

HTTP based detection of Dell EMC OpenManage Server Administrator OMSA. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...