74 matches found
CVE-2025-29987
Dell PowerProtect Data Domain with DD OS prior to 8.3.0.15 is affected by an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could execute arbitrary commands with root privileges due to limited access-control granularity. The PT-2025-14...
CVE-2025-22475
The CVE-2025-22475 entry describes a vulnerability in Dell PowerProtect DD where, in versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10, a use of a cryptographic primitive with a risky implementation could allow a remote attacker to tamper information. A Dell security update (DSA-2025-022) ...
CVE-2024-53295
Dell PowerProtect DD (Dell’s data protection solution) is affected by an improper access control vulnerability (CVE-2024-53295) that could allow a local, low-privilege attacker to escalate privileges. Affected versions are prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20. The NVD entry documents a LOCA...
CVE-2024-51534
Dell PowerProtect DD vulnerable versions before DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 are affected by a path traversal flaw that could allow a local low-privileged attacker to overwrite OS files on the server filesystem, potentially causing denial of service. The concern is supported by multiple...
CVE-2024-53296
CVE-2024-53296 affects Dell PowerProtect DD (Data Domain) with a stack-based buffer overflow in the RestAPI. Public details indicate vulnerable versions include Dell PowerProtect DD prior to 7.10.1.50 and 7.13.1.20 (per NVD description), with a similar CVE entry noting earlier releases such as 7....
CVE-2024-29175
CVE-2024-29175 concerns Dell PowerProtect Data Domain. The affected products are Dell PowerProtect Data Domain versions prior to 7.13.0.0, LTS 7.7.5.40, and LTS 7.10.1.30, where a weak cryptographic algorithm vulnerability could enable a remote, unauthenticated attacker to perform a man-in-the-mi...
CVE-2024-45759
Summary of CVE-2024-45759 (Dell PowerProtect Data Domain) : A local, low-privileged attacker could exploit an escalation of privilege vulnerability to execute commands that overwrite the application’s system configuration, potentially causing a denial of service. Affected products are Dell PowerP...
CVE-2024-48010
Dell PowerProtect DD is affected by an access control vulnerability prior to these versions: • 8.1.0.0 (and earlier listed) and specifically 7.13.1.10, 7.10.1.40, and 7.7.5.50. A remote, high-privileged attacker could potentially escalate privileges in the application. Remediation: update to 8.1....
CVE-2024-29174
Dell Data Domain is affected by CVE-2024-29174 with SQL Injection in software versions prior to 7.13.0.0, and LTS releases 7.7.5.30 and 7.10.1.20. The vulnerability could allow a local, low-privilege attacker to execute SQL commands on the backend database and gain unauthorized access to applicat...
CVE-2024-48011
Dell PowerProtect DD (hardware appliances) is affected in versions prior to 7.7.5.50 by an Information Disclosure vulnerability that could be exploited by a low-privilege attacker with remote access to obtain sensitive information. The initial documents do not specify the exact root cause or vuln...
CVE-2024-37141
Dell PowerProtect DD is affected by an open redirect vulnerability affecting versions prior to 8.0 and the LTS trains 7.13.1.0, 7.10.1.30, and 7.7.5.40. A remote, low-privilege attacker could cause information disclosure. The public documents specify fixes: upgrade to 8.0 or later, and apply fixe...
CVE-2024-29176
CVE-2024-29176 affects Dell PowerProtect DD prior to a fixed release. Dell PowerProtect DD versions 8.0, 7.13.1.0, 7.10.1.30, and 7.7.5.40 are vulnerable to an Out-of-bounds Write that could enable code execution by a low-privilege, remote attacker. The issue is caused by an out-of-bounds write i...
CVE-2024-37140
Dell PowerProtect DD is affected: OS command injection in an admin operation present in versions prior to 8.0 and in LTS 7.13.1.0, 7.10.1.30, and 7.7.5.40. The underlying issue enables a remote low-privilege attacker to run arbitrary OS commands with the vulnerable application’s privileges, poten...
CVE-2024-37139
CVE-2024-37139 affects Dell PowerProtect DD before 8.0 and certain LTS branches (7.13.1.0.7.10.1.30, 7.7.5.40) with an improper control of a resource through its lifetime in an admin operation. This could allow a remote, low-privilege attacker to cause temporary resource constraint in a system ap...
CVE-2024-37138
CVE-2024-37138 affects Dell PowerProtect DD (DDMC) prior to version 8.0 and LTS releases 7.13.1.0, 7.10.1.30, 7.7.5.40. The flaw is a relative path traversal in the management path that could allow a remote high-privileged attacker to cause the application to send an unauthorized file to the mana...
CVE-2024-29177
CVE-2024-29177 affects Dell PowerProtect DD prior to 8.0 and the LTS branches 7.13.1.0, 7.10.1.30, and 7.7.5.40. The issue is described as a disclosure of temporary sensitive information that could be exploited by a remote high-privilege attacker to reuse disclosed data to gain unauthorized acces...
CVE-2024-29173
Dell PowerProtect DD (before 8.0 and the listed LTS branches: 7.13.1.0, 7.10.1.30, 7.7.5.40) contains a Server-Side Request Forgery (SSRF) vulnerability. A remote, high-privilege attacker could potentially disclose information on the application or remote client. The provided documents confirm th...
CVE-2024-28973
Technical details beyond the generic description are not provided in the supplied documents. Monitor for updates from Dell and CVE List references.
CVE-2025-30098
Dell PowerProtect Data Domain (DD OS) is affected by CVE-2025-30098: an Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in the DDSH CLI. A high-privilege attacker with local access could exploit this to execute arbitrary commands with root pr...
CVE-2025-36594
Dell PowerProtect Data Domain (DD OS) feature releases and LTS versions 7.7.1.0–8.3.0.15, 7.13.1.0–7.13.1.25, and 7.10.1.0–7.10.1.60 are affected by an Authentication Bypass by Spoofing vulnerability (CVE-2025-36594). The issue allows an unauthenticated, remotely accessible attacker to bypass pro...
CVE-2025-30099
CVE-2025-30099 affects Dell PowerProtect Data Domain with DD OS (Feature Release 7.7.1.0–8.1.0.10; LTS2024 7.13.1.0–7.13.1.25; LTS 2023 7.10.1.0–7.10.1.50) and is due to an Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) in the DDSH CLI. A low-privilege, l...
CVE-2026-26944
Dell PowerProtect Data Domain (versions 7.7.1.0–8.6; LTS2025 8.3.1.0–8.3.1.20; LTS2024 7.13.1.0–7.13.1.60) contains a missing authentication for a critical function vulnerability. An unauthenticated attacker with remote access could exploit it to achieve arbitrary command execution with root priv...
CVE-2025-30096
Summary (CVE-2025-30096) Dell PowerProtect Data Domain on DD OS is affected by an OS Command Injection in the DDSH CLI. A high-privileged attacker with local access could run arbitrary commands as root. Affected DD OS versions include: Feature Release 7.7.1.0–8.1.0.10; LTS2024 7.13.1.0–7.13.1.25;...
CVE-2025-30097
Dell PowerProtect Data Domain running DD OS (Feature Release 7.7.1.0–8.1.0.10; LTS2024 7.13.1.0–7.13.1.25; LTS2023 7.10.1.0–7.10.1.50) is affected by an OS Command Injection in the DDSH CLI. The root cause is improper neutralization of special elements in commands, enabling a high-privileged, loc...
CVE-2025-36566
Dell PowerProtect Data Domain running DD OS Feature Release versions 7.7.1.0–8.1.0.10, LTS2024 7.13.1.0–7.13.1.25, and LTS2023 7.10.1.0–7.10.1.50 contains an OS Command Injection due to improper neutralization of special elements. A high-privilege, local attacker could execute arbitrary commands ...
CVE-2025-36569
Dell PowerProtect Data Domain with DD OS is affected by OS Command Injection in Feature Release 7.7.1.0–8.1.0.10, 7.13.1.0–7.13.1.25, and 7.10.1.0–7.10.1.50. The issue arises from improper neutralization of special elements in OS commands, allowing a high-privileged, local attacker to execute arb...
CVE-2026-26354
Dell PowerProtect Data Domain with DD OS Feature Release versions 7.7.1.0–8.6, LTS2025 8.3.1.0–8.3.1.10, and LTS2024 7.13.1.0–7.13.1.60 contains a stack-based Buffer Overflow vulnerability. An unauthenticated, remote attacker could potentially exploit this to achieve arbitrary command execution. ...
CVE-2025-43727
Dell PowerProtect Data Domain (DD OS) versions 7.7.1.0–8.1.0.10, 7.13.1.0–7.13.1.25, and 7.10.1.0–7.10.1.50 contain an incorrect implementation of the RestAPI authentication algorithm, enabling an unauthenticated remote attacker to gain unauthorized access. No exploitation details are provided in...
CVE-2025-43908
Dell PowerProtect Data Domain (DD OS) is affected by an OS Command Injection vulnerability in Feature Release 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS2023 7.10.1.0–7.10.1.60. The issue arises from improper neutralization of special elements in OS commands, potentiall...
CVE-2025-45375
Dell PowerProtect Data Domain and the Data Domain Operating System (DD OS) Feature Release 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS2023 7.10.1.0–7.10.1.60 contain a stack-based buffer overflow. A high-privilege user with local access could exploit this to cause a Den...
CVE-2026-23853
Dell PowerProtect Data Domain running DD OS Feature Release 7.7.1.0–8.5, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.50 contains a weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this to gain unauthorized access to the system. The ...
CVE-2026-26942
Dell PowerProtect Data Domain versions 8.5–8.6 are affected by CVE-2026-26942, an OS command injection vulnerability caused by improper neutralization of special elements. The issue could allow a high-privileged attacker with remote access to execute arbitrary commands with root privileges. Affec...
CVE-2025-36565
Dell PowerProtect Data Domain running DD OS on Feature Release 7.7.1.0–8.1.0.10, LTS2024 7.13.1.0–7.13.1.25, and LTS 2023 7.10.1.0–7.10.1.50 is affected by an Improper Neutralization of Argument Delimiters (Argument Injection) vulnerability. A local attacker with high privileges could exploit thi...
CVE-2025-36567
Dell PowerProtect Data Domain (DD OS) is affected by an OS Command Injection vulnerability due to improper neutralization of special elements in commands. A high-privilege local attacker could execute arbitrary commands and potentially escalate to root on DD OS Feature Release 7.7.1.0–8.1.0.10, L...
CVE-2025-43905
CVE-2025-43905 affects Dell PowerProtect Data Domain running DD OS Feature Release 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS2023 7.10.1.0–7.10.1.60. The issue is an Improper Neutralization of Argument Delimiters in a Command (Argument Injection) which could allow a lo...
CVE-2025-43910
Dell PowerProtect Data Domain products running DD OS Feature Release 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS 2023 7.10.1.0–7.10.1.60 contain a Stack-based Buffer Overflow in the DDSH CLI. The vulnerability allows a high-privileged, local attacker to trigger a Denial...
CVE-2025-43911
Dell PowerProtect Data Domain (DD OS) feature releases and LTS lines are affected by an OS command injection vulnerability in multiple versions, caused by improper neutralization of special elements in OS commands. A high-privilege attacker with local access could achieve arbitrary command execut...
CVE-2025-43914
Dell PowerProtect Data Domain BoostFS for Linux is affected on multiple releases (Ubuntu Feature Releases 7.7.1.0–8.3.0.15; LTS 2025: 8.3.1.0; LTS 2024: 7.13.1.0–7.13.1.30; LTS 2023: 7.10.1.0–7.10.1.60). Issue: Incorrect Privilege Allocation allowing a local, low-privilege attacker to achieve una...
CVE-2025-46645
Dell PowerProtect Data Domain with DD OS is affected by OS Command Injection due to improper neutralization of special elements. A high-privilege attacker with remote access could execute commands, potentially impacting confidentiality, integrity, and availability as described. Affected releases ...
CVE-2026-23777
Dell PowerProtect Data Domain running DD OS Feature Release 7.7.1.0–8.5, LTS2025 8.3.1.0–8.3.1.20, LTS2024 7.13.1.0–7.13.1.50 has an information exposure vulnerability. A low-privileged attacker with remote access could potentially exploit this to access sensitive data. The CVSS 3.1 base score is...
CVE-2026-24505
CVE-2026-24505 affects Dell PowerProtect Data Domain, versions 8.5 through 8.6. The vulnerability stems from improper input validation, potentially allowing a high-privileged attacker with remote access to execute arbitrary commands with root privileges. The available documents do not provide add...
CVE-2026-24506
Summary (CVE-2026-24506): Dell PowerProtect Data Domain affected releases include 7.7.1.0–8.6, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.60. The issue is an OS command injection in the system that could allow a high-privileged, remote attacker to execute arbitrary commands as root. Th...
CVE-2025-43909
Dell PowerProtect Data Domain (DD OS) versions 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS2023 7.10.1.0–7.10.1.60 contain a vulnerability in the DD boost component due to use of a broken or risky cryptographic algorithm. An unauthenticated, remote attacker could exploit...
CVE-2025-43912
Dell PowerProtect Data Domain and DD OS versions are affected by a heap-based buffer overflow vulnerability. Affected releases include Feature Release 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS 2023 7.10.1.0–7.10.1.60. The issue can be triggered by an unauthenticated, ...
CVE-2025-43913
Dell PowerProtect Data Domain (DD OS) feature releases 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS 2023 7.10.1.0–7.10.1.60 contain a vulnerability described as Use of a Broken or Risky Cryptographic Algorithm. An unauthenticated, remote attacker could potentially cause ...
CVE-2025-46644
Dell PowerProtect Data Domain (DD OS) affected ranges: Feature Release 7.7.1.0–8.4.0.0, LTS2025 8.3.1.10, LTS2024 7.13.1.0–7.13.1.40, LTS2023 7.10.1.0–7.10.1.70. Description: OS Command Injection vulnerability due to improper neutralization of special elements in commands. Impact: a highly privil...
CVE-2025-46676
Dell PowerProtect Data Domain (DD OS) versions 7.7.1.0–8.4.0.0; LTS2025 8.3.1.10; LTS2024 7.13.1.0–7.13.1.40; LTS2023 7.10.1.0–7.10.1.70 contain an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A high-privilege attacker with remote access could disclose information. Re...
CVE-2025-43890
Dell PowerProtect Data Domain with DD OS feature releases from 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS2023 7.10.1.0–7.10.1.60 contains an OS command injection vulnerability (Improper Neutralization of Special Elements used in an OS Command). A high-privilege local a...
CVE-2025-43906
Dell PowerProtect Data Domain (DD OS) affected releases include 7.7.1.0–8.3.0.15, 8.3.1.0 (DD OS LTS2025), 7.13.1.0–7.13.1.30 (LTS2024), and 7.10.1.0–7.10.1.60 (LTS2023). The issue is an Improper Neutralization of Special Elements used in OS Commands (OS Command Injection) that could allow a high...
CVE-2025-43907
CVE-2025-43907 affects Dell PowerProtect Data Domain with DD OS feature releases 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS2023 7.10.1.0–7.10.1.60. Description from PT-2025-41149 confirms a Path Traversal issue where the sequence '.../...//' can be exploited by a remot...