99 matches found
CVE-2025-29987
Dell PowerProtect Data Domain with DD OS prior to 8.3.0.15 is affected by an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could execute arbitrary commands with root privileges due to limited access-control granularity. The PT-2025-14...
CVE-2025-22475
The CVE-2025-22475 entry describes a vulnerability in Dell PowerProtect DD where, in versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10, a use of a cryptographic primitive with a risky implementation could allow a remote attacker to tamper information. A Dell security update (DSA-2025-022) ...
CVE-2024-29174
Dell Data Domain is affected by CVE-2024-29174 with SQL Injection in software versions prior to 7.13.0.0, and LTS releases 7.7.5.30 and 7.10.1.20. The vulnerability could allow a local, low-privilege attacker to execute SQL commands on the backend database and gain unauthorized access to applicat...
CVE-2024-53295
Dell PowerProtect DD (Dell’s data protection solution) is affected by an improper access control vulnerability (CVE-2024-53295) that could allow a local, low-privilege attacker to escalate privileges. Affected versions are prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20. The NVD entry documents a LOCA...
CVE-2024-51534
Dell PowerProtect DD vulnerable versions before DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 are affected by a path traversal flaw that could allow a local low-privileged attacker to overwrite OS files on the server filesystem, potentially causing denial of service. The concern is supported by multiple...
CVE-2024-53296
CVE-2024-53296 affects Dell PowerProtect DD (Data Domain) with a stack-based buffer overflow in the RestAPI. Public details indicate vulnerable versions include Dell PowerProtect DD prior to 7.10.1.50 and 7.13.1.20 (per NVD description), with a similar CVE entry noting earlier releases such as 7....
CVE-2024-29175
CVE-2024-29175 concerns Dell PowerProtect Data Domain. The affected products are Dell PowerProtect Data Domain versions prior to 7.13.0.0, LTS 7.7.5.40, and LTS 7.10.1.30, where a weak cryptographic algorithm vulnerability could enable a remote, unauthenticated attacker to perform a man-in-the-mi...
CVE-2024-45759
Summary of CVE-2024-45759 (Dell PowerProtect Data Domain) : A local, low-privileged attacker could exploit an escalation of privilege vulnerability to execute commands that overwrite the application’s system configuration, potentially causing a denial of service. Affected products are Dell PowerP...
CVE-2024-48010
Dell PowerProtect DD is affected by an access control vulnerability prior to these versions: • 8.1.0.0 (and earlier listed) and specifically 7.13.1.10, 7.10.1.40, and 7.7.5.50. A remote, high-privileged attacker could potentially escalate privileges in the application. Remediation: update to 8.1....
CVE-2024-48011
Dell PowerProtect DD (hardware appliances) is affected in versions prior to 7.7.5.50 by an Information Disclosure vulnerability that could be exploited by a low-privilege attacker with remote access to obtain sensitive information. The initial documents do not specify the exact root cause or vuln...
CVE-2024-29176
CVE-2024-29176 affects Dell PowerProtect DD prior to a fixed release. Dell PowerProtect DD versions 8.0, 7.13.1.0, 7.10.1.30, and 7.7.5.40 are vulnerable to an Out-of-bounds Write that could enable code execution by a low-privilege, remote attacker. The issue is caused by an out-of-bounds write i...
CVE-2024-37138
CVE-2024-37138 affects Dell PowerProtect DD (DDMC) prior to version 8.0 and LTS releases 7.13.1.0, 7.10.1.30, 7.7.5.40. The flaw is a relative path traversal in the management path that could allow a remote high-privileged attacker to cause the application to send an unauthorized file to the mana...
CVE-2024-37141
Dell PowerProtect DD is affected by an open redirect vulnerability affecting versions prior to 8.0 and the LTS trains 7.13.1.0, 7.10.1.30, and 7.7.5.40. A remote, low-privilege attacker could cause information disclosure. The public documents specify fixes: upgrade to 8.0 or later, and apply fixe...
CVE-2024-37140
Dell PowerProtect DD is affected: OS command injection in an admin operation present in versions prior to 8.0 and in LTS 7.13.1.0, 7.10.1.30, and 7.7.5.40. The underlying issue enables a remote low-privilege attacker to run arbitrary OS commands with the vulnerable application’s privileges, poten...
CVE-2024-37139
CVE-2024-37139 affects Dell PowerProtect DD before 8.0 and certain LTS branches (7.13.1.0.7.10.1.30, 7.7.5.40) with an improper control of a resource through its lifetime in an admin operation. This could allow a remote, low-privilege attacker to cause temporary resource constraint in a system ap...
CVE-2024-29177
CVE-2024-29177 affects Dell PowerProtect DD prior to 8.0 and the LTS branches 7.13.1.0, 7.10.1.30, and 7.7.5.40. The issue is described as a disclosure of temporary sensitive information that could be exploited by a remote high-privilege attacker to reuse disclosed data to gain unauthorized acces...
CVE-2024-29173
Dell PowerProtect DD (before 8.0 and the listed LTS branches: 7.13.1.0, 7.10.1.30, 7.7.5.40) contains a Server-Side Request Forgery (SSRF) vulnerability. A remote, high-privilege attacker could potentially disclose information on the application or remote client. The provided documents confirm th...
CVE-2024-28973
Technical details beyond the generic description are not provided in the supplied documents. Monitor for updates from Dell and CVE List references.
CVE-2026-53478
Summary: CVE-2026-53478 affects Dell PowerProtect Data Domain (versions 7.7.1.0–8.7; LTS2026: 8.6.1.0–8.6.1.10; LTS2025: 8.3.1.0–8.3.1.30; LTS2024: 7.13.1.0–7.13.1.70) and is caused by improper neutralization of special elements used in an OS command (OS command injection). A high-privilege attac...
CVE-2025-36594
Dell PowerProtect Data Domain (DD OS) feature releases and LTS versions 7.7.1.0–8.3.0.15, 7.13.1.0–7.13.1.25, and 7.10.1.0–7.10.1.60 are affected by an Authentication Bypass by Spoofing vulnerability (CVE-2025-36594). The issue allows an unauthenticated, remotely accessible attacker to bypass pro...
CVE-2025-30098
Dell PowerProtect Data Domain (DD OS) is affected by CVE-2025-30098: an Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in the DDSH CLI. A high-privilege attacker with local access could exploit this to execute arbitrary commands with root pr...
CVE-2026-49815
Summary: Dell PowerProtect Data Domain (versions 7.7.1.0–8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) contains an OS command injection vulnerability due to improper neutralization of special elements in OS commands. A high-privileged attacker with remote ac...
CVE-2026-23853
Dell PowerProtect Data Domain running DD OS Feature Release 7.7.1.0–8.5, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.50 contains a weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this to gain unauthorized access to the system. The ...
CVE-2026-46468
CVE-2026-46468 affects Dell PowerProtect Data Domain: affected versions include 7.7.1.0–8.7, and specific LTS2024/2025/2026 ranges. The issue is an improper link resolution before file access (link following) that can be exploited by a high-privilege, local attacker to cause information exposure....
CVE-2026-24505
CVE-2026-24505 affects Dell PowerProtect Data Domain, versions 8.5 through 8.6. The vulnerability stems from improper input validation, potentially allowing a high-privileged attacker with remote access to execute arbitrary commands with root privileges. The available documents do not provide add...
CVE-2026-49814
CVE-2026-49814 affects Dell PowerProtect Data Domain, including versions 7.7.1.0–8.7 and several LTS releases (8.6.1.0–8.6.1.10, 8.3.1.0–8.3.1.30, 7.13.1.0–7.13.1.70). The vulnerability is an OS Command Injection due to improper neutralization of special elements, allowing a high-privilege, remot...
CVE-2026-24506
Summary (CVE-2026-24506): Dell PowerProtect Data Domain affected releases include 7.7.1.0–8.6, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.60. The issue is an OS command injection in the system that could allow a high-privileged, remote attacker to execute arbitrary commands as root. Th...
CVE-2026-26944
Dell PowerProtect Data Domain (versions 7.7.1.0–8.6; LTS2025 8.3.1.0–8.3.1.20; LTS2024 7.13.1.0–7.13.1.60) contains a missing authentication for a critical function vulnerability. An unauthenticated attacker with remote access could exploit it to achieve arbitrary command execution with root priv...
CVE-2026-23777
Dell PowerProtect Data Domain running DD OS Feature Release 7.7.1.0–8.5, LTS2025 8.3.1.0–8.3.1.20, LTS2024 7.13.1.0–7.13.1.50 has an information exposure vulnerability. A low-privileged attacker with remote access could potentially exploit this to access sensitive data. The CVSS 3.1 base score is...
CVE-2026-26942
Dell PowerProtect Data Domain versions 8.5–8.6 are affected by CVE-2026-26942, an OS command injection vulnerability caused by improper neutralization of special elements. The issue could allow a high-privileged attacker with remote access to execute arbitrary commands with root privileges. Affec...
CVE-2026-49813
Dell PowerProtect Data Domain is affected (versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70) by an OS command injection vulnerability due to improper neutralization of special elements in commands. The issue can enable arbitrary command executio...
CVE-2025-30096
Summary (CVE-2025-30096) Dell PowerProtect Data Domain on DD OS is affected by an OS Command Injection in the DDSH CLI. A high-privileged attacker with local access could run arbitrary commands as root. Affected DD OS versions include: Feature Release 7.7.1.0–8.1.0.10; LTS2024 7.13.1.0–7.13.1.25;...
CVE-2025-30097
Dell PowerProtect Data Domain running DD OS (Feature Release 7.7.1.0–8.1.0.10; LTS2024 7.13.1.0–7.13.1.25; LTS2023 7.10.1.0–7.10.1.50) is affected by an OS Command Injection in the DDSH CLI. The root cause is improper neutralization of special elements in commands, enabling a high-privileged, loc...
CVE-2025-30099
CVE-2025-30099 affects Dell PowerProtect Data Domain with DD OS (Feature Release 7.7.1.0–8.1.0.10; LTS2024 7.13.1.0–7.13.1.25; LTS 2023 7.10.1.0–7.10.1.50) and is due to an Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) in the DDSH CLI. A low-privilege, l...
CVE-2026-35073
Dell PowerProtect Data Domain vulnerable in versions 7.7.1.0–8.7.0.0, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.60 due to improper neutralization of special elements used in an OS command injection vulnerability. A high-privilege attacker with local access could potentially execute ar...
CVE-2026-26354
Dell PowerProtect Data Domain with DD OS Feature Release versions 7.7.1.0–8.6, LTS2025 8.3.1.0–8.3.1.10, and LTS2024 7.13.1.0–7.13.1.60 contains a stack-based Buffer Overflow vulnerability. An unauthenticated, remote attacker could potentially exploit this to achieve arbitrary command execution. ...
CVE-2026-35154
Dell PowerProtect Data Domain appliances (versions 7.7.1.0–8.7.0.0; LTS2025 8.3.1.0–8.3.1.20; LTS2024 7.13.1.0–7.13.1.60) contain an improper privilege management vulnerability in IDRAC. The issue could allow a highly privileged, local attacker to elevate privileges and perform unauthorized delet...
CVE-2026-23776
CVE-2026-23776 affects Dell PowerProtect Data Domain with DD OS Feature Release versions 7.7.1.0–8.5, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.60. It reports an Improper Certificate Validation vulnerability in certificate-based login, enabling a remote attacker with network access an...
CVE-2026-35153
Dell PowerProtect Data Domain: Affected versions 7.7.1.0–8.7.0.0, LTS2025 8.3.1.0–8.3.1.20, LTS2024 7.13.1.0–7.13.1.60 contain an improper neutralization of argument delimiters in a command (argument injection) vulnerability. A high‑privileged attacker with local access could potentially trigger ...
CVE-2026-54483
CVE-2026-54483 affects Dell PowerProtect Data Domain: versions 7.7.1.0–8.6, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70. The vulnerability is described as OS command injection caused by improper neutralization of special elements in certain OS commands. A hi...
CVE-2025-43905
CVE-2025-43905 affects Dell PowerProtect Data Domain running DD OS Feature Release 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS2023 7.10.1.0–7.10.1.60. The issue is an Improper Neutralization of Argument Delimiters in a Command (Argument Injection) which could allow a lo...
CVE-2025-46641
CVE-2025-46641 affects Dell PowerProtect Data Domain running DD OS Feature Release 8.4–8.5 . The issue is an improper authentication vulnerability that could allow a high-privileged attacker with remote access to achieve unauthorized access. The NVD/NVD-derived data show a network-based attack ve...
CVE-2026-26943
Summary: CVE-2026-26943 affects Dell PowerProtect Data Domain (versions 7.7.1.0–8.6; LTS2025 8.3.1.0–8.3.1.20; LTS2024 7.13.1.0–7.13.1.60). The vulnerability is described as an OS command injection that could allow a high-privilege, remotely authenticated attacker to execute arbitrary commands wi...
CVE-2026-53483
Dell PowerProtect Data Domain is affected (versions 7.7.1.0–8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) by an improper authentication vulnerability. An unauthenticated attacker with remote access could exploit this to gain unauthorized access and take comp...
CVE-2025-36566
Dell PowerProtect Data Domain running DD OS Feature Release versions 7.7.1.0–8.1.0.10, LTS2024 7.13.1.0–7.13.1.25, and LTS2023 7.10.1.0–7.10.1.50 contains an OS Command Injection due to improper neutralization of special elements. A high-privilege, local attacker could execute arbitrary commands ...
CVE-2025-43727
Dell PowerProtect Data Domain (DD OS) versions 7.7.1.0–8.1.0.10, 7.13.1.0–7.13.1.25, and 7.10.1.0–7.10.1.50 contain an incorrect implementation of the RestAPI authentication algorithm, enabling an unauthenticated remote attacker to gain unauthorized access. No exploitation details are provided in...
CVE-2025-43913
Dell PowerProtect Data Domain (DD OS) feature releases 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS 2023 7.10.1.0–7.10.1.60 contain a vulnerability described as Use of a Broken or Risky Cryptographic Algorithm. An unauthenticated, remote attacker could potentially cause ...
CVE-2025-45375
Dell PowerProtect Data Domain and the Data Domain Operating System (DD OS) Feature Release 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS2023 7.10.1.0–7.10.1.60 contain a stack-based buffer overflow. A high-privilege user with local access could exploit this to cause a Den...
CVE-2026-28263
CVE-2026-28263 affects Dell PowerProtect Data Domain running DD OS Feature Release 7.7.1.0–8.5, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.50. It describes a cross-site scripting vulnerability that could be exploited by a high-privilege attacker with remote access, leading to script in...
CVE-2026-35074
CVE-2026-35074 affects Dell PowerProtect Data Domain products: 7.7.1.0–8.7.0.0, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.60. The issue is an improper neutralization of special elements used in an OS command injection vulnerability, enabling a high-privilege local attacker to execute ...