99 matches found
CVE-2025-29987
Dell PowerProtect Data Domain with DD OS prior to 8.3.0.15 is affected by an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could execute arbitrary commands with root privileges due to limited access-control granularity. The PT-2025-14...
CVE-2025-22475
The CVE-2025-22475 entry describes a vulnerability in Dell PowerProtect DD where, in versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10, a use of a cryptographic primitive with a risky implementation could allow a remote attacker to tamper information. A Dell security update (DSA-2025-022) ...
CVE-2024-29174
Dell Data Domain is affected by CVE-2024-29174 with SQL Injection in software versions prior to 7.13.0.0, and LTS releases 7.7.5.30 and 7.10.1.20. The vulnerability could allow a local, low-privilege attacker to execute SQL commands on the backend database and gain unauthorized access to applicat...
CVE-2024-53295
Dell PowerProtect DD (Dell’s data protection solution) is affected by an improper access control vulnerability (CVE-2024-53295) that could allow a local, low-privilege attacker to escalate privileges. Affected versions are prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20. The NVD entry documents a LOCA...
CVE-2024-53296
CVE-2024-53296 affects Dell PowerProtect DD (Data Domain) with a stack-based buffer overflow in the RestAPI. Public details indicate vulnerable versions include Dell PowerProtect DD prior to 7.10.1.50 and 7.13.1.20 (per NVD description), with a similar CVE entry noting earlier releases such as 7....
CVE-2024-29175
CVE-2024-29175 concerns Dell PowerProtect Data Domain. The affected products are Dell PowerProtect Data Domain versions prior to 7.13.0.0, LTS 7.7.5.40, and LTS 7.10.1.30, where a weak cryptographic algorithm vulnerability could enable a remote, unauthenticated attacker to perform a man-in-the-mi...
CVE-2024-45759
Summary of CVE-2024-45759 (Dell PowerProtect Data Domain) : A local, low-privileged attacker could exploit an escalation of privilege vulnerability to execute commands that overwrite the application’s system configuration, potentially causing a denial of service. Affected products are Dell PowerP...
CVE-2024-48010
Dell PowerProtect DD is affected by an access control vulnerability prior to these versions: • 8.1.0.0 (and earlier listed) and specifically 7.13.1.10, 7.10.1.40, and 7.7.5.50. A remote, high-privileged attacker could potentially escalate privileges in the application. Remediation: update to 8.1....
CVE-2024-51534
Dell PowerProtect DD vulnerable versions before DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 are affected by a path traversal flaw that could allow a local low-privileged attacker to overwrite OS files on the server filesystem, potentially causing denial of service. The concern is supported by multiple...
CVE-2024-48011
Dell PowerProtect DD (hardware appliances) is affected in versions prior to 7.7.5.50 by an Information Disclosure vulnerability that could be exploited by a low-privilege attacker with remote access to obtain sensitive information. The initial documents do not specify the exact root cause or vuln...
CVE-2024-29176
CVE-2024-29176 affects Dell PowerProtect DD prior to a fixed release. Dell PowerProtect DD versions 8.0, 7.13.1.0, 7.10.1.30, and 7.7.5.40 are vulnerable to an Out-of-bounds Write that could enable code execution by a low-privilege, remote attacker. The issue is caused by an out-of-bounds write i...
CVE-2024-37138
CVE-2024-37138 affects Dell PowerProtect DD (DDMC) prior to version 8.0 and LTS releases 7.13.1.0, 7.10.1.30, 7.7.5.40. The flaw is a relative path traversal in the management path that could allow a remote high-privileged attacker to cause the application to send an unauthorized file to the mana...
CVE-2024-37140
Dell PowerProtect DD is affected: OS command injection in an admin operation present in versions prior to 8.0 and in LTS 7.13.1.0, 7.10.1.30, and 7.7.5.40. The underlying issue enables a remote low-privilege attacker to run arbitrary OS commands with the vulnerable application’s privileges, poten...
CVE-2024-37141
Dell PowerProtect DD is affected by an open redirect vulnerability affecting versions prior to 8.0 and the LTS trains 7.13.1.0, 7.10.1.30, and 7.7.5.40. A remote, low-privilege attacker could cause information disclosure. The public documents specify fixes: upgrade to 8.0 or later, and apply fixe...
CVE-2024-37139
CVE-2024-37139 affects Dell PowerProtect DD before 8.0 and certain LTS branches (7.13.1.0.7.10.1.30, 7.7.5.40) with an improper control of a resource through its lifetime in an admin operation. This could allow a remote, low-privilege attacker to cause temporary resource constraint in a system ap...
CVE-2024-29177
CVE-2024-29177 affects Dell PowerProtect DD prior to 8.0 and the LTS branches 7.13.1.0, 7.10.1.30, and 7.7.5.40. The issue is described as a disclosure of temporary sensitive information that could be exploited by a remote high-privilege attacker to reuse disclosed data to gain unauthorized acces...
CVE-2024-29173
Dell PowerProtect DD (before 8.0 and the listed LTS branches: 7.13.1.0, 7.10.1.30, 7.7.5.40) contains a Server-Side Request Forgery (SSRF) vulnerability. A remote, high-privilege attacker could potentially disclose information on the application or remote client. The provided documents confirm th...
CVE-2024-28973
Technical details beyond the generic description are not provided in the supplied documents. Monitor for updates from Dell and CVE List references.
CVE-2026-53478
Summary: CVE-2026-53478 affects Dell PowerProtect Data Domain (versions 7.7.1.0–8.7; LTS2026: 8.6.1.0–8.6.1.10; LTS2025: 8.3.1.0–8.3.1.30; LTS2024: 7.13.1.0–7.13.1.70) and is caused by improper neutralization of special elements used in an OS command (OS command injection). A high-privilege attac...
CVE-2026-46468
CVE-2026-46468 affects Dell PowerProtect Data Domain: affected versions include 7.7.1.0–8.7, and specific LTS2024/2025/2026 ranges. The issue is an improper link resolution before file access (link following) that can be exploited by a high-privilege, local attacker to cause information exposure....
CVE-2026-49815
Summary: Dell PowerProtect Data Domain (versions 7.7.1.0–8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) contains an OS command injection vulnerability due to improper neutralization of special elements in OS commands. A high-privileged attacker with remote ac...
CVE-2025-36594
Dell PowerProtect Data Domain (DD OS) feature releases and LTS versions 7.7.1.0–8.3.0.15, 7.13.1.0–7.13.1.25, and 7.10.1.0–7.10.1.60 are affected by an Authentication Bypass by Spoofing vulnerability (CVE-2025-36594). The issue allows an unauthenticated, remotely accessible attacker to bypass pro...
CVE-2025-30098
Dell PowerProtect Data Domain (DD OS) is affected by CVE-2025-30098: an Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in the DDSH CLI. A high-privilege attacker with local access could exploit this to execute arbitrary commands with root pr...
CVE-2026-46464
Dell PowerProtect Data Domain contains an improper link resolution before file access vulnerability (CVE-2026-46464) affecting 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70. A high‑privileged, remote attacker could cause information disclosure. Th...
CVE-2026-23853
Dell PowerProtect Data Domain running DD OS Feature Release 7.7.1.0–8.5, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.50 contains a weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this to gain unauthorized access to the system. The ...
CVE-2026-49813
Dell PowerProtect Data Domain is affected (versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70) by an OS command injection vulnerability due to improper neutralization of special elements in commands. The issue can enable arbitrary command executio...
CVE-2026-26944
Dell PowerProtect Data Domain (versions 7.7.1.0–8.6; LTS2025 8.3.1.0–8.3.1.20; LTS2024 7.13.1.0–7.13.1.60) contains a missing authentication for a critical function vulnerability. An unauthenticated attacker with remote access could exploit it to achieve arbitrary command execution with root priv...
CVE-2026-49814
CVE-2026-49814 affects Dell PowerProtect Data Domain, including versions 7.7.1.0–8.7 and several LTS releases (8.6.1.0–8.6.1.10, 8.3.1.0–8.3.1.30, 7.13.1.0–7.13.1.70). The vulnerability is an OS Command Injection due to improper neutralization of special elements, allowing a high-privilege, remot...
CVE-2026-54483
CVE-2026-54483 affects Dell PowerProtect Data Domain: versions 7.7.1.0–8.6, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70. The vulnerability is described as OS command injection caused by improper neutralization of special elements in certain OS commands. A hi...
CVE-2026-41124
CVE-2026-41124 affects Dell PowerProtect Data Domain: 7.7.1.0–8.6, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70. The vulnerability is an Improper limitation of a pathname to a restricted directory (path traversal) that could enable a high-privilege, local att...
CVE-2025-30099
CVE-2025-30099 affects Dell PowerProtect Data Domain with DD OS (Feature Release 7.7.1.0–8.1.0.10; LTS2024 7.13.1.0–7.13.1.25; LTS 2023 7.10.1.0–7.10.1.50) and is due to an Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) in the DDSH CLI. A low-privilege, l...
CVE-2026-24506
Summary (CVE-2026-24506): Dell PowerProtect Data Domain affected releases include 7.7.1.0–8.6, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.60. The issue is an OS command injection in the system that could allow a high-privileged, remote attacker to execute arbitrary commands as root. Th...
CVE-2026-26942
Dell PowerProtect Data Domain versions 8.5–8.6 are affected by CVE-2026-26942, an OS command injection vulnerability caused by improper neutralization of special elements. The issue could allow a high-privileged attacker with remote access to execute arbitrary commands with root privileges. Affec...
CVE-2026-35154
Dell PowerProtect Data Domain appliances (versions 7.7.1.0–8.7.0.0; LTS2025 8.3.1.0–8.3.1.20; LTS2024 7.13.1.0–7.13.1.60) contain an improper privilege management vulnerability in IDRAC. The issue could allow a highly privileged, local attacker to elevate privileges and perform unauthorized delet...
CVE-2026-46465
Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) contains an externally-controlled format string vulnerability. A high-privilege attacker with remote access could exploit this over the network, potentially...
CVE-2026-23777
Dell PowerProtect Data Domain running DD OS Feature Release 7.7.1.0–8.5, LTS2025 8.3.1.0–8.3.1.20, LTS2024 7.13.1.0–7.13.1.50 has an information exposure vulnerability. A low-privileged attacker with remote access could potentially exploit this to access sensitive data. The CVSS 3.1 base score is...
CVE-2026-24505
CVE-2026-24505 affects Dell PowerProtect Data Domain, versions 8.5 through 8.6. The vulnerability stems from improper input validation, potentially allowing a high-privileged attacker with remote access to execute arbitrary commands with root privileges. The available documents do not provide add...
CVE-2026-44269
CVE-2026-44269 affects Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.6; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) and is due to an improper link resolution before file access (link following). A high-privilege attacker with local access could pote...
CVE-2026-46730
CVE-2026-46730 affects Dell PowerProtect Data Domain: versions 7.7.1.0 through 8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70 contain an incorrect authorization vulnerability . A high-privileged attacker with local access could potentially exploit this to ...
CVE-2025-30097
Dell PowerProtect Data Domain running DD OS (Feature Release 7.7.1.0–8.1.0.10; LTS2024 7.13.1.0–7.13.1.25; LTS2023 7.10.1.0–7.10.1.50) is affected by an OS Command Injection in the DDSH CLI. The root cause is improper neutralization of special elements in commands, enabling a high-privileged, loc...
CVE-2026-35073
Dell PowerProtect Data Domain vulnerable in versions 7.7.1.0–8.7.0.0, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.60 due to improper neutralization of special elements used in an OS command injection vulnerability. A high-privilege attacker with local access could potentially execute ar...
CVE-2026-46466
CVE-2026-46466 affects Dell PowerProtect Data Domain: 7.7.1.0–8.7; LTS2026: 8.6.1.0–8.6.1.10; LTS2025: 8.3.1.0–8.3.1.30; LTS2024: 7.13.1.0–7.13.1.70. The issue is a use of less trusted source vulnerability that could be exploited by a high-privileged attacker with remote access to cause informati...
CVE-2026-46467
Dell PowerProtect Data Domain (versions 7.7.1.0–8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) contains an insertion of sensitive information into log files. A low-privileged, local attacker could exploit this to cause information exposure. The CVE is documen...
CVE-2026-53483
Dell PowerProtect Data Domain is affected (versions 7.7.1.0–8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) by an improper authentication vulnerability. An unauthenticated attacker with remote access could exploit this to gain unauthorized access and take comp...
CVE-2026-26354
Dell PowerProtect Data Domain with DD OS Feature Release versions 7.7.1.0–8.6, LTS2025 8.3.1.0–8.3.1.10, and LTS2024 7.13.1.0–7.13.1.60 contains a stack-based Buffer Overflow vulnerability. An unauthenticated, remote attacker could potentially exploit this to achieve arbitrary command execution. ...
CVE-2026-44268
Dell PowerProtect Data Domain (versions 7.7.1.0–8.6, plus LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70) contains an incorrect permission assignment for a critical resource vulnerability. A high-privileged attacker with local access could potentially exploit this ...
CVE-2026-46463
Dell PowerProtect Data Domain vulnerabilities (versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70) contain an integer overflow/wraparound issue. An unauthenticated, remote attacker could potentially exploit this vulnerability to cause a denial of ...
CVE-2026-53481
Dell PowerProtect Data Domain is affected by a Path Traversal vulnerability (CVE-2026-53481) in versions 7.7.1.0–8.7, including LTS2026 (8.6.1.0–8.6.1.10), LTS2025 (8.3.1.0–8.3.1.30), and LTS2024 (7.13.1.0–7.13.1.70). An unauthenticated, remotely accessible attacker could exploit this to gain una...
CVE-2025-30096
Summary (CVE-2025-30096) Dell PowerProtect Data Domain on DD OS is affected by an OS Command Injection in the DDSH CLI. A high-privileged attacker with local access could run arbitrary commands as root. Affected DD OS versions include: Feature Release 7.7.1.0–8.1.0.10; LTS2024 7.13.1.0–7.13.1.25;...
CVE-2026-23776
CVE-2026-23776 affects Dell PowerProtect Data Domain with DD OS Feature Release versions 7.7.1.0–8.5, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.60. It reports an Improper Certificate Validation vulnerability in certificate-based login, enabling a remote attacker with network access an...