12 matches found
CVE-2017-4983
CVE-2017-4983 affects EMC Data Domain OS 5.2–5.7 (before 5.7.3.0) and 6.0 (before 6.0.1.0). The issue is described as a privilege-escalation vulnerability that could allow a local attacker to compromise the affected system. The connected sources confirm the affected versions and the potential imp...
CVE-2023-23692
CVE-2023-23692 affects Dell PowerProtect Data Domain (DDOS) prior to version 7.9, where an OS command injection vulnerability could allow an authenticated non-admin attacker to run arbitrary OS commands on the underlying system with the vulnerable app’s privileges. The available sources confirm t...
CVE-2016-8216
EMC Data Domain OS (DD OS) exposes a local command injection vulnerability tracked as CVE-2016-8216. Affected are DD OS 5.4 across all versions, 5.5 family prior to 5.5.5.0, 5.6 family prior to 5.6.2.0, and 5.7 family prior to 5.7.2.10. The issue allows a local attacker to bypass the Data Domain ...
CVE-2016-0912
The CVE affects EMC Data Domain OS 5.4–5.7 prior to 5.7.2.0. A remote authenticated attacker can bypass password-change restrictions by: (1) accessing another account with the same role as the target, or (2) using an active session on an unattended workstation. Root cause is improper enforcement ...
CVE-2016-0911
CVE-2016-0911 affects EMC Data Domain OS 5.4–5.7 prior to 5.7.2.0. The issue is a default no_root_squash setting on NFS exports that can let a client with root privileges access the filesystem, potentially elevating privileges. Affected component: NFS export configuration; underlying cause: defau...
CVE-2023-44285
Dell PowerProtect DD is affected by an improper access control vulnerability that enables local privilege escalation by a low-privilege user. Affected software includes PowerProtect DD versions prior to 7.13.0.10, LTS releases prior to 7.7.5.25 and 7.10.1.15, and the 6.2.1.110 baseline. The issue...
CVE-2023-44277
Dell PowerProtect DD contains an OS command injection vulnerability in the CLI. A local, low-privileged attacker could execute arbitrary OS commands on the underlying OS with the vulnerable service’s privileges, potentially leading to a full system takeover. Affected versions include prior to 7.1...
CVE-2023-44279
Dell PowerProtect DD is affected by an OS command injection in the administrator CLI. The vulnerability impacts DD versions prior to 7.13.0.10, LTS versions prior to 7.7.5.25 and 7.10.1.15, and version 6.2.1.110. The underlying issue is the failure to properly filter construct command characters,...
CVE-2023-44286
Dell PowerProtect DD is affected by a DOM-based Cross-Site Scripting vulnerability (CVE-2023-44286) in multiple versions: pre-7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, and 6.2.1.110. The root cause is a DOM-based XSS that allows a remote unauthenticated attacker to inject malicious HTML/JavaScript ...
CVE-2023-44284
Dell PowerProtect DD is affected by an SQL injection in versions prior to 7.13.0.10, with LTS 7.7.5.25, LTS 7.10.1.15, and 6.2.1.110 also impacted. The issue allows a remote, low-privilege attacker to cause the execution of SQL commands on the backend database, resulting in unauthorized read acce...
CVE-2023-48667
Dell PowerProtect DD is affected by an OS command injection vulnerability in the administrator CLI. A remote high-privilege attacker could execute arbitrary OS commands on the underlying OS, potentially taking over the system. Affected versions include pre-7.13.0.10, LTS pre-7.7.5.25, LTS pre-7.1...
CVE-2023-44278
Dell PowerProtect DD is affected by a path traversal vulnerability (CVE-2023-44278) affecting versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, and 6.2.1.110. The root cause is a path traversal flaw that could allow a local, highly privileged attacker to read and write OS files on the ser...