53 matches found
CVE-2025-22398
Dell Unity OS (version 5.4 and earlier) contains an OS Command Injection vulnerability that allows an unauthenticated attacker with remote access to execute arbitrary commands as root, potentially taking control of the system. Affected component is the OS command handling in Dell Unity software; ...
CVE-2025-24386
Dell Unity OS Command Injection (CVE-2025-24386) affects Dell Unity versions 5.4 and earlier. The issue is an improper neutralization of special elements in OS commands, enabling a low-privileged, locally authenticated attacker to execute arbitrary commands and escalate privileges. Connected advi...
CVE-2021-21547
Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 expose Unisphere Administrator credentials in plain text when the Dell Upgrade Readiness Utility runs. The vulnerability is local: a high-privilege attacker could use the exposed password to access the system with the compromi...
CVE-2022-29085
CVE-2022-29085 affects Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173. The issue is a plain-text password storage vulnerability in which credentials of a high-privilege user are stored in plain text when certain off-array tools run on the system. A local high-privile...
CVE-2022-29084
Dell Unity family (Dell Unity, Dell UnityVSA, Dell Unity XT) versions before 5.2.0.0.5.173 are affected. The issue is that Unisphere GUI does not limit excessive authentication attempts, enabling a remote unauthenticated attacker to brute-force passwords and potentially take over accounts. Affect...
CVE-2022-29091
Summary: CVE-2022-29091 affects Dell Unity, Dell UnityVSA, and Dell UnityXT versions before 5.2.0.0.5.173. A Reflected Cross-Site Scripting vulnerability exists in the Unisphere GUI, enabling an unauthenticated remote attacker to trigger execution of malicious HTML/JavaScript in the victim’s brow...
CVE-2025-24381
Dell Unity (Dell EMC) affected versions: 5.4 and prior. Issue: URL Redirection to an Untrusted Site (Open Redirect) that can be exploited by an unauthenticated attacker with remote access to redirect a targeted application user to arbitrary URLs. Potential impact per sources includes phishing to ...
CVE-2025-24379
Dell Unity OS Command Injection (CVE-2025-24379) affects Dell Unity versions 5.4 and earlier. The root cause is an Improper Neutralization of Special Elements used in an OS Command, enabling a low-privileged local attacker to achieve command execution and privilege elevation. The connected docume...
CVE-2025-24385
Summary of CVE-2025-24385 (Dell Unity OS command injection) : Dell Unity versions 5.4 and prior are affected by an OS Command Injection vulnerability caused by improper neutralization of special elements in OS commands. A low-privileged attacker with local access could potentially exploit this to...
CVE-2025-24377
Dell Unity OS Command Injection (CVE-2025-24377) affects Dell Unity versions 5.4 and earlier. The root cause is Improper Neutralization of Special Elements used in an OS Command. A low-privileged attacker with local access could exploit this to achieve code execution and privilege escalation. The...
CVE-2025-23383
Dell Unity (Dell Unity OS) vulnerability CVE-2025-23383 affects Dell Unity versions 5.4 and earlier. The issue is an OS Command Injection caused by improper neutralization of special elements in command processing. Exploitation would require local, low-privilege access and could lead to command e...
CVE-2025-24380
Dell Unity OS Command Injection (CVE-2025-24380) affects Dell Unity, 5.4 and earlier. The root cause is Improper Neutralization of Special Elements used in an OS Command. A low-privileged, locally authenticated attacker could execute arbitrary OS commands, leading to code execution and privilege ...
CVE-2025-24383
Dell Unity OS Command Injection (CVE-2025-24383) affects Dell Unity software 5.4 and earlier. An unauthenticated, remotely accessible attacker can exploit an improper neutralization of special elements in OS commands to delete arbitrary files, including critical system files. Multiple sources (CV...
CVE-2023-43067
Dell Unity prior to 5.3 contains an XML External Entity (XXE) vulnerability that could disclose local filesystem files via an XXE attack. Affected product: Dell Unity storage environments; affected version range is prior to 5.3. Root cause: XXE in XML parsing. Impact stated in sources includes ex...
CVE-2024-22228
Dell Unity (prep 5.4) contains an OS command injection in the svc_cifssupport utility. An authenticated, local attacker could escape the restricted shell and run arbitrary OS commands with root privileges. Affected software: Dell Unity versions prior to 5.4. Root cause: lack of safeguards to neut...
CVE-2024-0167
Dell Unity (unified hybrid storage array) is affected by CVE-2024-0167 prior to version 5.4. The vulnerability is an OS command injection in the svc_topstats utility that an authenticated, local attacker can exploit to overwrite arbitrary files on the filesystem with root privileges. Impact is hi...
CVE-2024-49565
Dell Unity is affected by CVE-2024-49565: versions 5.4 and earlier suffer an OS Command Injection due to improper neutralization of special elements. A low-privileged attacker with local access could potentially execute arbitrary OS commands and achieve privilege escalation. Multiple connected so...
CVE-2024-49563
Dell Unity is affected by CVE-2024-49563: OS Command Injection in Dell Unity versions 5.4 and earlier, permitting a local low-privilege attacker to run arbitrary OS commands with root privileges and elevate privileges. The PT-2025-13415 entry confirms affected versions and notes no information ab...
CVE-2024-22222
CVE-2024-22222 affects Dell Unity prior to 5.4. The vulnerability is an OS Command Injection in the svc_udoctor utility. An authenticated attacker with local access could run arbitrary commands on the underlying OS with the vulnerable application’s privileges, enabling high-impact access (as desc...
CVE-2025-24378
Summary: Dell Unity 5.4 and earlier are affected by an OS command injection vulnerability. The issue arises from improper neutralization of elements in OS commands, enabling a low-privileged, locally authenticated attacker to potentially achieve command execution and privilege escalation. Affecte...
CVE-2024-22224
CVE-2024-22224 affects Dell Unity prior to 5.4. The vulnerability is an OS command injection in the svc_nas utility that, if exploited by an authenticated, locally-present attacker, could escape the restricted shell and execute arbitrary OS commands with root privileges . Documented exploit detai...
CVE-2024-22223
Dell Unity (hardware/software line) is affected by CVE-2024-22223, a local OS command injection in the svc_cbr utility for versions prior to 5.4. An authenticated attacker with local access could execute arbitrary OS commands with the privileges of the vulnerable application. The vulnerability st...
CVE-2025-24382
CVE-2025-24382 (Dell Unity) affects Dell Unity versions 5.4 and earlier. The root cause is an improper neutralization of special elements used in OS commands (OS Command Injection) that allows an unauthenticated, remote attacker to execute arbitrary OS commands on the affected system. The practic...
CVE-2023-43066
Dell Unity CVE-2023-43066 affects versions prior to 5.3. This is a Restricted Shell Bypass vulnerability that enables an authenticated, local attacker to exploit by logging into the device CLI and issuing certain commands. Impact is described as high for confidentiality, integrity, and availabili...
CVE-2024-0168
CVE-2024-0168 affects Dell Unity prior to 5.4, with a vulnerability in the svc_oscheck utility that allows an authenticated attacker to inject and execute OS commands with root privileges. The root cause is inadequate neutralization of input/command elements in the utility, resulting in a local c...
CVE-2024-22229
Dell Unity prior to version 5.4 is affected by a vulnerability that allows an authenticated attacker to spoof log messages, enabling forging of entries, false alarms, and injection of content into logs, potentially compromising log integrity. The attacker can also prevent logging during malicious...
CVE-2023-43065
Dell Unity prior to version 5.3 contains a cross-site scripting (XSS) vulnerability that can be exploited by a low-privileged authenticated attacker to escalate privileges. Affected product: Dell Unity. Root cause and technical details are not fully disclosed in the provided documents, but multip...
CVE-2024-22221
Dell Unity prior to version 5.4 contains a SQL Injection vulnerability in its operating environment (notably via the svc_cava utility) that can be exploited by an authenticated attacker to disclose sensitive information. The issue stems from insufficient protection of the SQL query structure, ena...
CVE-2023-43082
Dell Unity prior to 5.3 is affected by a man-in-the-middle vulnerability in the vmadapter component. An attacker who obtains a CA-signed certificate from a trusted CA could spoof the vCenter CA, enabling potential credential or trust abuses. Affected product/version: Dell Unity prior to 5.3; vuln...
CVE-2024-0166
Dell Unity contains an OS Command Injection in the svc_tcpdump utility for versions prior to 5.4. An authenticated, local attacker can exploit this to execute arbitrary OS commands with elevated privileges. The underlying issue is command parsing/input handling in svc_tcpdump, enabling command ex...
CVE-2024-49564
Dell Unity is affected in CVE-2024-49564: versions 5.4 and earlier suffer OS Command Injection due to improper neutralization of special elements. A local, low-privileged attacker could run arbitrary OS commands with root privileges, elevating access. No explicit fix version is provided across th...
CVE-2024-22227
Dell Unity is affected by an OS Command Injection vulnerability in the svc_dc utility for versions prior to 5.4. An authenticated, local attacker could execute commands with root privileges due to improper handling in the utility. Affected component: svc_dc (Dell Unity Operating Environment). Imp...
CVE-2024-49601
Dell Unity (version 5.4 and prior) is affected by an OS Command Injection vulnerability due to improper neutralization of special elements. An unauthenticated, remote attacker could potentially execute arbitrary commands. The connected PT-2025-13422 entry notes that, as of now, there is no inform...
CVE-2024-22226
Dell Unity prior to version 5.4 contains a path traversal vulnerability in the svc_supportassist utility. An authenticated attacker could exploit this to gain unauthorized write access to server filesystem with elevated privileges. Affected product/version: Dell Unity, before 5.4; Root cause: pat...
CVE-2023-43074
Dell Unity 5.3 is affected by an Arbitrary File Creation vulnerability. The root cause is a flaw that allows a remote unauthenticated attacker to craft arbitrary files via a request to the server, enabling potential file creation on the appliance. The issue is actionable with the information prov...
CVE-2024-0170
Dell Unity firmware vulnerability CVE-2024-0170 affects versions prior to 5.4. The root cause is an OS command injection in the svc_cava utility that could be exploited by an authenticated local attacker to escape the restricted shell and run arbitrary OS commands with root privileges. Impact is ...
CVE-2024-0165
Summary (CVE-2024-0165): Dell Unity before 5.4 contains an OS Command Injection in the svc_acldb_dump utility. An authenticated attacker could exploit this to execute arbitrary OS commands with root privileges. The vulnerability is documented across multiple sources (CNVD/CNNVD/PT security notes,...
CVE-2024-0169
Dell Unity prior to v5.4 contains an input handling flaw in web page generation that enables cross-site scripting (XSS). A low-privilege, remote attacker could exploit this to exfiltrate information (cookie-based credentials). Affected: Dell Unity 5.3 and earlier. Remediation: upgrade to 5.4+ per...
CVE-2024-22230
Dell Unity contains a Cross-site Scripting (XSS) vulnerability in versions prior to 5.4. The issue arises from inadequate protection of the web page structure, allowing an authenticated attacker to steal session information, masquerade as the affected user, perform actions the user can, or genera...
CVE-2026-21418
CVE-2026-21418 affects Dell Unity prior to 5.5.3 (Dell Unity, Dell UnityVSA, and Dell Unity XT as indicated). The vulnerability is an OS Command Injection due to improper neutralization of special elements, allowing a low-privilege, local attacker to potentially run arbitrary commands with root p...
CVE-2024-0164
Dell Unity is affected by an OS command injection in the svc_topstats utility of the Dell Unity OS, prior to version 5.4 . The root cause is an injection vulnerability that allows an authenticated attacker to execute arbitrary commands with elevated privileges, leading to a high-impact, local com...
CVE-2024-22225
Dell Unity is affected by CVE-2024-22225 in versions prior to 5.4, where the svc_supportassist utility allows OS command injection. An authenticated, local attacker could execute arbitrary commands with root privileges; CVSSv3.1 score 7.8 (HIGH) with local access, low attack complexity and no use...
CVE-2025-36604
Summary (CVE-2025-36604) Dell UnityVSA prior to 5.5.1 is affected by an unauthenticated remote OS command injection vulnerability. The Nuclei template and associated notes describe a pre-auth command execution path affecting Dell UnityVSA
CVE-2025-36606
Dell Unity (5.5 and earlier) has an OS Command Injection in the svc_nfssupport utility. The authenticated attacker could escape the restricted shell and execute arbitrary root commands via crafted input that bypasses filtering of special characters in the svc_nfssupport command. Impact is arbitra...
CVE-2025-36605
Dell Unity is affected by a Cross-site Scripting (CWE-79) vulnerability in version 5.5 and earlier, due to improper input neutralization during web page generation. An unauthenticated attacker with remote access could execute arbitrary HTML/JavaScript in a victim’s browser, potentially leading to...
CVE-2025-36607
Dell Unity, versions 5.5 and prior, contain an OS Command Injection in the svc_nas utility. An authenticated attacker could escape the restricted shell and execute arbitrary OS commands with root privileges. Connected sources confirm the affected component and root cause, but do not provide a con...
CVE-2025-43939
CVE-2025-43939 affects Dell Unity (versions 5.4 and prior). The issue is an OS Command Injection due to improper neutralization of special elements in command handling, enabling a local, low-privileged attacker to execute commands and achieve privilege elevation. Remediation per connected sources...
CVE-2026-22277
Dell UnityVSA (version 5.4 and prior) contains an OS Command Injection due to improper neutralization of special elements. A low-privilege attacker with local access could potentially achieve arbitrary command execution with root privileges. No exploitation details or fixes are provided in the li...
CVE-2025-46423
CVE-2025-46423: Dell Unity OS (version 5.5 and earlier) contains an OS Command Injection due to improper neutralization of special elements in commands. A low-privileged attacker with local access could potentially execute arbitrary commands with root privileges. Affected product/versions: Dell U...
CVE-2025-46422
CVE-2025-46422 affects Dell Unity OS, with Dell Unity, version 5.5 and earlier, vulnerable to an OS Command Injection due to improper neutralization of special elements. A low-privileged, locally authenticated attacker can exploit this to run arbitrary commands with root privileges. Multiple sour...