CVSS: 6.8EPSS: 0%CPEs: 316EXPL: 0CVE-2022-24410
https://notcve.org/view.php?id=CVE-2022-24410
10 Feb 2023 — Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces. • https://www.dell.com/support/kbdoc/en-us/000205719/dsa-2022-325 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 166EXPL: 0CVE-2022-34403
https://notcve.org/view.php?id=CVE-2022-34403
01 Feb 2023 — Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000205716 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 166EXPL: 0CVE-2022-34400
https://notcve.org/view.php?id=CVE-2022-34400
01 Feb 2023 — Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM. • https://www.dell.com/support/kbdoc/en-us/000205716/dsa-2022-327 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.1EPSS: 0%CPEs: 30EXPL: 0CVE-2022-34399
https://notcve.org/view.php?id=CVE-2022-34399
18 Jan 2023 — Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM. Las versiones de BIOS Dell Alienware m17 R5 anteriores a 1.2.2 contienen una vulnerabilidad de acceso al búfer. Un usuario malintencionado con privilegios de administrador podría explotar esta vulnerabilidad enviando entradas mayores a las esperadas para fi... • https://www.dell.com/support/kbdoc/en-us/000205329/dsa-2022-317-dell-client-security-update-for-dell-client-bios • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-34401
https://notcve.org/view.php?id=CVE-2022-34401
18 Jan 2023 — Dell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM. Dell BIOS contiene una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria. Un usuario malicioso autenticado local puede explotar esta vulnerabilidad utilizando un SMI para enviar una entrada mayor a la esperada a un parámetro ... • https://www.dell.com/support/kbdoc/000204679 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 68EXPL: 0CVE-2022-26864
https://notcve.org/view.php?id=CVE-2022-26864
23 Jun 2022 — Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM. Las versiones anteriores de Dell BIOS contienen una vulnerabilidad de comprobación de entrada. Un usuario malicioso autenticado localmente podría explotar esta vulnerabilidad mediante el envío de entradas maliciosas a un SMI para omitir los controles de seguridad en el SMM • https://www.dell.com/support/kbdoc/en-us/000200568/dsa-2022-096 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 68EXPL: 0CVE-2022-26863
https://notcve.org/view.php?id=CVE-2022-26863
23 Jun 2022 — Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM. Las versiones anteriores de Dell BIOS contienen una vulnerabilidad de comprobación de entrada. Un usuario malicioso autenticado localmente podría explotar esta vulnerabilidad mediante el envío de entradas maliciosas a un SMI para omitir los controles de seguridad en SMM • https://www.dell.com/support/kbdoc/en-us/000200568/dsa-2022-096 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 68EXPL: 0CVE-2022-26862
https://notcve.org/view.php?id=CVE-2022-26862
23 Jun 2022 — Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM. Las versiones anteriores de Dell BIOS contienen una vulnerabilidad de comprobación de entradas. Un usuario malicioso autenticado localmente podría explotar esta vulnerabilidad mediante el envío de información maliciosa a un SMI para omitir los controles de seguridad de SMM • https://www.dell.com/support/kbdoc/en-us/000200568/dsa-2022-096 • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 0%CPEs: 92EXPL: 0CVE-2022-24421
https://notcve.org/view.php?id=CVE-2022-24421
11 Mar 2022 — Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. Dell BIOS contiene una vulnerabilidad de comprobación de entrada inapropiada. Un usuario malicioso autenticado localmente podría explotar esta vulnerabilidad al usar un SMI para conseguir una ejecución de código arbitrario durante el SMM • https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.2EPSS: 0%CPEs: 92EXPL: 0CVE-2022-24420
https://notcve.org/view.php?id=CVE-2022-24420
11 Mar 2022 — Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. Dell BIOS contiene una vulnerabilidad de comprobación de entrada inapropiada. Un usuario malicioso autenticado localmente puede explotar potencialmente esta vulnerabilidad al usar un SMI para conseguir una ejecución de código arbitrario durante el SMM • https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •