CVE-2023-28063
https://notcve.org/view.php?id=CVE-2023-28063
Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service. El BIOS de Dell contiene una vulnerabilidad de error de conversión de firmado a no firmado. Un usuario malintencionado local autenticado con privilegios de administrador podría explotar esta vulnerabilidad y provocar una denegación de servicio. • https://www.dell.com/support/kbdoc/en-us/000214780/dsa-2023-176-dell-client-bios-security-update-for-a-signed-to-unsigned-conversion-error-vulnerability • CWE-195: Signed to Unsigned Conversion Error CWE-681: Incorrect Conversion between Numeric Types •
CVE-2023-32453
https://notcve.org/view.php?id=CVE-2023-32453
Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator. • https://www.dell.com/support/kbdoc/en-us/000215217/dsa-2023-190-dell-client-bios • CWE-287: Improper Authentication •
CVE-2023-28075
https://notcve.org/view.php?id=CVE-2023-28075
Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system. • https://www.dell.com/support/kbdoc/en-us/000212817/dsa-2023-152-security-update-for-a-dell-client-bios-vulnerability • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2023-32447
https://notcve.org/view.php?id=CVE-2023-32447
Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. • https://www.dell.com/support/kbdoc/en-us/000215864/dsa-2023-247 • CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •
CVE-2023-32446
https://notcve.org/view.php?id=CVE-2023-32446
Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files. • https://www.dell.com/support/kbdoc/en-us/000215864/dsa-2023-247 • CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •