CVE-2023-32480
https://notcve.org/view.php?id=CVE-2023-32480
Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution. • https://www.dell.com/support/kbdoc/en-us/000214779/dsa-2023-175-dell-client-bios-security-update-for-an-improper-input-validation-vulnerability • CWE-20: Improper Input Validation •
CVE-2023-28073
https://notcve.org/view.php?id=CVE-2023-28073
Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system. • https://www.dell.com/support/kbdoc/en-us/000213032/dsa-2023-160-dell-client • CWE-287: Improper Authentication •
CVE-2023-28071
https://notcve.org/view.php?id=CVE-2023-28071
Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS). • https://www.dell.com/support/kbdoc/en-us/000213546/dsa-2023-170-dell-command-update • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-1386: Insecure Operation on Windows Junction / Mount Point •
CVE-2023-28058
https://notcve.org/view.php?id=CVE-2023-28058
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. • https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities • CWE-20: Improper Input Validation •
CVE-2023-28050
https://notcve.org/view.php?id=CVE-2023-28050
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. • https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities • CWE-20: Improper Input Validation •