CVE-2023-28052
https://notcve.org/view.php?id=CVE-2023-28052
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. • https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities • CWE-20: Improper Input Validation •
CVE-2023-25936
https://notcve.org/view.php?id=CVE-2023-25936
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. • https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities • CWE-20: Improper Input Validation •
CVE-2022-24410
https://notcve.org/view.php?id=CVE-2022-24410
Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces. • https://www.dell.com/support/kbdoc/en-us/000205719/dsa-2022-325 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVE-2022-34398
https://notcve.org/view.php?id=CVE-2022-34398
Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system. • https://www.dell.com/support/kbdoc/000206038 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2022-34405
https://notcve.org/view.php?id=CVE-2022-34405
An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system. Se identificó una vulnerabilidad de control de acceso inadecuado en Realtek audio driver. Un usuario malicioso autenticado local puede potencialmente explotar esta vulnerabilidad esperando a que un administrador inicie la aplicación y se conecte al proceso para elevar los privilegios en el sistema. • https://www.dell.com/support/kbdoc/en-us/000205721/dsa-2022-316-dell-client-security-update-for-a-realtek-high-definition-audio-driver-vulnerability • CWE-285: Improper Authorization •