CVSS: 7.5EPSS: 0%CPEs: 170EXPL: 0CVE-2021-36283
https://notcve.org/view.php?id=CVE-2021-36283
28 Sep 2021 — Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. Dell BIOS contiene una vulnerabilidad de comprobación de entrada inapropiada. Un usuario malicioso autenticado localmente podría explotar esta vulnerabilidad usando un SMI para conseguir una ejecución de código arbitrario en la SMRAM • https://www.dell.com/support/kbdoc/000191495 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 256EXPL: 0CVE-2021-21574
https://notcve.org/view.php?id=CVE-2021-21574
24 Jun 2021 — Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions. La funcionalidad Dell BIOSConnect contiene una vulnerabilidad de desbordamiento de búfer. Un usuario administrador malicioso y autenticado con acceso local al sistema puede explotar esta vulnerabilidad para ejecutar código arbitrario y omitir las restricciones de UEFI • https://www.dell.com/support/kbdoc/en-us/000188682 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 256EXPL: 0CVE-2021-21573
https://notcve.org/view.php?id=CVE-2021-21573
24 Jun 2021 — Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions. La funcionalidad Dell BIOSConnect contiene una vulnerabilidad de desbordamiento del búfer. Un usuario administrador malicioso autenticado con acceso local al sistema puede explotar esta vulnerabilidad para ejecutar código arbitrario y omitir las restricciones de la UEFI • https://www.dell.com/support/kbdoc/en-us/000188682 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 256EXPL: 0CVE-2021-21572
https://notcve.org/view.php?id=CVE-2021-21572
24 Jun 2021 — Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions. La funcionalidad Dell BIOSConnect contiene una vulnerabilidad de desbordamiento del búfer. Un usuario administrador malicioso autenticado con acceso local al sistema puede explotar potencialmente esta vulnerabilidad para ejecutar código arbitrario y omitir las restricciones de la... • https://www.dell.com/support/kbdoc/en-us/000188682 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 256EXPL: 0CVE-2021-21571
https://notcve.org/view.php?id=CVE-2021-21571
24 Jun 2021 — Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering. La pila https de la UEFI de Dell aprovechada por la funcionalidad Dell BIOSConnect y la funcionalidad Dell HTTPS Boot contiene una vulnerabilidad de combrobación de certificados inapropiada. Un ... • https://www.dell.com/support/kbdoc/en-us/000188682 • CWE-295: Improper Certificate Validation •
CVSS: 8.6EPSS: 0%CPEs: 36EXPL: 0CVE-2020-5363
https://notcve.org/view.php?id=CVE-2020-5363
10 Jun 2020 — Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive. Plataformas Select Dell Client Consumer and Commercial, incluyen un problema que permite cambiar la contraseña de ... • https://www.dell.com/support/article/SLN321604 • CWE-158: Improper Neutralization of Null Byte or NUL Character •