Page 7 of 44 results (0.008 seconds)

CVSS: 8.8EPSS: 0%CPEs: 166EXPL: 0

CVE-2022-34403

https://notcve.org/view.php?id=CVE-2022-34403

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000205716 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 5.6EPSS: 0%CPEs: 378EXPL: 0

CVE-2022-32482

https://notcve.org/view.php?id=CVE-2022-32482

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable. • https://www.dell.com/support/kbdoc/en-us/000205717/dsa-2022-326 • CWE-20: Improper Input Validation •

CVSS: 7.1EPSS: 0%CPEs: 166EXPL: 0

CVE-2022-34400

https://notcve.org/view.php?id=CVE-2022-34400

Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM. • https://www.dell.com/support/kbdoc/en-us/000205716/dsa-2022-327 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.3EPSS: 0%CPEs: 40EXPL: 0

CVE-2022-34405

https://notcve.org/view.php?id=CVE-2022-34405

An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system. Se identificó una vulnerabilidad de control de acceso inadecuado en Realtek audio driver. Un usuario malicioso autenticado local puede potencialmente explotar esta vulnerabilidad esperando a que un administrador inicie la aplicación y se conecte al proceso para elevar los privilegios en el sistema. • https://www.dell.com/support/kbdoc/en-us/000205721/dsa-2022-316-dell-client-security-update-for-a-realtek-high-definition-audio-driver-vulnerability • CWE-285: Improper Authorization •

CVSS: 7.9EPSS: 0%CPEs: 800EXPL: 0

CVE-2022-26861

https://notcve.org/view.php?id=CVE-2022-26861

Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM. Las versiones de la BIOS de Dell contienen una vulnerabilidad de optimización automática no segura. Un usuario malicioso autenticado localmente podría explotar esta vulnerabilidad mediante el envío de entradas maliciosas por medio de SMI para obtener una ejecución de código arbitrario durante SMM. • https://www.dell.com/support/kbdoc/000202194 • CWE-1038: Insecure Automated Optimizations •