Page 7 of 46 results (0.019 seconds)

CVSS: 6.8EPSS: 0%CPEs: 316EXPL: 0

Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces. • https://www.dell.com/support/kbdoc/en-us/000205719/dsa-2022-325 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 8.8EPSS: 0%CPEs: 166EXPL: 0

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000205716 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 5.6EPSS: 0%CPEs: 378EXPL: 0

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable. • https://www.dell.com/support/kbdoc/en-us/000205717/dsa-2022-326 • CWE-20: Improper Input Validation •

CVSS: 7.1EPSS: 0%CPEs: 166EXPL: 0

Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM. • https://www.dell.com/support/kbdoc/en-us/000205716/dsa-2022-327 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.9EPSS: 0%CPEs: 800EXPL: 0

Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM. Las versiones de la BIOS de Dell contienen una vulnerabilidad de optimización automática no segura. Un usuario malicioso autenticado localmente podría explotar esta vulnerabilidad mediante el envío de entradas maliciosas por medio de SMI para obtener una ejecución de código arbitrario durante SMM. • https://www.dell.com/support/kbdoc/000202194 • CWE-1038: Insecure Automated Optimizations •