CVE-2023-23698
https://notcve.org/view.php?id=CVE-2023-23698
Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete. • https://www.dell.com/support/kbdoc/en-us/000208038/dsa-2023-031 • CWE-1386: Insecure Operation on Windows Junction / Mount Point •
CVE-2022-24410
https://notcve.org/view.php?id=CVE-2022-24410
Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces. • https://www.dell.com/support/kbdoc/en-us/000205719/dsa-2022-325 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVE-2022-34454
https://notcve.org/view.php?id=CVE-2022-34454
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters. • https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-34452
https://notcve.org/view.php?id=CVE-2022-34452
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs. • https://www.dell.com/support/kbdoc/en-us/000205404/dsa-2022-283-powerpath-management-appliance-security-update-for-multiple-security-vulnerabilities • CWE-598: Use of GET Request Method With Sensitive Query Strings CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2023-23696
https://notcve.org/view.php?id=CVE-2023-23696
Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system. • https://www.dell.com/support/kbdoc/en-us/000208331/dsa-2023-029-dell-command-intel-vpro-out-of-band-security-update-for-an-improper-authorization-vulnerability • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •