CVE-2022-34396
https://notcve.org/view.php?id=CVE-2022-34396
Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise. • https://www.dell.com/support/kbdoc/en-us/000206609/dsa-2022-321-dell-openmanage-server-administrator-omsa-security-update-for-dll-injection-vulnerability • CWE-427: Uncontrolled Search Path Element •
CVE-2022-34403
https://notcve.org/view.php?id=CVE-2022-34403
Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000205716 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-32482
https://notcve.org/view.php?id=CVE-2022-32482
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable. • https://www.dell.com/support/kbdoc/en-us/000205717/dsa-2022-326 • CWE-20: Improper Input Validation •
CVE-2022-45102
https://notcve.org/view.php?id=CVE-2022-45102
Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web cache or trigger redirections. • https://www.dell.com/support/kbdoc/en-us/000206329/dsa-2022-348-dell-emc-data-protection-central-security-update-for-proprietary-code-vulnerability • CWE-116: Improper Encoding or Escaping of Output CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax •
CVE-2022-45100
https://notcve.org/view.php?id=CVE-2022-45100
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system. • https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities • CWE-295: Improper Certificate Validation •