CVSS: 7.3EPSS: 0%CPEs: 40EXPL: 0CVE-2022-34405
https://notcve.org/view.php?id=CVE-2022-34405
An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system. Se identificó una vulnerabilidad de control de acceso inadecuado en Realtek audio driver. Un usuario malicioso autenticado local puede potencialmente explotar esta vulnerabilidad esperando a que un administrador inicie la aplicación y se conecte al proceso para elevar los privilegios en el sistema. • https://www.dell.com/support/kbdoc/en-us/000205721/dsa-2022-316-dell-client-security-update-for-a-realtek-high-definition-audio-driver-vulnerability • CWE-285: Improper Authorization •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-23691
https://notcve.org/view.php?id=CVE-2023-23691
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS and DoS. • https://www.dell.com/support/kbdoc/en-us/000207533/dsa-2023-018-dell-emc-powervault-me5-security-update-for-a-client-desync-attack-vulnerability • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23690
https://notcve.org/view.php?id=CVE-2023-23690
Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices. Cloud Mobility for Dell EMC Storage, versiones 1.3.0.X e inferiores, contiene una vulnerabilidad de verificación incorrecta de revocación de certificados. • https://www.dell.com/support/kbdoc/en-us/000207521/dsa-2023-019-dell-emc-cloud-mobility-security-update-for-certificate-revocation-vulnerability • CWE-295: Improper Certificate Validation CWE-299: Improper Check for Certificate Revocation •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2022-45103
https://notcve.org/view.php?id=CVE-2022-45103
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system. Las versiones 9.2.3.x de Dell Unisphere para PowerMax vApp, VASA Provider vApp y Solution Enabler vApp versión 9.2.3.x contienen una vulnerabilidad de divulgación de información. Un atacante remoto con pocos privilegios podría explotar esta vulnerabilidad, lo que llevaría a leer archivos arbitrarios en el sistema de archivos subyacente. • https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34457
https://notcve.org/view.php?id=CVE-2022-34457
Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users. Las versiones 4.8 y anteriores de la aplicación Dell Command | Configure contienen permisos de carpeta inadecuados cuando se instala en una ruta no segura en lugar de la predeterminada. Esta es una vulnerabilidad crítica ya que puede derivar en una escalada de privilegios, permitiendo que usuarios que no son administradores modifiquen los archivos dentro del directorio instalado y pueden hacer que la aplicación no esté disponible para todos los usuarios. • https://www.dell.com/support/kbdoc/000205633 • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •