46 results (0.016 seconds)

CVSS: 6.7EPSS: 0%CPEs: 26EXPL: 0

Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system. Dell BIOS contiene una vulnerabilidad de validación de entrada incorrecta. Un usuario malicioso local con altos privilegios podría explotar esta vulnerabilidad para dañar la memoria del sistema. • https://www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342 • CWE-20: Improper Input Validation •

CVSS: 4.6EPSS: 0%CPEs: 222EXPL: 0

Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator. • https://www.dell.com/support/kbdoc/en-us/000215217/dsa-2023-190-dell-client-bios • CWE-287: Improper Authentication •

CVSS: 6.9EPSS: 0%CPEs: 490EXPL: 0

Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system. • https://www.dell.com/support/kbdoc/en-us/000212817/dsa-2023-152-security-update-for-a-dell-client-bios-vulnerability • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 4.6EPSS: 0%CPEs: 140EXPL: 0

Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service. • https://www.dell.com/support/kbdoc/en-us/000214778/dsa-2023-174-dell-client-bios-security-update-for-an-out-of-bounds-write-vulnerability • CWE-787: Out-of-bounds Write •

CVSS: 6.8EPSS: 0%CPEs: 62EXPL: 0

Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution. • https://www.dell.com/support/kbdoc/en-us/000214779/dsa-2023-175-dell-client-bios-security-update-for-an-improper-input-validation-vulnerability • CWE-20: Improper Input Validation •