CVE-2023-28063
https://notcve.org/view.php?id=CVE-2023-28063
Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service. El BIOS de Dell contiene una vulnerabilidad de error de conversión de firmado a no firmado. Un usuario malintencionado local autenticado con privilegios de administrador podría explotar esta vulnerabilidad y provocar una denegación de servicio. • https://www.dell.com/support/kbdoc/en-us/000214780/dsa-2023-176-dell-client-bios-security-update-for-a-signed-to-unsigned-conversion-error-vulnerability • CWE-195: Signed to Unsigned Conversion Error CWE-681: Incorrect Conversion between Numeric Types •
CVE-2023-32453
https://notcve.org/view.php?id=CVE-2023-32453
Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator. • https://www.dell.com/support/kbdoc/en-us/000215217/dsa-2023-190-dell-client-bios • CWE-287: Improper Authentication •
CVE-2023-28075
https://notcve.org/view.php?id=CVE-2023-28075
Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system. • https://www.dell.com/support/kbdoc/en-us/000212817/dsa-2023-152-security-update-for-a-dell-client-bios-vulnerability • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2023-28058
https://notcve.org/view.php?id=CVE-2023-28058
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. • https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities • CWE-20: Improper Input Validation •
CVE-2023-28050
https://notcve.org/view.php?id=CVE-2023-28050
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. • https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities • CWE-20: Improper Input Validation •