Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-28046: DSA-2023-123: Dell Display Manager Security Update for Arbitrary File or Folder Creation/Deletion Vulnerabilities

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges.

CVE
#vulnerability#dell

Vaikutus

High

Tiedot

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen

CVE(s) Addressed

Product

Affected Version(s)

Updated Version(s)

Link to Update

CVE-2023-28047

Dell Display Manager

2.1.0 and prior

2.1.1

Support for Dell Display Manager 2.x | Drivers & Downloads

CVE-2023-28046

Dell Display Manager

2.1.0 and prior

2.1.1

Support for Dell Display Manager 2.x | Drivers & Downloads

CVE(s) Addressed

Product

Affected Version(s)

Updated Version(s)

Link to Update

CVE-2023-28047

Dell Display Manager

2.1.0 and prior

2.1.1

Support for Dell Display Manager 2.x | Drivers & Downloads

CVE-2023-28046

Dell Display Manager

2.1.0 and prior

2.1.1

Support for Dell Display Manager 2.x | Drivers & Downloads

Keinoja ongelman kiertämiseen tai lieventämiseen

None.

Kiitokset

Acknowledgements: Dell would like to thank Marius Gabriel Mihai for reporting these issues.

Versiohistoria

Revision

Date

Description

1.0

2023-04-04

Initial Release

Asiaan liittyvät tiedot

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

04 huhtik. 2023

Related news

CVE-2023-28047: DSA-2023-123: Dell Display Manager Security Update for Arbitrary File or Folder Creation/Deletion Vulnerabilities

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907