Security
Headlines
HeadlinesLatestCVEs

Tag

#dell

CVE-2023-28071: DSA-2023-170: Dell Command | Update, Dell Update, and Alienware Update Security Update for an Insecure Operation on Windows Junction / Mount Point vulnerability

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).

CVE
Open in Source
#vulnerability#windows#microsoft#dos#dell
CVE-2023-28064: DSA-2023-174: Dell Client BIOS Security Update for an Out-of-bounds Write Vulnerability

Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.

CVE-2023-32480: DSA-2023-175: Dell Client BIOS Security Update for an Improper Input Validation Vulnerability

Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution.

CVE-2023-28073: DSA-2023-160: Dell Client BIOS Security Update for An Improper Authentication Vulnerability

Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.

CVE-2023-25936: DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVE-2023-32463: DSA-2023-200: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

CVE-2023-32449: DSA-2023-173: Dell PowerStore Family Security Update for Multiple Vulnerabilities

Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks

Experts Uncover Year-Long Cyber Attack on IT Firm Utilizing Custom Malware RDStealer

A highly targeted cyber attack against an East Asian IT company involved the deployment of a custom malware written in Golang called RDStealer. "The operation was active for more than a year with the end goal of compromising credentials and data exfiltration," Bitdefender security researcher Victor Vrabie said in a technical report shared with The Hacker News. Evidence gathered by the Romanian

CVE-2023-34415: Security Vulnerabilities fixed in Firefox 114

When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an "open redirect". Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox < 114.

CVE-2023-32465: DSA-2023-201: Security Update for Dell PowerProtect Cyber Recovery

Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker.