Security
Headlines
HeadlinesLatestCVEs

Tag

#dell

CVE-2022-26861: DSA-2022-224: Dell Client Security Update for Dell Client BIOS

Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM.

CVE
Open in Source
#vulnerability#ios#bios#buffer_overflow#auth#dell
Cymulate Raises $70M Series D Funding for Continuous Security Posture Testing

Investor participation from prior round demonstrates confidence in the company's current and future performance.

CVE-2022-34382: DSA-2022-217: Dell Command | Update and Dell Update/Alienware Update Security Update for a Local Privilege Escalation Vulnerability

Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges.

CVE-2022-34378: DSA-2022-172: Dell PowerScale OneFS Security Update for Multiple Vulnerabilities

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service.

Ubuntu Security Notice USN-5591-3

Ubuntu Security Notice 5591-3 - It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

CVE-2022-34372: DSA-2022-196: Dell Cyber Recovery Security Update for Multiple Vulnerabilities

Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality

CVE-2022-34379: DSA-2022-207: Dell CloudLink Security Update for an AD Users Login Without Password Vulnerability

Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system.

CVE-2022-34380: DSA-2022-210: Dell CloudLink Security Update for Multiple Security Vulnerabilities

Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system.

Sephora Fined $1.2 Million for Breaching CCPA and Selling User Data

By Deeba Ahmed Sephora claims it respects consumer privacy and "strives to be transparent about how their personal information is used" to improve customer experience. This is a post from HackRead.com Read the original post: Sephora Fined $1.2 Million for Breaching CCPA and Selling User Data

CVE-2022-31233: DSA-2022-158: Dell Unisphere for PowerMax, Dell Unisphere for PowerMax vApp, Dell Solutions Enabler vApp, Dell Unisphere 360, Dell VASA Provider vApp, and Dell PowerMax EMB Mgmt Security Update for Mu

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.