Security
Headlines
HeadlinesLatestCVEs

Tag

#dell

CVE-2022-34383: DSA-2022-221: Dell Networking Security Update for a BIOS Vulnerability

Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM.

CVE
Open in Source
#vulnerability#ios#bios#dell
CVE-2022-34373: DSA-2022-201: Dell Command | Integration Suite for System Center Security Update for Arbitrary File Write Vulnerability

Dell Command Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system.

CVE-2022-34374: DSA-2022-202: Dell Container Storage Modules Security Update for Multiple Vulnerabilities

Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system.

CVE-2022-34368: DSA-2022-194: Dell NetWorker Security Update for Insufficient Privileges Vulnerability

Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources.

CVE-2022-33935: DSA-2022-107: Dell Data Protection Advisor Security Update for Stored Cross Site Scripting Vulnerability

Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CVE-2022-31232: DSA-2022-156: Dell SmartFabric Storage Software Security Update for Multiple Component Vulnerabilities

SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.

Capital One Joins Open Source Security Foundation

OpenSSF welcomes Capital One as a premier member affirming its commitment to strengthening the open source software supply chain.

Exploits and TrickBot disrupt manufacturing operations

Categories: Threat Intelligence September 2021 saw a huge spike of exploit detections against the manufacturing industry, with a distributed spread between California, Florida, Ohio, and Missouri. This is combined with heavy detections of unseen malware, identified through our AI engine, spiking in May as well as September 2021. (Read more...) The post Exploits and TrickBot disrupt manufacturing operations appeared first on Malwarebytes Labs.

CVE-2022-37070: vuln/H3C/GR-1200W/19 at main · Darry-lang1/vuln

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.

CVE-2022-36509: vuln/readme.md at main · Darry-lang1/vuln

H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.