Dell Alienware M15 R7 Firmware vulnerabilities

39 known vulnerabilities affecting dell/alienware_m15_r7_firmware.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

HIGH4MEDIUM34LOW1

Vulnerabilities

Page 2 of 2

CVE-2023-28060MEDIUMCVSS 6.7fixed in 1.16.02023-06-23

CVE-2023-28060 [MEDIUM] CWE-20 CVE-2023-28060: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

nvd

CVE-2023-28032MEDIUMCVSS 6.7fixed in 1.16.02023-06-23

CVE-2023-28032 [MEDIUM] CWE-20 CVE-2023-28032: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

nvd

CVE-2023-28052MEDIUMCVSS 6.7fixed in 1.16.02023-06-23

CVE-2023-28052 [MEDIUM] CWE-20 CVE-2023-28052: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

nvd

CVE-2023-28059MEDIUMCVSS 6.7fixed in 1.16.02023-06-23

CVE-2023-28059 [MEDIUM] CWE-20 CVE-2023-28059: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

nvd

CVE-2023-28058MEDIUMCVSS 6.7fixed in 1.16.02023-06-23

CVE-2023-28058 [MEDIUM] CWE-20 CVE-2023-28058: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

nvd

CVE-2023-32480MEDIUMCVSS 6.8fixed in 1.17.02023-06-23

CVE-2023-32480 [MEDIUM] CWE-20 CVE-2023-32480: Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution.

nvd

CVE-2023-28034MEDIUMCVSS 6.7fixed in 1.16.02023-06-23

CVE-2023-28034 [MEDIUM] CWE-20 CVE-2023-28034: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

nvd

CVE-2023-28031MEDIUMCVSS 6.7fixed in 1.16.02023-06-23

CVE-2023-28031 [MEDIUM] CWE-20 CVE-2023-28031: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

nvd

CVE-2023-28044MEDIUMCVSS 6.7fixed in 1.16.02023-06-23

CVE-2023-28044 [MEDIUM] CWE-20 CVE-2023-28044: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

nvd

CVE-2023-28056MEDIUMCVSS 6.7fixed in 1.16.02023-06-23

CVE-2023-28056 [MEDIUM] CWE-20 CVE-2023-28056: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

nvd

CVE-2023-28040MEDIUMCVSS 6.7fixed in 1.16.02023-06-23

CVE-2023-28040 [MEDIUM] CWE-20 CVE-2023-28040: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

nvd

CVE-2023-28035MEDIUMCVSS 6.7fixed in 1.16.02023-06-23

CVE-2023-28035 [MEDIUM] CWE-20 CVE-2023-28035: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

nvd

CVE-2023-28033MEDIUMCVSS 6.7fixed in 1.16.02023-06-23

CVE-2023-28033 [MEDIUM] CWE-20 CVE-2023-28033: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

nvd

CVE-2023-28026MEDIUMCVSS 6.7fixed in 1.16.02023-06-23

CVE-2023-28026 [MEDIUM] CWE-20 CVE-2023-28026: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

nvd

CVE-2023-28029MEDIUMCVSS 6.7fixed in 1.16.02023-06-23

CVE-2023-28029 [MEDIUM] CWE-20 CVE-2023-28029: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable

nvd

CVE-2023-25937MEDIUMCVSS 6.7fixed in 1.16.02023-06-23

CVE-2023-25937 [MEDIUM] CWE-20 CVE-2023-25937: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

nvd

CVE-2022-34400HIGHCVSS 7.1fixed in 1.4.32023-02-01

CVE-2022-34400 [HIGH] CWE-122 CVE-2022-34400: Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges cou Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.

nvd

CVE-2022-34403HIGHCVSS 8.8fixed in 1.4.32023-02-01

CVE-2022-34403 [HIGH] CWE-121 CVE-2022-34403: Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker coul Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.

nvd

CVE-2022-32482MEDIUMCVSS 5.1fixed in 1.10.02023-02-01

CVE-2022-32482 [MEDIUM] CWE-20 CVE-2022-32482: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

nvd

← Previous2 / 2