Dell Latitude 3390 2-In-1 Firmware vulnerabilities
35 known vulnerabilities affecting dell/latitude_3390_2-in-1_firmware.
Total CVEs
35
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM33
Vulnerabilities
Page 2 of 2
CVE-2023-28059MEDIUMCVSS 6.7fixed in 1.25.02023-06-23
CVE-2023-28059 [MEDIUM] CWE-20 CVE-2023-28059:
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
nvd
CVE-2023-28058MEDIUMCVSS 6.7fixed in 1.25.02023-06-23
CVE-2023-28058 [MEDIUM] CWE-20 CVE-2023-28058:
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
nvd
CVE-2023-28034MEDIUMCVSS 6.7fixed in 1.25.02023-06-23
CVE-2023-28034 [MEDIUM] CWE-20 CVE-2023-28034:
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
nvd
CVE-2023-28031MEDIUMCVSS 6.7fixed in 1.25.02023-06-23
CVE-2023-28031 [MEDIUM] CWE-20 CVE-2023-28031:
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
nvd
CVE-2023-28044MEDIUMCVSS 6.7fixed in 1.25.02023-06-23
CVE-2023-28044 [MEDIUM] CWE-20 CVE-2023-28044:
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
nvd
CVE-2023-28056MEDIUMCVSS 6.7fixed in 1.25.02023-06-23
CVE-2023-28056 [MEDIUM] CWE-20 CVE-2023-28056:
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
nvd
CVE-2023-28040MEDIUMCVSS 6.7fixed in 1.25.02023-06-23
CVE-2023-28040 [MEDIUM] CWE-20 CVE-2023-28040:
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
nvd
CVE-2023-28035MEDIUMCVSS 6.7fixed in 1.25.02023-06-23
CVE-2023-28035 [MEDIUM] CWE-20 CVE-2023-28035:
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
nvd
CVE-2023-28033MEDIUMCVSS 6.7fixed in 1.25.02023-06-23
CVE-2023-28033 [MEDIUM] CWE-20 CVE-2023-28033:
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
nvd
CVE-2023-28026MEDIUMCVSS 6.7fixed in 1.25.02023-06-23
CVE-2023-28026 [MEDIUM] CWE-20 CVE-2023-28026:
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
nvd
CVE-2023-28029MEDIUMCVSS 6.7fixed in 1.25.02023-06-23
CVE-2023-28029 [MEDIUM] CWE-20 CVE-2023-28029:
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable
nvd
CVE-2023-25937MEDIUMCVSS 6.7fixed in 1.25.02023-06-23
CVE-2023-25937 [MEDIUM] CWE-20 CVE-2023-25937:
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
nvd
CVE-2022-24410MEDIUMCVSS 4.2fixed in 1.15.02023-02-10
CVE-2022-24410 [MEDIUM] CWE-200 CVE-2022-24410:
Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with ph
Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces.
nvd
CVE-2022-34398HIGHCVSS 7.0fixed in 1.23.12023-02-01
CVE-2022-34398 [HIGH] CWE-367 CVE-2022-34398:
Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user
Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system.
nvd
CVE-2020-5362MEDIUMCVSS 4.4fixed in 1.13.02020-06-10
CVE-2020-5362 [MEDIUM] CWE-285 CVE-2020-5362: Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the
Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.
nvd
← Previous2 / 2