Thin Security Vulnerabilities

CVE-2022-31638

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...

CVE-2022-31636

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...

CVE-2022-31635

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...

CVE-2022-43778

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information...

CVE-2022-43777

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information...

CVE-2022-27541

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information...

CVE-2022-27539

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information...

CVE-2022-27538

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential...

CVE-2022-27537

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential...

CVE-2021-3808

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential...

CVE-2021-3809

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential...

CVE-2021-3439

HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential...

CVE-2022-34398

Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the...

CVE-2022-32482

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI...

CVE-2022-32489

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in...

CVE-2022-32485

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in...

CVE-2022-32484

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI...

CVE-2022-32488

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in...

CVE-2022-32487

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in...

CVE-2022-32491

Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during...

CVE-2022-32493

Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in...

CVE-2022-32483

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI...

CVE-2022-34402

Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to...

CVE-2009-3287

lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For...

CVE-2010-3121

Buffer overflow in tm-console-bin in the DevonIT thin-client management tool might allow remote attackers to execute arbitrary code via unspecified...

CVE-2010-3122

The DevonIT thin-client management tool relies on a shared secret for authentication but transmits the secret in cleartext, which makes it easier for remote attackers to discover the secret value, and consequently obtain administrative control over client machines, by sniffing the...

CVE-2013-2339

HP Smart Zero Core 4.3 and 4.3.1 on the t410 All-in-One Smart Zero Client, t410 Smart Zero Client, t510 Flexible Thin Client, t5565z Smart Client, t610 Flexible Thin Client, and t610 PLUS Flexible Thin Client allows local users to obtain sensitive information, modify data, or cause a denial of...

CVE-2022-31222

Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order to cause the application to...

CVE-2022-31221

Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the...

CVE-2022-31224

Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior of the...

CVE-2022-31226

Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the...

CVE-2022-31223

Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the...

CVE-2022-31225

Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected...

CVE-2022-31220

Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected...

CVE-2022-26859

Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI in order to bypass security checks during...

CVE-2022-26860

Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in...

CVE-2022-26861

Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during...

CVE-2022-26858

Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security...

CVE-2022-0636

A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system...

CVE-2022-24421

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during...

CVE-2022-24420

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during...

CVE-2022-24419

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during...

CVE-2022-24416

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during...

CVE-2022-24415

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during...

CVE-2021-21598

Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. An authenticated attacker with physical access to the system could exploit this vulnerability to read sensitive Smartcard data in log...

CVE-2021-21597

Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. An authenticated malicious user with physical access to the system could exploit this vulnerability to read sensitive information written to the log...

CVE-2021-21552

Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the...

CVE-2020-5362

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup...

CVE-2020-5324

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged...

CVE-2018-7112

The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which...