EUVD-2022-31414

Malicious code in bioql PyPI...

Dell iDRAC8 Improper Input Validation (CVE-2022-34436)

Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update...

CVE-2022-26865

Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator...

Authentication flaw

Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator...

RSA IG+L Aveksa 7.1.1 Remote Code Execution

Exploit Title: RSA IG&L Aveksa 7.1.1 - Remote Code Execution Date: 2019-04-16 Exploit Author: Jakub Palaczynski, Lukasz Plonka Vendor Homepage: https://www.rsa.com/ Version: 7.1.1, prior to P02 CVE : CVE-2019-3759 all vulnerable versions can be found at...

Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking

If you use a Dell computer, then beware — hackers could compromise your system remotely. Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers...

A week in security (October 23 – October 29)

Welcome back to "A week in security." Last week, we took a look at how deleted files can be recovered, explored the BadRabbit ransomware plague attacking Eastern Europe including a deep dive into the code, and talked about what it takes to work in security. One of our researchers, who is a PhD...

Dell System Detect installs root certificate and private key (DSDTestProvider)

Overview Dell System Detect installs the DSDTestProvider certificate into theTrusted Root Certificate Store on Microsoft Windows systems. The certificate includes the private key. This allows attackers to create trusted certificates and perform impersonation, man-in-the-middle MiTM, and passive...

The Dell Support Software, Dell System Detect the presence of security vulnerabilities that can be remotely execute malicious code-vulnerability warning-the black bar safety net

Pre-installed in the Dell computer Support Software Dell System Detect is to discover the presence of vulnerabilities, allowing an attacker to remotely execute malicious code. System Detect Dell system bundled a software, as long as the system starts, it will start automatically. The use of the...