CVE-2020-5363

MEDIUM Year: 2020
CVSS v3 Score
6.7
Medium
CVSS v2 Score
7.2
High
Weakness Type
CWE-158
View all →

Vulnerability Description

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

Related Vulnerabilities

CVE-2024-10921

MEDIUM
CVSS:6.8(Medium)

An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This iss...

CWE-1582024

CVE-2020-7928

MEDIUM
CVSS:6.5(Medium)

A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4....

CWE-1582020

CVE-2022-20812

MEDIUM
CVSS:6.5(Medium)

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwr...

CWE-1582022

CVE-2025-1936

HIGH
CVSS:7.3(High)

jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was us...

CWE-1582025

CVE-2022-20813

MEDIUM
CVSS:5.9(Medium)

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwr...

CWE-1582022

CVE-2024-0408

MEDIUM
CVSS:5.5(Medium)

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (a...

CWE-1582024