CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28962
https://notcve.org/view.php?id=CVE-2024-28962
Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. Comando Dell | Update, Dell Update y Alienware Update UWP, versiones anteriores a la 5.4, contienen una vulnerabilidad de función o método peligroso expuesto. Un atacante no autenticado con acceso remoto podría explotar esta vulnerabilidad y provocar una denegación de servicio. • https://www.dell.com/support/kbdoc/en-us/000227236/dsa-2024-169 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28971
https://notcve.org/view.php?id=CVE-2024-28971
Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. El complemento Dell Update Manager, versiones 1.4.0 a 1.5.0, contiene una vulnerabilidad de almacenamiento de contraseñas de texto plano en el archivo de registro. Un atacante remoto con altos privilegios podría explotar esta vulnerabilidad, lo que llevaría a la divulgación de ciertas credenciales de usuario. • https://www.dell.com/support/kbdoc/en-us/000224849/dsa-2024-209-security-update-for-dell-update-manager-plugin-vulnerability • CWE-256: Plaintext Storage of a Password •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32454
https://notcve.org/view.php?id=CVE-2023-32454
DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service La versión 4.9.4.36 y anteriores del framework DUP contiene una operación insegura en la vulnerabilidad de unión/punto de montaje de Windows. Un usuario estándar malicioso local podría aprovechar la vulnerabilidad para crear archivos arbitrarios, lo que provocaría una denegación de servicio. • https://www.dell.com/support/kbdoc/en-us/000216236/dsa-2023-192 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-1386: Insecure Operation on Windows Junction / Mount Point •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28065
https://notcve.org/view.php?id=CVE-2023-28065
Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation. • https://www.dell.com/support/kbdoc/en-us/000212574/dsa-2023-146 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-1386: Insecure Operation on Windows Junction / Mount Point •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-28071
https://notcve.org/view.php?id=CVE-2023-28071
Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS). • https://www.dell.com/support/kbdoc/en-us/000213546/dsa-2023-170-dell-command-update • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-1386: Insecure Operation on Windows Junction / Mount Point •