Page 2 of 18 results (0.002 seconds)

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. • https://www.dell.com/support/kbdoc/000204114 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

SupportAssist for Home PCs (version 3.11.4 and prior) and  SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. • https://www.dell.com/support/kbdoc/000204114 • CWE-326: Inadequate Encryption Strength •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation. • https://www.dell.com/support/kbdoc/000204114 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. • https://www.dell.com/support/kbdoc/000204114 • CWE-697: Incorrect Comparison CWE-942: Permissive Cross-domain Policy with Untrusted Domains •

CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0

Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. Dell SupportAssist Client Consumer versiones (3.10.4 y anteriores) y Dell SupportAssist Client Commercial (3.1.1 y anteriores) contienen una vulnerabilidad de tipo cross-site scripting. Un usuario remoto malicioso no autenticado podría explotar esta vulnerabilidad bajo condiciones específicas que conllevan a una ejecución de código malicioso en un sistema vulnerable • https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities • CWE-16: Configuration CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •