Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28065 | 2 Dell, Microsoft | 4 Alienware Update, Command Update, Update and 1 more | 2023-12-10 | N/A | 7.3 HIGH |
| Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation. | |||||
| CVE-2023-28071 | 2 Dell, Microsoft | 4 Alienware Update, Command Update, Update and 1 more | 2023-12-10 | N/A | 7.1 HIGH |
| Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS). | |||||
| CVE-2022-34459 | 1 Dell | 3 Alienware Update, Command Update, Update | 2023-12-10 | N/A | 7.8 HIGH |
| Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution. | |||||
| CVE-2022-34458 | 1 Dell | 3 Alienware Update, Command Update, Update | 2023-12-10 | N/A | 5.5 MEDIUM |
| Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data. | |||||
| CVE-2023-23698 | 1 Dell | 2 Alienware Update, Command Update | 2023-12-10 | N/A | 7.1 HIGH |
| Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete. | |||||
| CVE-2022-34384 | 1 Dell | 5 Alienware Update, Command Update, Supportassist For Business Pcs and 2 more | 2023-12-10 | N/A | 7.8 HIGH |
| Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation. | |||||
| CVE-2022-34382 | 1 Dell | 3 Alienware Update, Command Update, Update | 2023-12-10 | N/A | 7.8 HIGH |
| Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges. | |||||
| CVE-2022-24426 | 1 Dell | 3 Alienware Update, Command Update, Update | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation. | |||||
| CVE-2019-3749 | 1 Dell | 1 Command Update | 2023-12-10 | 3.6 LOW | 5.5 MEDIUM |
| Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly. | |||||
| CVE-2019-3750 | 1 Dell | 1 Command Update | 2023-12-10 | 3.6 LOW | 5.5 MEDIUM |
| Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly. | |||||