Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Supportassist_for_home_pcs
(Dell)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 21 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-02-11 | CVE-2022-34392 | SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information. | Supportassist_for_home_pcs | 5.5 | ||
2019-06-20 | CVE-2019-3735 | Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine. | Supportassist_for_business_pcs, Supportassist_for_home_pcs | 7.8 | ||
2022-06-10 | CVE-2022-29092 | Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system. | Supportassist_for_business_pcs, Supportassist_for_home_pcs | 7.8 | ||
2022-06-10 | CVE-2022-29093 | Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system. | Supportassist_for_business_pcs, Supportassist_for_home_pcs | 7.1 | ||
2022-06-10 | CVE-2022-29094 | Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system. | Supportassist_for_business_pcs, Supportassist_for_home_pcs | 7.1 | ||
2022-06-10 | CVE-2022-29095 | Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. | Supportassist_for_business_pcs, Supportassist_for_home_pcs | 9.6 | ||
2021-09-28 | CVE-2021-36297 | SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll's, | Supportassist_for_home_pcs | 7.8 | ||
2021-07-22 | CVE-2020-5316 | Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the... | Supportassist_for_business_pcs, Supportassist_for_home_pcs | 7.8 | ||
2021-03-12 | CVE-2021-21518 | Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges. | Supportassist_client_promanage, Supportassist_for_business_pcs, Supportassist_for_home_pcs | 7.8 | ||
2019-06-25 | CVE-2019-12280 | PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. | Supportassist_for_business_pcs, Supportassist_for_home_pcs, Toolbox | 7.8 |