Vulnerabilities > Dell > Supportassist FOR Home PCS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-11 | CVE-2022-34389 | Improper Restriction of Excessive Authentication Attempts vulnerability in Dell products Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. | 5.3 |
| 2023-02-11 | CVE-2022-34392 | Insufficient Session Expiration vulnerability in Dell Supportassist for Home PCS SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. | 5.5 |
| 2023-02-10 | CVE-2022-34366 | Incorrect Comparison vulnerability in Dell Supportassist for Home PCS Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. | 6.5 |
| 2022-06-10 | CVE-2022-29092 | Uncontrolled Search Path Element vulnerability in Dell products Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. | 7.8 |
| 2022-06-10 | CVE-2022-29093 | Path Traversal vulnerability in Dell products Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. | 7.1 |
| 2022-06-10 | CVE-2022-29094 | Path Traversal vulnerability in Dell products Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. | 7.1 |
| 2022-06-10 | CVE-2022-29095 | Cross-site Scripting vulnerability in Dell products Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. | 9.6 |
| 2021-09-28 | CVE-2021-36297 | Untrusted Search Path vulnerability in Dell Supportassist for Home PCS SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll's, | 7.8 |
| 2021-07-22 | CVE-2020-5316 | Uncontrolled Search Path Element vulnerability in Dell products Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. | 7.8 |
| 2021-03-12 | CVE-2021-21518 | Uncontrolled Search Path Element vulnerability in Dell products Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. | 7.8 |