5 matches found
CVE-2023-39254
Dell Update Package (DUP) suffers an Uncontrolled Search Path vulnerability in versions prior to 4.9.10. A local attacker could potentially exploit this to execute arbitrary code with admin privileges. Affected product/component: Dell Update Package (DUP) framework. Root cause: uncontrolled searc...
CVE-2019-3726
CVE-2019-3726 describes an Uncontrolled Search Path vulnerability in the Dell Update Package (DUP) Framework. Affected are: DUP Framework file versions before 19.1.0.413 and 103.4.6.69 (Dell EMC Servers) and DUP Framework file versions before 3.8.3.67 (Dell Client Platforms). The flaw is limited ...
CVE-2025-22395
Dell Update Package Framework (DUPF) vulnerabilities affect versions prior to 22.01.02, with a Local Privilege Escalation that could allow a local, low-privilege attacker to execute arbitrary remote scripts on the server and potentially cause a denial of service. Root cause is local privilege esc...
CVE-2023-32454
Dell DUP Framework ≤ 4.9.4.36 is affected by an insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit this to create arbitrary files, potentially causing denial of service. Affected product: Dell Update Package Framework. Root cause: insec...
CVE-2026-23857
Dell Update Package (DUP) Framework versions 23.12.00–24.12.00 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability that could allow a low-privileged, local attacker to achieve Elevation of Privilege. The CVE entry notes a high impact on confidentiality, integrity,...