Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44264 | 1 Dentsplysirona | 1 Sidexis | 2025-03-31 | N/A | 7.8 HIGH |
| Dentsply Sirona Sidexis <= 4.3 is vulnerable to Unquoted Service Path. | |||||
| CVE-2023-22282 | 2 Elecom, Microsoft | 2 Wab-mat, Windows | 2025-02-11 | N/A | 7.3 HIGH |
| WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. | |||||
| CVE-2025-21107 | 3 Dell, Linux, Microsoft | 3 Networker, Linux Kernel, Windows | 2025-02-07 | N/A | 7.8 HIGH |
| Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | |||||
| CVE-2022-36384 | 1 Intel | 7 Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb, Nuc Kit Nuc5pgyh and 4 more | 2025-02-04 | N/A | 6.7 MEDIUM |
| Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-31747 | 1 Wondershare | 1 Filmora | 2025-01-21 | N/A | 7.8 HIGH |
| Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges. | |||||
| CVE-2024-8975 | 2 Grafana, Microsoft | 2 Alloy, Windows | 2024-12-26 | N/A | 7.3 HIGH |
| Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1. | |||||
| CVE-2024-6080 | 1 Intelbras | 1 Incontrol | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks. | |||||
| CVE-2024-5402 | 1 Abb | 1 Mint Workbench | 2024-11-21 | N/A | 7.8 HIGH |
| Unquoted Search Path or Element vulnerability in ABB Mint Workbench. A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service. This issue affects Mint Workbench I versions: from 5866 before 5868. | |||||
| CVE-2024-2747 | 1 Schneider-electric | 1 Easergy Studio | 2024-11-21 | N/A | 7.8 HIGH |
| CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine. | |||||
| CVE-2024-1201 | 1 Panterasoft | 1 Hdd Health | 2024-11-21 | N/A | 7.8 HIGH |
| Search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation. | |||||
| CVE-2023-7043 | 1 Eset | 6 Endpoint Antivirus, Endpoint Security, Internet Security and 3 more | 2024-11-21 | N/A | 3.3 LOW |
| Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions. | |||||
| CVE-2023-6631 | 1 Subnet | 1 Powersystem Center | 2024-11-21 | N/A | 7.8 HIGH |
| PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. | |||||
| CVE-2023-5012 | 1 Topazevolution | 1 Ofd | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requirement. Upgrading to version 2.12.0.259 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-239853 was assigned to this vulnerability. | |||||
| CVE-2023-4991 | 1 Quescom | 1 Nextbx Qwalerter | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability was found in NextBX QWAlerter 4.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file QWAlerter.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The identifier of this vulnerability is VDB-239804. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-42486 | 1 Fortect | 1 Fortect | 2024-11-21 | N/A | 6.3 MEDIUM |
| Fortect - CWE-428: Unquoted Search Path or Element, may be used by local user to elevate privileges. | |||||
| CVE-2023-3842 | 1 Pointware | 1 Easyinventory | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability was found in Pointware EasyInventory 1.0.12.0 and classified as critical. This issue affects some unknown processing of the file C:\Program Files (x86)\EasyInventory\Easy2W.exe. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-235193 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3438 | 1 Trellix | 1 Move | 2024-11-21 | N/A | 4.4 MEDIUM |
| An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services. | |||||
| CVE-2023-38408 | 2 Fedoraproject, Openbsd | 2 Fedora, Openssh | 2024-11-21 | N/A | 9.8 CRITICAL |
| The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. | |||||
| CVE-2023-37537 | 1 Hcltech | 1 Appscan Presence | 2024-11-21 | N/A | 7.8 HIGH |
| An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. | |||||
| CVE-2023-36658 | 1 Opswat | 2 Media Validation Agent, Metadefender Kiosk | 2024-11-21 | N/A | 7.8 HIGH |
| An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally. | |||||