Total
190 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26911 | 1 Asus | 2 Armoury Crate, Setupasusservices | 2024-11-21 | N/A | 7.8 HIGH |
| ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | |||||
| CVE-2023-25075 | 1 Intel | 1 Server Configuration Utility | 2024-11-21 | N/A | 6.7 MEDIUM |
| Unquoted search path in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-24671 | 2 Microsoft, Vxsearch | 2 Windows, Vx Search | 2024-11-21 | N/A | 7.8 HIGH |
| VX Search v13.8 and v14.7 was discovered to contain an unquoted service path vulnerability which allows attackers to execute arbitrary commands at elevated privileges via a crafted executable file. | |||||
| CVE-2023-0887 | 1 Tftpd64 Project | 1 Tftpd64 | 2024-11-21 | 6.0 MEDIUM | 7.0 HIGH |
| A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The associated identifier of this vulnerability is VDB-221351. | |||||
| CVE-2023-0392 | 1 Okta | 1 Ldap Agent | 2024-11-21 | N/A | 6.7 MEDIUM |
| The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution. | |||||
| CVE-2022-4429 | 1 Avira | 1 Avira Security | 2024-11-21 | N/A | 5.3 MEDIUM |
| Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78 | |||||
| CVE-2022-4258 | 2 Hima, Microsoft | 5 Hopcs, X-opc A\+e, X-opc Da and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
| In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system. | |||||
| CVE-2022-43474 | 1 Intel | 2 Dsp Builder, Quartus Prime | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPGAs Pro Edition may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41693 | 1 Intel | 1 Quartus Prime | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-39959 | 2 Microsoft, Panini | 2 Windows, Everest Engine | 2024-11-21 | N/A | 7.8 HIGH |
| Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%\Panini\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file. | |||||
| CVE-2022-38101 | 1 Intel | 3 Iflashv, Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36344 | 1 Justsystems | 60 Atok Medical 2, Atok Medical 3, Atok Pro 3 and 57 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect. | |||||
| CVE-2022-35899 | 2 Asus, Microsoft | 2 Aura Ready Game Software Development Kit, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file. | |||||
| CVE-2022-35292 | 1 Sap | 1 Business One | 2024-11-21 | N/A | 7.8 HIGH |
| In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability. | |||||
| CVE-2022-34848 | 1 Intel | 1 Nuc Pro Software Suite | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-33920 | 1 Dell | 1 Geodrive | 2024-11-21 | N/A | 7.8 HIGH |
| Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. | |||||
| CVE-2022-31591 | 1 Sap | 1 Businessobjects Bw Publisher Service | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service | |||||
| CVE-2022-2147 | 1 Cloudflare | 1 Warp | 2024-11-21 | 4.6 MEDIUM | 6.5 MEDIUM |
| Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0. | |||||
| CVE-2022-29320 | 1 Minitool | 1 Partition Wizard | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
| CVE-2022-27966 | 2 Microsoft, Netsarang | 2 Windows, Xshell | 2024-11-21 | 6.9 MEDIUM | 6.5 MEDIUM |
| Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | |||||