Total
190 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27965 | 2 Microsoft, Netsarang | 2 Windows, Xlpd | 2024-11-21 | 6.9 MEDIUM | 6.5 MEDIUM |
| Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | |||||
| CVE-2022-27964 | 2 Microsoft, Netsarang | 2 Windows, Xmanager | 2024-11-21 | 6.9 MEDIUM | 6.5 MEDIUM |
| Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | |||||
| CVE-2022-27963 | 2 Microsoft, Netsarang | 2 Windows, Xftp | 2024-11-21 | 6.9 MEDIUM | 6.5 MEDIUM |
| Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | |||||
| CVE-2022-27905 | 1 Controlup | 1 Controlup | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this. | |||||
| CVE-2022-27095 | 1 Battleye | 1 Battleye | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
| CVE-2022-27094 | 1 Sony | 1 Playmemories Home | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
| CVE-2022-27089 | 1 Fujitsu | 1 Plugfree Network | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level. | |||||
| CVE-2022-27088 | 1 Ivanti | 1 Dsm Remote | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges. | |||||
| CVE-2022-27052 | 1 Freesshd | 1 Freeftpd | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | |||||
| CVE-2022-27050 | 2 Bitcomet, Microsoft | 2 Bitcomet, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level. | |||||
| CVE-2022-26634 | 1 Hma | 1 Hidemyass | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
| CVE-2022-25031 | 1 Rdpsoft | 1 Remote Desktop Commander Suite Agent | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
| CVE-2022-23909 | 2 Gimmal, Microsoft | 2 Sherpa Connector Service, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file. | |||||
| CVE-2022-1697 | 1 Okta | 1 Active Directory Agent | 2024-11-21 | N/A | 3.9 LOW |
| Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation. | |||||
| CVE-2022-0883 | 2 Microsoft, Snowsoftware | 2 Windows, Snow License Manager | 2024-11-21 | 4.6 MEDIUM | 7.3 HIGH |
| SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched. | |||||
| CVE-2022-0357 | 1 Bitdefender | 3 Antivirus Plus, Internet Security, Total Security | 2024-11-21 | N/A | 6.7 MEDIUM |
| Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. | |||||
| CVE-2022-0237 | 1 Rapid7 | 1 Insight Agent | 2024-11-21 | 7.2 HIGH | 4.0 MEDIUM |
| Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80. | |||||
| CVE-2021-46368 | 1 Trigonesoft | 1 Remote System Monitor | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges. | |||||
| CVE-2021-45819 | 1 Wordline | 1 Hidccemonitorsvc | 2024-11-21 | 7.2 HIGH | 6.4 MEDIUM |
| Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
| CVE-2021-45460 | 1 Siemens | 2 Sicam Pq Analyzer, Sicam Pq Analyzer Firmware | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service. | |||||