Total
182 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-34010 | 2024-04-30 | N/A | 8.2 HIGH | ||
Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758. | |||||
CVE-2024-4031 | 2024-04-23 | N/A | 4.4 MEDIUM | ||
Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code. | |||||
CVE-2024-22437 | 2024-04-15 | N/A | 7.3 HIGH | ||
A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system. | |||||
CVE-2023-38408 | 2 Fedoraproject, Openbsd | 2 Fedora, Openssh | 2024-04-04 | N/A | 9.8 CRITICAL |
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. | |||||
CVE-2024-1618 | 2024-03-12 | N/A | 7.8 HIGH | ||
A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file. An attacker with local user privileges could exploit this vulnerability to replace the legitimate DFServ.exe service executable with a malicious file of the same name and located in a directory that has a higher priority than the legitimate directory. Thus, when the service starts, it will run the malicious file instead of the legitimate executable, allowing the attacker to execute arbitrary code, gain unauthorized access to the compromised system or stop the service from running. | |||||
CVE-2024-25552 | 2024-03-01 | N/A | 7.8 HIGH | ||
A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product. | |||||
CVE-2023-7043 | 1 Eset | 6 Endpoint Antivirus, Endpoint Security, Internet Security and 3 more | 2024-02-28 | N/A | 5.5 MEDIUM |
Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions. | |||||
CVE-2020-24682 | 2 Br-automation, Microsoft | 3 Automation Net\/pvi, Automation Studio, Windows | 2024-02-28 | N/A | 7.8 HIGH |
Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4. | |||||
CVE-2023-25075 | 1 Intel | 1 Server Configuration Utility | 2024-02-28 | N/A | 7.8 HIGH |
Unquoted search path in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-6631 | 1 Subnet | 1 Powersystem Center | 2024-02-28 | N/A | 7.8 HIGH |
PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. | |||||
CVE-2023-32658 | 1 Intel | 11 Hdmi Firmware, Nuc 7 Business Nuc7i3dnhnc, Nuc 7 Business Nuc7i3dnktc and 8 more | 2024-02-28 | N/A | 7.3 HIGH |
Unquoted search path in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-1201 | 1 Panterasoft | 1 Hdd Health | 2024-02-28 | N/A | 7.8 HIGH |
Search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation. | |||||
CVE-2023-42486 | 1 Fortect | 1 Fortect | 2024-02-28 | N/A | 7.8 HIGH |
Fortect - CWE-428: Unquoted Search Path or Element, may be used by local user to elevate privileges. | |||||
CVE-2023-2685 | 1 Abb | 1 Ao-opc | 2024-02-28 | N/A | 6.3 MEDIUM |
A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders. An update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1 | |||||
CVE-2023-37537 | 1 Hcltech | 1 Appscan Presence | 2024-02-28 | N/A | 7.8 HIGH |
An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. | |||||
CVE-2023-36658 | 1 Opswat | 2 Media Validation Agent, Metadefender Kiosk | 2024-02-28 | N/A | 7.8 HIGH |
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally. | |||||
CVE-2023-26911 | 1 Asus | 2 Armoury Crate, Setupasusservices | 2024-02-28 | N/A | 7.8 HIGH |
ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | |||||
CVE-2021-26735 | 1 Zscaler | 1 Client Connector | 2024-02-28 | N/A | 7.8 HIGH |
The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges. | |||||
CVE-2023-27298 | 1 Intel | 1 Wake Up Latency Tracer | 2024-02-28 | N/A | 8.8 HIGH |
Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
CVE-2022-38101 | 1 Intel | 3 Iflashv, Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb | 2024-02-28 | N/A | 7.8 HIGH |
Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access. |