Vulnerabilities (CVE)

Filtered by CWE-428
Total 186 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7275 1 Mcafee 1 Endpoint Security 2024-11-21 4.6 MEDIUM 4.8 MEDIUM
Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to execute arbitrary code via a carefully crafted input file.
CVE-2020-7252 2 Mcafee, Microsoft 2 Data Exchange Layer, Windows 2024-11-21 1.9 LOW 4.2 MEDIUM
Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.
CVE-2020-5569 1 Toshiba 19 Hd-ma10ts, Hd-ma10ty, Hd-ma20ts and 16 more 2024-11-21 4.6 MEDIUM 8.4 HIGH
An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service.
CVE-2020-5147 1 Sonicwall 1 Netextender 2024-11-21 4.6 MEDIUM 5.3 MEDIUM
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.
CVE-2020-35152 1 Cloudflare 1 Warp 2024-11-21 4.6 MEDIUM 4.5 MEDIUM
Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service's binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1.
CVE-2020-28209 2 Microsoft, Schneider-electric 2 Windows, Enterprise Server Installer 2024-11-21 4.4 MEDIUM 7.0 HIGH
A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central is always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location.
CVE-2020-27645 1 1e 1 Client 2024-11-21 6.5 MEDIUM 8.8 HIGH
The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges.
CVE-2020-27644 1 1e 1 Client 2024-11-21 6.5 MEDIUM 8.8 HIGH
The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\Temp\.
CVE-2020-22809 1 Windscribe 1 Windscribe 2024-11-21 4.6 MEDIUM 7.8 HIGH
In Windscribe v1.83 Build 20, 'WindscribeService' has an Unquoted Service Path that facilitates privilege escalation.
CVE-2020-1988 1 Paloaltonetworks 1 Globalprotect 2024-11-21 7.2 HIGH 4.2 MEDIUM
An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;
CVE-2020-15261 2 Microsoft, Veyon 2 Windows, Veyon 2024-11-21 7.2 HIGH 8.0 HIGH
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.
CVE-2020-11632 1 Zscaler 1 Client Connector 2024-11-21 7.2 HIGH 7.8 HIGH
The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges.
CVE-2020-10051 1 Siemens 1 Simatic Rtls Locating Manager 2024-11-21 7.2 HIGH 7.8 HIGH
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are execeuted instead of the legitimate service.
CVE-2020-0546 2 Intel, Microsoft 2 Optane Dc Persistent Memory Module Management, Windows Server 2019 2024-11-21 4.6 MEDIUM 7.8 HIGH
Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Module Management Software before version 1.0.0.3461 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access.
CVE-2020-0507 1 Intel 1 Graphics Driver 2024-11-21 2.1 LOW 4.4 MEDIUM
Unquoted service path in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2019-8459 1 Checkpoint 6 Capsule Docs Standalone Client, Endpoint Security Clients, Endpoint Security Server Package and 3 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.
CVE-2019-7590 1 Johnsoncontrols 1 Exacqvision Server 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4.
CVE-2019-7487 2 Microsoft, Sonicwall 3 Windows, Sonicos, Sonicos Sslvpn Nacagent 2024-11-21 4.6 MEDIUM 7.8 HIGH
Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution.
CVE-2019-7201 1 Qnap 1 Netbak Replicator 2024-11-21 7.2 HIGH 7.8 HIGH
An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak Replicator 4.5.12.1108.
CVE-2019-6149 1 Lenovo 2 Dynamic Power Reduction, Thinkpad X1 Carbon 2024-11-21 7.2 HIGH 6.7 MEDIUM
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.