Total
186 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-3438 | 1 Trellix | 1 Move | 2024-02-28 | N/A | 7.8 HIGH |
An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services. | |||||
CVE-2023-31747 | 1 Wondershare | 1 Filmora | 2024-02-28 | N/A | 7.8 HIGH |
Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges. | |||||
CVE-2023-22282 | 2 Elecom, Microsoft | 2 Wab-mat, Windows | 2024-02-28 | N/A | 7.3 HIGH |
WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. | |||||
CVE-2022-0357 | 1 Bitdefender | 3 Antivirus Plus, Internet Security, Total Security | 2024-02-28 | N/A | 7.8 HIGH |
Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. | |||||
CVE-2023-27386 | 1 Intel | 1 Pathfinder For Risc-v | 2024-02-28 | N/A | 7.3 HIGH |
Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-34848 | 1 Intel | 1 Nuc Pro Software Suite | 2024-02-28 | N/A | 7.8 HIGH |
Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-43474 | 1 Intel | 2 Dsp Builder, Quartus Prime | 2024-02-28 | N/A | 7.8 HIGH |
Uncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPGAs Pro Edition may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-2331 | 1 42gears | 1 Surelock | 2024-02-28 | N/A | 7.8 HIGH |
Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service (NixService.Exe) on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0. | |||||
CVE-2022-41693 | 1 Intel | 1 Quartus Prime | 2024-02-28 | N/A | 7.8 HIGH |
Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-4429 | 1 Avira | 1 Avira Security | 2024-02-28 | N/A | 4.4 MEDIUM |
Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78 | |||||
CVE-2022-4258 | 2 Hima, Microsoft | 5 Hopcs, X-opc A\+e, X-opc Da and 2 more | 2024-02-28 | N/A | 7.8 HIGH |
In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system. | |||||
CVE-2022-37197 | 1 Iobit | 1 Iotransfer | 2024-02-28 | N/A | 7.8 HIGH |
IOBit IOTransfer V4 is vulnerable to Unquoted Service Path. | |||||
CVE-2023-24671 | 2 Microsoft, Vxsearch | 2 Windows, Vx Search | 2024-02-28 | N/A | 7.8 HIGH |
VX Search v13.8 and v14.7 was discovered to contain an unquoted service path vulnerability which allows attackers to execute arbitrary commands at elevated privileges via a crafted executable file. | |||||
CVE-2019-19705 | 1 Lenovo | 272 Aio300-23isu, Aio300-23isu Firmware, Aio310-20iap and 269 more | 2024-02-28 | N/A | 7.8 HIGH |
Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading. | |||||
CVE-2022-46662 | 1 Corel | 1 Roxio Creator Ljb | 2024-02-28 | N/A | 6.7 MEDIUM |
Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and versions are as follows: Roxio Creator LJB version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A) | |||||
CVE-2022-44264 | 1 Dentsplysirona | 1 Sidexis | 2024-02-28 | N/A | 7.8 HIGH |
Dentsply Sirona Sidexis <= 4.3 is vulnerable to Unquoted Service Path. | |||||
CVE-2022-31591 | 1 Sap | 1 Businessobjects Bw Publisher Service | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service | |||||
CVE-2022-36344 | 1 Justsystems | 60 Atok Medical 2, Atok Medical 3, Atok Pro 3 and 57 more | 2024-02-28 | N/A | 9.8 CRITICAL |
An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect. | |||||
CVE-2022-35292 | 1 Sap | 1 Business One | 2024-02-28 | N/A | 7.8 HIGH |
In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability. | |||||
CVE-2016-15003 | 2 Filezilla-project, Microsoft | 2 Filezilla Client, Windows | 2024-02-28 | N/A | 7.8 HIGH |
A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |