Total
186 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-6384 | 1 Nsclient | 1 Nsclient\+\+ | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder. | |||||
CVE-2018-6321 | 1 Pandasecurity | 1 Panda Global Protection | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact. | |||||
CVE-2018-2406 | 1 Sap | 1 Crystal Reports Server | 2024-02-28 | 4.6 MEDIUM | 5.3 MEDIUM |
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path. | |||||
CVE-2018-10619 | 1 Rockwellautomation | 2 Factorytalk Linx Gateway, Rslinx Classic | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation. | |||||
CVE-2018-3688 | 1 Intel | 1 Quartus Prime Programmer And Tools | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code. | |||||
CVE-2018-3683 | 1 Intel | 1 Quartus Prime | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code. | |||||
CVE-2018-6016 | 1 10-strike | 1 Network Monitor | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Unquoted Windows search path vulnerability in the srvInventoryWebServer service in 10-Strike Network Monitor 5.4 allows local users to gain privileges via a malicious artefact. | |||||
CVE-2017-1000475 | 1 Freesshd | 1 Freesshd | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges. | |||||
CVE-2017-11672 | 1 Opcfoundation | 1 Local Discovery Server | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges. | |||||
CVE-2018-4873 | 1 Adobe | 1 Creative Cloud | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation. | |||||
CVE-2017-7180 | 1 Eduiq | 1 Net Monitor For Employees | 2024-02-28 | 6.9 MEDIUM | 7.3 HIGH |
Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application. | |||||
CVE-2017-14030 | 1 Moxa | 1 Mxview | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path. | |||||
CVE-2017-3757 | 1 Emc | 1 Elan Touchpad Driver | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with local privileges to execute code with administrative privileges. | |||||
CVE-2017-9644 | 2 Automatedlogic, Carrier | 3 I-vu, Sitescan Web, Automatedlogic Webctrl | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges. | |||||
CVE-2017-14019 | 1 Progea | 1 Movicon | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate his or her privileges. | |||||
CVE-2017-3751 | 1 Lenovo | 1 Thinkpad Compact Usb Keyboard Driver | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges. | |||||
CVE-2017-15383 | 1 Nero | 1 Nero | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory. | |||||
CVE-2017-12730 | 1 Myscada | 1 Mypro | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges. | |||||
CVE-2017-9247 | 1 Sierrawireless | 3 Sierra Wireless Em7345 Software, Sierra Wireless Em7455 Software, Sierra Wireless Location Sensor Driver | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges. | |||||
CVE-2017-3005 | 2 Adobe, Microsoft | 2 Photoshop Cc, Windows | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have an unquoted search path vulnerability. |