Vulnerabilities (CVE)

Filtered by CWE-428
Total 186 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-3438 1 Trellix 1 Move 2024-02-28 N/A 7.8 HIGH
An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services.
CVE-2023-31747 1 Wondershare 1 Filmora 2024-02-28 N/A 7.8 HIGH
Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges.
CVE-2023-22282 2 Elecom, Microsoft 2 Wab-mat, Windows 2024-02-28 N/A 7.3 HIGH
WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service.
CVE-2022-0357 1 Bitdefender 3 Antivirus Plus, Internet Security, Total Security 2024-02-28 N/A 7.8 HIGH
Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45.
CVE-2023-27386 1 Intel 1 Pathfinder For Risc-v 2024-02-28 N/A 7.3 HIGH
Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-34848 1 Intel 1 Nuc Pro Software Suite 2024-02-28 N/A 7.8 HIGH
Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-43474 1 Intel 2 Dsp Builder, Quartus Prime 2024-02-28 N/A 7.8 HIGH
Uncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPGAs Pro Edition may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-2331 1 42gears 1 Surelock 2024-02-28 N/A 7.8 HIGH
Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service (NixService.Exe) on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0.
CVE-2022-41693 1 Intel 1 Quartus Prime 2024-02-28 N/A 7.8 HIGH
Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-4429 1 Avira 1 Avira Security 2024-02-28 N/A 4.4 MEDIUM
Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78
CVE-2022-4258 2 Hima, Microsoft 5 Hopcs, X-opc A\+e, X-opc Da and 2 more 2024-02-28 N/A 7.8 HIGH
In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.
CVE-2022-37197 1 Iobit 1 Iotransfer 2024-02-28 N/A 7.8 HIGH
IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.
CVE-2023-24671 2 Microsoft, Vxsearch 2 Windows, Vx Search 2024-02-28 N/A 7.8 HIGH
VX Search v13.8 and v14.7 was discovered to contain an unquoted service path vulnerability which allows attackers to execute arbitrary commands at elevated privileges via a crafted executable file.
CVE-2019-19705 1 Lenovo 272 Aio300-23isu, Aio300-23isu Firmware, Aio310-20iap and 269 more 2024-02-28 N/A 7.8 HIGH
Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading.
CVE-2022-46662 1 Corel 1 Roxio Creator Ljb 2024-02-28 N/A 6.7 MEDIUM
Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and versions are as follows: Roxio Creator LJB version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A)
CVE-2022-44264 1 Dentsplysirona 1 Sidexis 2024-02-28 N/A 7.8 HIGH
Dentsply Sirona Sidexis <= 4.3 is vulnerable to Unquoted Service Path.
CVE-2022-31591 1 Sap 1 Businessobjects Bw Publisher Service 2024-02-28 4.6 MEDIUM 7.8 HIGH
SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service
CVE-2022-36344 1 Justsystems 60 Atok Medical 2, Atok Medical 3, Atok Pro 3 and 57 more 2024-02-28 N/A 9.8 CRITICAL
An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.
CVE-2022-35292 1 Sap 1 Business One 2024-02-28 N/A 7.8 HIGH
In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability.
CVE-2016-15003 2 Filezilla-project, Microsoft 2 Filezilla Client, Windows 2024-02-28 N/A 7.8 HIGH
A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.