Total
179 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27298 | 1 Intel | 1 Wake Up Latency Tracer | 2023-11-07 | N/A | 8.8 HIGH |
| Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2023-24671 | 2 Microsoft, Vxsearch | 2 Windows, Vx Search | 2023-11-07 | N/A | 7.8 HIGH |
| VX Search v13.8 and v14.7 was discovered to contain an unquoted service path vulnerability which allows attackers to execute arbitrary commands at elevated privileges via a crafted executable file. | |||||
| CVE-2022-4258 | 2 Hima, Microsoft | 5 Hopcs, X-opc A\+e, X-opc Da and 2 more | 2023-11-07 | N/A | 7.8 HIGH |
| In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system. | |||||
| CVE-2022-4429 | 1 Avira | 1 Avira Security | 2023-11-07 | N/A | 4.4 MEDIUM |
| Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78 | |||||
| CVE-2022-43474 | 1 Intel | 2 Dsp Builder, Quartus Prime | 2023-11-07 | N/A | 7.8 HIGH |
| Uncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPGAs Pro Edition may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41693 | 1 Intel | 1 Quartus Prime | 2023-11-07 | N/A | 7.8 HIGH |
| Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-38101 | 1 Intel | 3 Iflashv, Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb | 2023-11-07 | N/A | 7.8 HIGH |
| Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-34848 | 1 Intel | 1 Nuc Pro Software Suite | 2023-11-07 | N/A | 7.8 HIGH |
| Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-23879 | 1 Mcafee | 1 Endpoint Product Removal Tool | 2023-11-07 | 7.2 HIGH | 6.7 MEDIUM |
| Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileges are required to place the files in the required location. | |||||
| CVE-2020-7316 | 1 Mcafee | 1 File And Removable Media Protection | 2023-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| Unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP) prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder. This issue may result in files not being encrypted when a policy is triggered. | |||||
| CVE-2020-7275 | 1 Mcafee | 1 Endpoint Security | 2023-11-07 | 4.6 MEDIUM | 5.3 MEDIUM |
| Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to execute arbitrary code via a carefully crafted input file. | |||||
| CVE-2020-7252 | 2 Mcafee, Microsoft | 2 Data Exchange Layer, Windows | 2023-11-07 | 1.9 LOW | 5.5 MEDIUM |
| Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files. | |||||
| CVE-2021-26735 | 1 Zscaler | 1 Client Connector | 2023-10-27 | N/A | 7.8 HIGH |
| The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges. | |||||
| CVE-2023-37537 | 1 Hcltech | 1 Appscan Presence | 2023-10-24 | N/A | 7.8 HIGH |
| An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. | |||||
| CVE-2023-26911 | 1 Asus | 2 Armoury Crate, Setupasusservices | 2023-08-04 | N/A | 7.8 HIGH |
| ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | |||||
| CVE-2023-2685 | 1 Abb | 1 Ao-opc | 2023-08-04 | N/A | 6.3 MEDIUM |
| A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders. An update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1 | |||||
| CVE-2023-3438 | 1 Trellix | 1 Move | 2023-07-14 | N/A | 7.8 HIGH |
| An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services. | |||||
| CVE-2022-0357 | 1 Bitdefender | 3 Antivirus Plus, Internet Security, Total Security | 2023-05-31 | N/A | 7.8 HIGH |
| Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. | |||||
| CVE-2023-2331 | 1 42gears | 1 Surelock | 2023-05-08 | N/A | 7.8 HIGH |
| Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service (NixService.Exe) on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0. | |||||
| CVE-2020-7580 | 1 Siemens | 17 Simatic Automatic Tool, Simatic Net Pc, Simatic Pcs 7 and 14 more | 2023-04-28 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges. | |||||