Total
179 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7201 | 1 Qnap | 1 Netbak Replicator | 2023-03-01 | 7.2 HIGH | 7.8 HIGH |
| An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak Replicator 4.5.12.1108. | |||||
| CVE-2020-7581 | 1 Siemens | 11 Opcenter Execution Discrete, Opcenter Execution Foundation, Opcenter Execution Process and 8 more | 2023-01-30 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges. | |||||
| CVE-2020-15261 | 2 Microsoft, Veyon | 2 Windows, Veyon | 2022-10-18 | 7.2 HIGH | 6.7 MEDIUM |
| On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users. | |||||
| CVE-2022-33920 | 1 Dell | 1 Geodrive | 2022-10-14 | N/A | 7.8 HIGH |
| Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. | |||||
| CVE-2022-39959 | 2 Microsoft, Panini | 2 Windows, Everest Engine | 2022-10-11 | N/A | 7.8 HIGH |
| Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%\Panini\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file. | |||||
| CVE-2022-35899 | 2 Asus, Microsoft | 2 Aura Ready Game Software Development Kit, Windows | 2022-10-06 | N/A | 7.8 HIGH |
| There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file. | |||||
| CVE-2021-43456 | 1 Rumble Mail Server Project | 1 Rumble Mail Server | 2022-10-05 | 4.6 MEDIUM | 7.8 HIGH |
| An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path. | |||||
| CVE-2022-35292 | 1 Sap | 1 Business One | 2022-10-01 | N/A | 7.8 HIGH |
| In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability. | |||||
| CVE-2022-1697 | 1 Okta | 1 Active Directory Agent | 2022-09-16 | N/A | 3.9 LOW |
| Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation. | |||||
| CVE-2022-36344 | 1 Justsystems | 60 Atok Medical 2, Atok Medical 3, Atok Pro 3 and 57 more | 2022-08-23 | N/A | 9.8 CRITICAL |
| An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect. | |||||
| CVE-2016-15003 | 2 Filezilla-project, Microsoft | 2 Filezilla Client, Windows | 2022-07-25 | N/A | 7.8 HIGH |
| A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-31591 | 1 Sap | 1 Businessobjects Bw Publisher Service | 2022-07-16 | 4.6 MEDIUM | 7.8 HIGH |
| SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service | |||||
| CVE-2022-2147 | 1 Cloudflare | 1 Warp | 2022-07-01 | 4.6 MEDIUM | 7.8 HIGH |
| Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0. | |||||
| CVE-2022-0883 | 2 Microsoft, Snowsoftware | 2 Windows, Snow License Manager | 2022-06-01 | 4.6 MEDIUM | 7.8 HIGH |
| SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched. | |||||
| CVE-2022-26634 | 1 Hidemyass | 1 Hidemyass | 2022-06-01 | 7.2 HIGH | 7.8 HIGH |
| HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
| CVE-2022-27094 | 1 Sony | 1 Playmemories Home | 2022-05-26 | 7.2 HIGH | 6.7 MEDIUM |
| Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
| CVE-2022-27095 | 1 Battleye | 1 Battleye | 2022-05-26 | 7.2 HIGH | 7.8 HIGH |
| BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
| CVE-2022-29320 | 1 Minitool | 1 Partition Wizard | 2022-05-26 | 7.2 HIGH | 7.8 HIGH |
| MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
| CVE-2022-27905 | 1 Controlup | 1 Controlup | 2022-05-09 | 9.0 HIGH | 7.2 HIGH |
| In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this. | |||||
| CVE-2018-14789 | 1 Philips | 2 Intellispace Cardiovascular, Xcelera | 2022-04-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges. | |||||