Total
403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7487 | 2 Microsoft, Sonicwall | 3 Windows, Sonicos, Sonicos Sslvpn Nacagent | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution.
|
|||||
| CVE-2019-7201 | 1 Qnap | 1 Netbak Replicator | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak Replicator 4.5.12.1108.
|
|||||
| CVE-2019-6149 | 1 Lenovo | 2 Dynamic Power Reduction, Thinkpad X1 Carbon | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
|
|||||
| CVE-2019-6145 | 1 Forcepoint | 1 Vpn Client | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us.
|
|||||
| CVE-2019-6008 | 1 Yokogawa | 8 Exaopc, Exaplog, Exaquantum and 5 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.
|
|||||
| CVE-2019-20362 | 2 Microsoft, Teradici | 4 Windows, Pcoip Client, Pcoip Graphics Agent and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILES(X86)%\Teradici\PCoIP.exe instead of the intended pcoip_vchan_printing_svc.exe file.
|
|||||
| CVE-2019-20357 | 2 Microsoft, Trendmicro | 9 Windows, Antivirus \+ Security 2019, Antivirus \+ Security 2020 and 6 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.
|
|||||
| CVE-2019-18915 | 1 Hp | 1 System Event Utility | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service.
|
|||||
| CVE-2019-18245 | 1 Reliablecontrols | 1 Rc-licensemanager | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Reliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may allow execution of code with elevated privileges of the application.
|
|||||
| CVE-2019-17658 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.
|
|||||
| CVE-2019-16647 | 2 Maxthon, Microsoft | 2 Maxthon Browser, Windows | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.
|
|||||
| CVE-2019-14685 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus \+ Security 2019, Internet Security 2019 and 2 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service.
|
|||||
| CVE-2019-11093 | 1 Intel | 1 Scs Discovery Utility | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Unquoted service path in the installer for the Intel(R) SCS Discovery Utility version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2018-6384 | 1 Nsclient | 1 Nsclient\+\+ | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.
|
|||||
| CVE-2018-6321 | 1 Pandasecurity | 1 Panda Global Protection | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.
|
|||||
| CVE-2018-6016 | 1 10-strike | 1 Network Monitor | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Unquoted Windows search path vulnerability in the srvInventoryWebServer service in 10-Strike Network Monitor 5.4 allows local users to gain privileges via a malicious artefact.
|
|||||
| CVE-2018-5470 | 1 Philips | 1 Intellispace Portal | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.
|
|||||
| CVE-2018-4873 | 1 Adobe | 1 Creative Cloud | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.
|
|||||
| CVE-2018-3688 | 1 Intel | 1 Quartus Prime Programmer And Tools | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.
|
|||||
| CVE-2018-3687 | 1 Intel | 1 Quartus Ii Programmer And Tools | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.
|
|||||
| CVE-2018-3684 | 1 Intel | 1 Quartus Ii | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.
|
|||||
| CVE-2018-3683 | 1 Intel | 1 Quartus Prime | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.
|
|||||
| CVE-2018-3668 | 1 Intel | 1 Processor Diagnostic Tool | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code.
|
|||||
| CVE-2018-2406 | 1 Sap | 1 Crystal Reports Server | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
|
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.
|
|||||
| CVE-2018-20341 | 1 Winmagic | 1 Securedoc Disk Encryption | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
WINMAGIC SecureDoc Disk Encryption software before 8.3 has an Unquoted Service Path vulnerability, which could allow an attacker to execute arbitrary code on a target system. If the executable is enclosed in quote tags "" then the system will know where to find it. However if the path of where the application binary is located doesn't contain any quotes then Windows will try to find it and execute it inside every folder of this path until they reach the executable.
|
|||||
| CVE-2018-16183 | 2 Microsoft, Panasonic | 6 Windows 10, Windows 7, Windows 8 and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.
|
|||||
| CVE-2018-16098 | 2 Lenovo, Microsoft | 120 Synaptics Thinkpad Ultranav Driver, Thiankpad L430, Thiankpad L430 Firmware and 117 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.
|
|||||
| CVE-2018-14789 | 1 Philips | 2 Intellispace Cardiovascular, Xcelera | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges.
|
|||||
| CVE-2018-11063 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to execute arbitrary executables with elevated privileges.
|
|||||
| CVE-2018-10619 | 1 Rockwellautomation | 2 Factorytalk Linx Gateway, Rslinx Classic | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation.
|
|||||
| CVE-2017-6015 | 1 Rockwellautomation | 1 Factorytalk Activation | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version ...
Show More |
|||||
| CVE-2017-3141 | 1 Isc | 1 Bind | 2024-11-21 | 7.2 HIGH | 7.2 HIGH |
|
The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1.
|
|||||
| CVE-2017-14030 | 1 Moxa | 1 Mxview | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.
|
|||||
| CVE-2017-11672 | 1 Opcfoundation | 1 Local Discovery Server | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges.
|
|||||
| CVE-2017-1000475 | 1 Freesshd | 1 Freesshd | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.
|
|||||
| CVE-2016-15003 | 2 Filezilla-project, Microsoft | 2 Filezilla Client, Windows | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2012-0945 | 1 Whoopsie-daisy Project | 1 Whoopsie-daisy | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
|
whoopsie-daisy before 0.1.26: Root user can remove arbitrary files
|
|||||
| CVE-2024-9325 | 1 Intelbras | 1 Incontrol Web | 2024-11-04 | 6.8 MEDIUM | 7.8 HIGH |
|
A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about t ...
Show More |
|||||
| CVE-2024-8996 | 2 Grafana, Microsoft | 2 Agent, Windows | 2024-10-01 | N/A | 7.8 HIGH |
|
Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM
This issue affects Agent Flow: before 0.43.2
|
|||||
| CVE-2022-27592 | 1 Qnap | 1 Qvr Smart Client | 2024-09-24 | N/A | 6.7 MEDIUM |
|
An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors.
We have already fixed the vulnerability in the following version:
Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later
|
|||||