Total
403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35899 | 2 Asus, Microsoft | 2 Aura Ready Game Software Development Kit, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.
|
|||||
| CVE-2022-35292 | 1 Sap | 1 Business One | 2024-11-21 | N/A | 7.8 HIGH |
|
In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability.
|
|||||
| CVE-2022-34848 | 1 Intel | 1 Nuc Pro Software Suite | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-33920 | 1 Dell | 1 Geodrive | 2024-11-21 | N/A | 7.8 HIGH |
|
Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.
|
|||||
| CVE-2022-31591 | 1 Sap | 1 Businessobjects Bw Publisher Service | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service
|
|||||
| CVE-2022-31590 | 1 Sap | 1 Powerdesigner Proxy | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system.
|
|||||
| CVE-2022-2147 | 1 Cloudflare | 1 Warp | 2024-11-21 | 4.6 MEDIUM | 6.5 MEDIUM |
|
Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0.
|
|||||
| CVE-2022-29320 | 1 Minitool | 1 Partition Wizard | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
|
|||||
| CVE-2022-27966 | 2 Microsoft, Netsarang | 2 Windows, Xshell | 2024-11-21 | 6.9 MEDIUM | 6.5 MEDIUM |
|
Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
|
|||||
| CVE-2022-27965 | 2 Microsoft, Netsarang | 2 Windows, Xlpd | 2024-11-21 | 6.9 MEDIUM | 6.5 MEDIUM |
|
Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
|
|||||
| CVE-2022-27964 | 2 Microsoft, Netsarang | 2 Windows, Xmanager | 2024-11-21 | 6.9 MEDIUM | 6.5 MEDIUM |
|
Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
|
|||||
| CVE-2022-27963 | 2 Microsoft, Netsarang | 2 Windows, Xftp | 2024-11-21 | 6.9 MEDIUM | 6.5 MEDIUM |
|
Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
|
|||||
| CVE-2022-27905 | 1 Controlup | 1 Controlup | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.
|
|||||
| CVE-2022-27095 | 1 Battleye | 1 Battleye | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level.
|
|||||
| CVE-2022-27094 | 1 Sony | 1 Playmemories Home | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
|
|||||
| CVE-2022-27089 | 1 Fujitsu | 1 Plugfree Network | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level.
|
|||||
| CVE-2022-27088 | 1 Ivanti | 1 Dsm Remote | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges.
|
|||||
| CVE-2022-27052 | 1 Freesshd | 1 Freeftpd | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
|
|||||
| CVE-2022-27050 | 2 Bitcomet, Microsoft | 2 Bitcomet, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level.
|
|||||
| CVE-2022-26634 | 1 Hma | 1 Hidemyass | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
|
|||||
| CVE-2022-25031 | 1 Rdpsoft | 1 Remote Desktop Commander Suite Agent | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level.
|
|||||
| CVE-2022-23909 | 2 Gimmal, Microsoft | 2 Sherpa Connector Service, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file.
|
|||||
| CVE-2022-1697 | 1 Okta | 1 Active Directory Agent | 2024-11-21 | N/A | 3.9 LOW |
|
Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation.
|
|||||
| CVE-2022-0883 | 2 Microsoft, Snowsoftware | 2 Windows, Snow License Manager | 2024-11-21 | 4.6 MEDIUM | 7.3 HIGH |
|
SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched.
|
|||||
| CVE-2022-0357 | 1 Bitdefender | 3 Antivirus Plus, Internet Security, Total Security | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.
This issue affects:
Bitdefender Total Security
versions prior to 26.0.10.45.
Bitdefender Internet Security
versions prior to 26.0.10.45.
Bitdefender Antivirus Plus
versions prior to 26.0.10.45.
|
|||||
| CVE-2022-0237 | 1 Rapid7 | 1 Insight Agent | 2024-11-21 | 7.2 HIGH | 4.0 MEDIUM |
|
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80.
|
|||||
| CVE-2021-46368 | 1 Trigonesoft | 1 Remote System Monitor | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges.
|
|||||
| CVE-2021-45819 | 1 Wordline | 1 Hidccemonitorsvc | 2024-11-21 | 7.2 HIGH | 6.4 MEDIUM |
|
Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.
|
|||||
| CVE-2021-45460 | 1 Siemens | 2 Sicam Pq Analyzer, Sicam Pq Analyzer Firmware | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service.
|
|||||
| CVE-2021-43463 | 1 Ext2 File System Driver Project | 1 Ext2 File System Driver | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the Ext2Srv Service executable service path.
|
|||||
| CVE-2021-43460 | 1 Systemexplorer | 1 System Explorer | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path.
|
|||||
| CVE-2021-43458 | 1 Vembu | 1 Bdr Suite | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths.
|
|||||
| CVE-2021-43457 | 1 Bvpn | 1 Bvpn | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a specially crafted file in the waselvpnserv service path.
|
|||||
| CVE-2021-43456 | 1 Rumble Mail Server Project | 1 Rumble Mail Server | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path.
|
|||||
| CVE-2021-43455 | 1 Freelan | 1 Freelan | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path.
|
|||||
| CVE-2021-43454 | 1 Anytxt | 1 Anytxt Searcher | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path. .
|
|||||
| CVE-2021-42563 | 2 Microsoft, Ni | 2 Windows, Ni Service Locator | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.
|
|||||
| CVE-2021-40683 | 2 Akamai, Microsoft | 2 Enterprise Application Access, Windows | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
|
In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution.
|
|||||
| CVE-2021-35469 | 1 Lexmark | 3 Printer Software G2, Printer Software G3, Printer Software G4 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.
|
|||||
| CVE-2021-35231 | 1 Solarwinds | 1 Kiwi Syslog Server | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: "Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kiwi Syslog Server\Parameters\Application".
|
|||||