Total
214 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-7043 | 1 Eset | 6 Endpoint Antivirus, Endpoint Security, Internet Security and 3 more | 2024-11-21 | 3.3 Low |
| Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions. | ||||
| CVE-2023-5012 | 1 Topazevolution | 1 Ofd | 2024-11-21 | 5.3 Medium |
| A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requirement. Upgrading to version 2.12.0.259 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-239853 was assigned to this vulnerability. | ||||
| CVE-2023-4991 | 1 Quescom | 1 Nextbx Qwalerter | 2024-11-21 | 7.8 High |
| A vulnerability was found in NextBX QWAlerter 4.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file QWAlerter.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The identifier of this vulnerability is VDB-239804. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-42486 | 1 Fortect | 1 Fortect | 2024-11-21 | 6.3 Medium |
| Fortect - CWE-428: Unquoted Search Path or Element, may be used by local user to elevate privileges. | ||||
| CVE-2023-3438 | 1 Trellix | 1 Move | 2024-11-21 | 4.4 Medium |
| An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services. | ||||
| CVE-2023-38408 | 3 Fedoraproject, Openbsd, Redhat | 9 Fedora, Openssh, Devworkspace and 6 more | 2024-11-21 | 9.8 Critical |
| The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. | ||||
| CVE-2023-37537 | 1 Hcltech | 1 Appscan Presence | 2024-11-21 | 7.8 High |
| An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. | ||||
| CVE-2023-36658 | 1 Opswat | 2 Media Validation Agent, Metadefender Kiosk | 2024-11-21 | 7.8 High |
| An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally. | ||||
| CVE-2023-32658 | 1 Intel | 11 Hdmi Firmware, Nuc 7 Business Nuc7i3dnhnc, Nuc 7 Business Nuc7i3dnktc and 8 more | 2024-11-21 | 6.7 Medium |
| Unquoted search path in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-2685 | 1 Abb | 1 Ao-opc | 2024-11-21 | 7.2 High |
| A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders. An update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1 | ||||
| CVE-2023-2644 | 1 Digitalpersona Fpsensor Project | 1 Digitalpersona Fpsensor | 2024-11-21 | 5.3 Medium |
| A vulnerability, which was classified as problematic, has been found in DigitalPersona FPSensor 1.0.0.1. This issue affects some unknown processing of the file C:\Program Files (x86)\FPSensor\bin\DpHost.exe. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-228773 was assigned to this vulnerability. | ||||
| CVE-2023-29165 | 2 Intel, Microsoft | 3 Arc A Graphics, Iris Xe Graphics, Windows | 2024-11-21 | 6.7 Medium |
| Unquoted search path or element in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-26911 | 1 Asus | 2 Armoury Crate, Setupasusservices | 2024-11-21 | 7.8 High |
| ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | ||||
| CVE-2023-25075 | 1 Intel | 1 Server Configuration Utility | 2024-11-21 | 6.7 Medium |
| Unquoted search path in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-22841 | 2 Intel, System Firmware Update Utility For Some Intel Server Boards And Intel Server Systems Based On Intel 621a Chipset | 3 C621a, Server Firmware Update Utility, System Firmware Update Utility For Some Intel Server Boards And Intel Server Systems Based On Intel 621a Chipset | 2024-11-21 | 6.7 Medium |
| Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-0392 | 1 Okta | 1 Ldap Agent | 2024-11-21 | 6.7 Medium |
| The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution. | ||||
| CVE-2022-39959 | 2 Microsoft, Panini | 2 Windows, Everest Engine | 2024-11-21 | 7.8 High |
| Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%\Panini\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file. | ||||
| CVE-2022-36344 | 1 Justsystems | 60 Atok Medical 2, Atok Medical 3, Atok Pro 3 and 57 more | 2024-11-21 | 9.8 Critical |
| An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect. | ||||
| CVE-2022-35899 | 2 Asus, Microsoft | 2 Aura Ready Game Software Development Kit, Windows | 2024-11-21 | 7.8 High |
| There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file. | ||||
| CVE-2022-35292 | 1 Sap | 1 Business One | 2024-11-21 | 7.8 High |
| In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability. | ||||