Total
201 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27386 | 1 Intel | 1 Pathfinder For Risc-v | 2024-08-02 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-27298 | 1 Intel | 1 Wake Up Latency Tracer | 2024-08-02 | 8.8 High |
| Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||||
| CVE-2023-25075 | 1 Intel | 1 Server Configuration Utility | 2024-08-02 | 6.7 Medium |
| Unquoted search path in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-24671 | 2 Microsoft, Vxsearch | 2 Windows, Vx Search | 2024-08-02 | 7.8 High |
| VX Search v13.8 and v14.7 was discovered to contain an unquoted service path vulnerability which allows attackers to execute arbitrary commands at elevated privileges via a crafted executable file. | ||||
| CVE-2023-24575 | 1 Dell | 1 Multifunction Printer E525w Driver And Software Suite | 2024-08-02 | 7.8 High |
| Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system | ||||
| CVE-2023-22282 | 2 Elecom, Microsoft | 2 Wab-mat, Windows | 2024-08-02 | 7.3 High |
| WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. | ||||
| CVE-2023-6631 | 1 Subnet | 1 Powersystem Center | 2024-08-02 | 7.8 High |
| PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. | ||||
| CVE-2023-5012 | 1 Topazevolution | 1 Ofd | 2024-08-02 | 5.3 Medium |
| A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requirement. Upgrading to version 2.12.0.259 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-239853 was assigned to this vulnerability. | ||||
| CVE-2023-3842 | 1 Pointware | 1 Easyinventory | 2024-08-02 | 7.8 High |
| A vulnerability was found in Pointware EasyInventory 1.0.12.0 and classified as critical. This issue affects some unknown processing of the file C:\Program Files (x86)\EasyInventory\Easy2W.exe. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-235193 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2644 | 1 Digitalpersona Fpsensor Project | 1 Digitalpersona Fpsensor | 2024-08-02 | 5.3 Medium |
| A vulnerability, which was classified as problematic, has been found in DigitalPersona FPSensor 1.0.0.1. This issue affects some unknown processing of the file C:\Program Files (x86)\FPSensor\bin\DpHost.exe. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-228773 was assigned to this vulnerability. | ||||
| CVE-2023-2417 | 1 Ks-soft | 1 Advanced Host Monitor | 2024-08-02 | 5.3 Medium |
| A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 and classified as problematic. Affected by this issue is some unknown functionality of the file C:\Program Files (x86)\HostMonitor\RMA-Win\rma_active.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 12.60 is able to address this issue. It is recommended to upgrade the affected component. VDB-227714 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-2331 | 1 42gears | 1 Surelock | 2024-08-02 | 7.8 High |
| Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service (NixService.Exe) on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0. | ||||
| CVE-2023-0887 | 1 Tftpd64 Project | 1 Tftpd64 | 2024-08-02 | 7 High |
| A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The associated identifier of this vulnerability is VDB-221351. | ||||
| CVE-2024-31804 | 2024-08-02 | 0.0 Low | ||
| An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component. | ||||
| CVE-2024-22437 | 2024-08-01 | 7.3 High | ||
| A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system. | ||||
| CVE-2024-5402 | 1 Abb | 1 Mint Workbench | 2024-08-01 | 7.8 High |
| Unquoted Search Path or Element vulnerability in ABB Mint Workbench. A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service. This issue affects Mint Workbench I versions: from 5866 before 5868. | ||||
| CVE-2024-4461 | 2024-08-01 | 7.8 High | ||
| Unquoted path or search item vulnerability in SugarSync versions prior to 4.1.3 for Windows. This misconfiguration could allow an unauthorized local user to inject arbitrary code into the unquoted service path, resulting in privilege escalation. | ||||
| CVE-2024-4031 | 2024-08-01 | 4.4 Medium | ||
| Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code. | ||||
| CVE-2024-3640 | 2024-08-01 | N/A | ||
| An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability. | ||||
| CVE-2024-1618 | 2024-08-01 | 7.8 High | ||
| A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file. An attacker with local user privileges could exploit this vulnerability to replace the legitimate DFServ.exe service executable with a malicious file of the same name and located in a directory that has a higher priority than the legitimate directory. Thus, when the service starts, it will run the malicious file instead of the legitimate executable, allowing the attacker to execute arbitrary code, gain unauthorized access to the compromised system or stop the service from running. | ||||