Total
201 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-1988 | 1 Paloaltonetworks | 1 Globalprotect | 2024-09-16 | 4.2 Medium |
| An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows; | ||||
| CVE-2017-3141 | 1 Isc | 1 Bind | 2024-09-16 | N/A |
| The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1. | ||||
| CVE-2018-14789 | 1 Philips | 2 Intellispace Cardiovascular, Xcelera | 2024-09-16 | 6.7 Medium |
| In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges. | ||||
| CVE-2022-33920 | 1 Dell | 1 Geodrive | 2024-09-16 | 7.8 High |
| Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. | ||||
| CVE-2018-16098 | 2 Lenovo, Microsoft | 120 Synaptics Thinkpad Ultranav Driver, Thiankpad L430, Thiankpad L430 Firmware and 117 more | 2024-09-16 | N/A |
| In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user. | ||||
| CVE-2018-10619 | 1 Rockwellautomation | 2 Factorytalk Linx Gateway, Rslinx Classic | 2024-09-16 | N/A |
| An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation. | ||||
| CVE-2023-37537 | 1 Hcltech | 1 Appscan Presence | 2024-09-13 | 7.8 High |
| An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. | ||||
| CVE-2023-0392 | 1 Okta | 1 Ldap Agent | 2024-09-04 | 6.7 Medium |
| The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution. | ||||
| CVE-2023-32658 | 1 Intel | 11 Hdmi Firmware, Nuc 7 Business Nuc7i3dnhnc, Nuc 7 Business Nuc7i3dnktc and 8 more | 2024-08-30 | 6.7 Medium |
| Unquoted search path in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-25552 | 2024-08-26 | 7.8 High | ||
| A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product. | ||||
| CVE-2024-2747 | 1 Schneider-electric | 1 Easergy Studio | 2024-08-23 | 7.8 High |
| CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine. | ||||
| CVE-2024-31226 | 2024-08-15 | 4.9 Medium | ||
| Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:\Program.exe`, `C:\Program.bat`, or `C:\Program.cmd` on the user's computer. This attack vector isn't exploitable unless the user has manually loosened ACLs on the system drive. If the user's system locale is not English, then the name of the executable will likely vary. Version 0.23.0 contains a patch for the issue. Some workarounds are available. One may identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate. Alternatively, ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory `C:`. Require that all executables be placed in write-protected directories. | ||||
| CVE-2024-31201 | 2 Plug And Track, Proges | 2 Thermoscan Ip, Thermoscan Ip | 2024-08-12 | 6.5 Medium |
| A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIP_Scrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\ path to attempt a privilege escalation on the local machine. | ||||
| CVE-2024-5963 | 1 Hitachi | 1 Device Manager | 2024-08-08 | 6.7 Medium |
| Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).This issue affects Hitachi Device Manager: before 8.8.7-00. | ||||
| CVE-2012-0945 | 1 Whoopsie-daisy Project | 1 Whoopsie-daisy | 2024-08-06 | 4.9 Medium |
| whoopsie-daisy before 0.1.26: Root user can remove arbitrary files | ||||
| CVE-2013-2231 | 2 Microsoft, Redhat | 6 Windows, Enterprise Linux, Enterprise Linux Desktop Supplementary and 3 more | 2024-08-06 | N/A |
| Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, and Workstation Supplementary 6, when installing on Windows, allows local users to gain privileges via a crafted program in an unspecified folder. | ||||
| CVE-2013-2151 | 1 Redhat | 2 Enterprise Virtualization, Rhev Manager | 2024-08-06 | N/A |
| Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder. | ||||
| CVE-2013-2152 | 1 Redhat | 2 Enterprise Virtualization, Rhev Manager | 2024-08-06 | N/A |
| Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder. | ||||
| CVE-2014-5455 | 2 Openvpn, Privatetunnel | 2 Openvpn, Privatetunnel | 2024-08-06 | N/A |
| Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder. | ||||
| CVE-2015-4173 | 1 Sonicwall | 1 Netextender | 2024-08-06 | N/A |
| Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. | ||||