| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation. |
| SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched. |
| Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80. |
| TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges. |
| Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level. |
| A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service. |
| When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. |
| An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the Ext2Srv Service executable service path. |
| An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path. |
| An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths. |
| An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a specially crafted file in the waselvpnserv service path. |
| An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path. |
| An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path. |
| An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path. . |
| There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. |
| In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution. |
| The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path. |
| As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: "Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kiwi Syslog Server\Parameters\Application". |
| Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task. An unintended executable might run. |
| Unquoted search path in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. |
