Total
201 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27905 | 1 Controlup | 1 Controlup | 2024-08-03 | 7.2 High |
| In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this. | ||||
| CVE-2022-27050 | 2 Bitcomet, Microsoft | 2 Bitcomet, Windows | 2024-08-03 | 7.8 High |
| BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level. | ||||
| CVE-2022-27088 | 1 Ivanti | 1 Dsm Remote | 2024-08-03 | 7.8 High |
| Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges. | ||||
| CVE-2022-27052 | 1 Freesshd | 1 Freeftpd | 2024-08-03 | 7.8 High |
| FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | ||||
| CVE-2022-27094 | 1 Sony | 1 Playmemories Home | 2024-08-03 | 6.7 Medium |
| Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | ||||
| CVE-2022-27095 | 1 Battleye | 1 Battleye | 2024-08-03 | 7.8 High |
| BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level. | ||||
| CVE-2022-27089 | 1 Fujitsu | 1 Plugfree Network | 2024-08-03 | 7.8 High |
| In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level. | ||||
| CVE-2022-26634 | 1 Hma | 1 Hidemyass | 2024-08-03 | 7.8 High |
| HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | ||||
| CVE-2022-25031 | 1 Rdpsoft | 1 Remote Desktop Commander Suite Agent | 2024-08-03 | 7.8 High |
| Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level. | ||||
| CVE-2022-23909 | 2 Gimmal, Microsoft | 2 Sherpa Connector Service, Windows | 2024-08-03 | 7.8 High |
| There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file. | ||||
| CVE-2022-4429 | 1 Avira | 1 Avira Security | 2024-08-03 | 5.3 Medium |
| Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78 | ||||
| CVE-2022-4258 | 2 Hima, Microsoft | 5 Hopcs, X-opc A\+e, X-opc Da and 2 more | 2024-08-03 | 7.8 High |
| In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system. | ||||
| CVE-2022-2147 | 1 Cloudflare | 1 Warp | 2024-08-03 | 6.5 Medium |
| Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0. | ||||
| CVE-2022-1697 | 1 Okta | 1 Active Directory Agent | 2024-08-03 | 3.9 Low |
| Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation. | ||||
| CVE-2022-0883 | 2 Microsoft, Snowsoftware | 2 Windows, Snow License Manager | 2024-08-02 | 7.3 High |
| SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched. | ||||
| CVE-2022-0357 | 1 Bitdefender | 3 Antivirus Plus, Internet Security, Total Security | 2024-08-02 | 6.7 Medium |
| Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. | ||||
| CVE-2023-39464 | 2024-08-02 | N/A | ||
| Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the GTWWebMonitorService service. The path to the service executable contains spaces not surrounded by quotations. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20538. | ||||
| CVE-2023-31747 | 1 Wondershare | 1 Filmora | 2024-08-02 | 7.8 High |
| Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges. | ||||
| CVE-2023-29545 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-08-02 | 6.5 Medium |
| Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. | ||||
| CVE-2023-29165 | 2 Intel, Microsoft | 3 Arc A Graphics, Iris Xe Graphics, Windows | 2024-08-02 | 6.7 Medium |
| Unquoted search path or element in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||