Total
201 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9325 | 1 Intelbras | 2 Incontrol, Incontrol Web | 2024-11-04 | 7.8 High |
| A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20. | ||||
| CVE-2024-6080 | 1 Intelbras | 1 Incontrol | 2024-11-04 | 7.8 High |
| A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks. | ||||
| CVE-2024-9287 | 1 Python | 1 Cpython | 2024-11-04 | 6.3 Medium |
| A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected. | ||||
| CVE-2019-17658 | 1 Fortinet | 1 Forticlient | 2024-10-25 | 9.8 Critical |
| An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path. | ||||
| CVE-2020-9292 | 1 Fortinet | 1 Fortisiem Windows Agent | 2024-10-25 | 9.8 Critical |
| An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path. | ||||
| CVE-2023-3438 | 1 Trellix | 1 Move | 2024-10-25 | 4.4 Medium |
| An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services. | ||||
| CVE-2023-26911 | 1 Asus | 2 Armoury Crate, Setupasusservices | 2024-10-23 | 7.8 High |
| ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | ||||
| CVE-2023-2685 | 1 Abb | 1 Ao-opc | 2024-10-21 | 7.2 High |
| A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders. An update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1 | ||||
| CVE-2023-7043 | 1 Eset | 6 Endpoint Antivirus, Endpoint Security, Internet Security and 3 more | 2024-10-17 | 3.3 Low |
| Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions. | ||||
| CVE-2023-38408 | 4 Devworkspace, Fedoraproject, Openbsd and 1 more | 9 1.0, Fedora, Openssh and 6 more | 2024-10-15 | 9.8 Critical |
| The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. | ||||
| CVE-2024-34010 | 1 Acronis | 1 Cyber Protect Cloud Agent | 2024-10-15 | N/A |
| Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690. | ||||
| CVE-2023-24542 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-10-10 | 6.7 Medium |
| Unquoted search path or element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-22841 | 2 Intel, System Firmware Update Utility For Some Intel Server Boards And Intel Server Systems Based On Intel 621a Chipset | 3 C621a, Server Firmware Update Utility, System Firmware Update Utility For Some Intel Server Boards And Intel Server Systems Based On Intel 621a Chipset | 2024-10-10 | 6.7 Medium |
| Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-43457 | 1 Microsoft | 2 Windows 11 24h2, Windows 11 24h2 | 2024-10-09 | 7.8 High |
| Windows Setup and Deployment Elevation of Privilege Vulnerability | ||||
| CVE-2024-8975 | 1 Grafana | 1 Alloy | 2024-10-01 | 7.3 High |
| Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1. | ||||
| CVE-2024-8996 | 2 Grafana, Microsoft | 3 Agent, Agent Flow Windows, Windows | 2024-10-01 | 7.3 High |
| Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2 | ||||
| CVE-2023-36658 | 1 Opswat | 2 Media Validation Agent, Metadefender Kiosk | 2024-09-25 | 7.8 High |
| An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally. | ||||
| CVE-2023-4991 | 1 Quescom | 1 Nextbx Qwalerter | 2024-09-25 | 7.8 High |
| A vulnerability was found in NextBX QWAlerter 4.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file QWAlerter.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The identifier of this vulnerability is VDB-239804. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-27592 | 1 Qnap | 1 Qvr Smart Client | 2024-09-24 | 6.7 Medium |
| An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors. We have already fixed the vulnerability in the following version: Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later | ||||
| CVE-2023-42486 | 1 Fortect | 1 Fortect | 2024-09-23 | 6.3 Medium |
| Fortect - CWE-428: Unquoted Search Path or Element, may be used by local user to elevate privileges. | ||||