Total
196 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16098 | 2 Lenovo, Microsoft | 120 Synaptics Thinkpad Ultranav Driver, Thiankpad L430, Thiankpad L430 Firmware and 117 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user. | |||||
| CVE-2018-14789 | 1 Philips | 2 Intellispace Cardiovascular, Xcelera | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges. | |||||
| CVE-2018-11063 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to execute arbitrary executables with elevated privileges. | |||||
| CVE-2018-10619 | 1 Rockwellautomation | 2 Factorytalk Linx Gateway, Rslinx Classic | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation. | |||||
| CVE-2017-3141 | 1 Isc | 1 Bind | 2024-11-21 | 7.2 HIGH | 7.2 HIGH |
| The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1. | |||||
| CVE-2017-14030 | 1 Moxa | 1 Mxview | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path. | |||||
| CVE-2017-11672 | 1 Opcfoundation | 1 Local Discovery Server | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges. | |||||
| CVE-2017-1000475 | 1 Freesshd | 1 Freesshd | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges. | |||||
| CVE-2016-15003 | 2 Filezilla-project, Microsoft | 2 Filezilla Client, Windows | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2012-0945 | 1 Whoopsie-daisy Project | 1 Whoopsie-daisy | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
| whoopsie-daisy before 0.1.26: Root user can remove arbitrary files | |||||
| CVE-2024-9325 | 1 Intelbras | 1 Incontrol Web | 2024-11-04 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20. | |||||
| CVE-2024-8996 | 2 Grafana, Microsoft | 2 Agent, Windows | 2024-10-01 | N/A | 7.8 HIGH |
| Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2 | |||||
| CVE-2022-27592 | 1 Qnap | 1 Qvr Smart Client | 2024-09-24 | N/A | 6.7 MEDIUM |
| An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors. We have already fixed the vulnerability in the following version: Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later | |||||
| CVE-2024-43457 | 1 Microsoft | 1 Windows 11 24h2 | 2024-09-17 | N/A | 7.8 HIGH |
| Windows Setup and Deployment Elevation of Privilege Vulnerability | |||||
| CVE-2024-31201 | 1 Proges | 1 Thermoscan Ip | 2024-08-12 | N/A | 6.7 MEDIUM |
| A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIP_Scrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\ path to attempt a privilege escalation on the local machine. | |||||
| CVE-2024-5963 | 2024-08-06 | N/A | 6.7 MEDIUM | ||
| Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).This issue affects Hitachi Device Manager: before 8.8.7-00. | |||||