Total
136 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-43455 | 1 Freelan | 1 Freelan | 2022-04-11 | 7.2 HIGH | 7.8 HIGH |
An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path. | |||||
CVE-2021-43460 | 1 Systemexplorer | 1 System Explorer | 2022-04-11 | 7.2 HIGH | 7.8 HIGH |
An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path. | |||||
CVE-2021-43463 | 1 Ext2 File System Driver Project | 1 Ext2 File System Driver | 2022-04-11 | 7.2 HIGH | 7.8 HIGH |
An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the Ext2Srv Service executable service path. | |||||
CVE-2022-27964 | 2 Microsoft, Netsarang | 2 Windows, Xmanager | 2022-04-08 | 6.9 MEDIUM | 6.5 MEDIUM |
Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | |||||
CVE-2022-27052 | 1 Freesshd | 1 Freeftpd | 2022-04-08 | 7.2 HIGH | 7.8 HIGH |
FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | |||||
CVE-2022-27963 | 2 Microsoft, Netsarang | 2 Windows, Xftp | 2022-04-08 | 6.9 MEDIUM | 6.5 MEDIUM |
Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | |||||
CVE-2022-27050 | 2 Bitcomet, Microsoft | 2 Bitcomet, Windows | 2022-04-08 | 7.2 HIGH | 7.8 HIGH |
BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level. | |||||
CVE-2022-27966 | 2 Microsoft, Netsarang | 2 Windows, Xshell | 2022-04-08 | 6.9 MEDIUM | 6.5 MEDIUM |
Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | |||||
CVE-2022-27965 | 2 Microsoft, Netsarang | 2 Windows, Xlpd | 2022-04-08 | 6.9 MEDIUM | 6.5 MEDIUM |
Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | |||||
CVE-2022-0237 | 1 Rapid7 | 1 Insight Agent | 2022-03-24 | 7.2 HIGH | 7.8 HIGH |
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80. | |||||
CVE-2022-25031 | 1 Rdpsoft | 1 Remote Desktop Commander Suite Agent | 2022-03-09 | 6.9 MEDIUM | 7.8 HIGH |
Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
CVE-2021-45819 | 1 Wordline | 1 Hidccemonitorsvc | 2022-03-09 | 7.2 HIGH | 7.8 HIGH |
Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
CVE-2021-46368 | 1 Trigonesoft | 1 Remote System Monitor | 2022-02-24 | 4.6 MEDIUM | 7.8 HIGH |
TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges. | |||||
CVE-2021-29218 | 2 Hpe, Microsoft | 14 Agentless Management, Apollo 20, Apollo 2000 Gen 10 Plus and 11 more | 2022-02-09 | 4.6 MEDIUM | 6.7 MEDIUM |
A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows. | |||||
CVE-2020-28209 | 2 Microsoft, Schneider-electric | 2 Windows, Enterprise Server Installer | 2022-01-31 | 4.4 MEDIUM | 7.0 HIGH |
A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central is always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location. | |||||
CVE-2021-45460 | 1 Siemens | 2 Sicam Pq Analyzer, Sicam Pq Analyzer Firmware | 2022-01-18 | 5.5 MEDIUM | 8.1 HIGH |
A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service. | |||||
CVE-2019-18915 | 1 Hp | 1 System Event Utility | 2022-01-01 | 7.2 HIGH | 7.8 HIGH |
A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service. | |||||
CVE-2021-25269 | 1 Sophos | 3 Exploit Prevention, Intercept X Endpoint, Intercept X For Server | 2021-12-03 | 2.1 LOW | 4.4 MEDIUM |
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3. | |||||
CVE-2021-23197 | 1 Gallagher | 1 Command Centre | 2021-11-23 | 4.6 MEDIUM | 7.8 HIGH |
Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; | |||||
CVE-2021-33095 | 1 Intel | 3 Nuc M15 Laptop Kit Keyboard Led Service Driver Pack, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 | 2021-11-19 | 7.2 HIGH | 7.8 HIGH |
Unquoted search path in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. |