Total
175 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25075 | 1 Intel | 1 Server Configuration Utility | 2023-12-10 | N/A | 7.8 HIGH |
| Unquoted search path in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-0392 | 1 Okta | 1 Ldap Agent | 2023-12-10 | N/A | 6.7 MEDIUM |
| The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution. | |||||
| CVE-2023-32658 | 1 Intel | 11 Hdmi Firmware, Nuc 7 Business Nuc7i3dnhnc, Nuc 7 Business Nuc7i3dnktc and 8 more | 2023-12-10 | N/A | 7.3 HIGH |
| Unquoted search path in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-26735 | 1 Zscaler | 1 Client Connector | 2023-12-10 | N/A | 7.8 HIGH |
| The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges. | |||||
| CVE-2023-42486 | 1 Fortect | 1 Fortect | 2023-12-10 | N/A | 7.8 HIGH |
| Fortect - CWE-428: Unquoted Search Path or Element, may be used by local user to elevate privileges. | |||||
| CVE-2023-36658 | 1 Opswat | 2 Media Validation Agent, Metadefender Kiosk | 2023-12-10 | N/A | 7.8 HIGH |
| An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally. | |||||
| CVE-2023-2685 | 1 Abb | 1 Ao-opc | 2023-12-10 | N/A | 6.3 MEDIUM |
| A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders. An update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1 | |||||
| CVE-2023-37537 | 1 Hcltech | 1 Appscan Presence | 2023-12-10 | N/A | 7.8 HIGH |
| An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. | |||||
| CVE-2023-26911 | 1 Asus | 2 Armoury Crate, Setupasusservices | 2023-12-10 | N/A | 7.8 HIGH |
| ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | |||||
| CVE-2022-34848 | 1 Intel | 1 Nuc Pro Software Suite | 2023-12-10 | N/A | 7.8 HIGH |
| Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-31747 | 1 Wondershare | 1 Filmora | 2023-12-10 | N/A | 7.8 HIGH |
| Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges. | |||||
| CVE-2023-3438 | 1 Trellix | 1 Move | 2023-12-10 | N/A | 7.8 HIGH |
| An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services. | |||||
| CVE-2023-27298 | 1 Intel | 1 Wake Up Latency Tracer | 2023-12-10 | N/A | 8.8 HIGH |
| Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2023-2331 | 1 42gears | 1 Surelock | 2023-12-10 | N/A | 7.8 HIGH |
| Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service (NixService.Exe) on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0. | |||||
| CVE-2022-38101 | 1 Intel | 3 Iflashv, Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb | 2023-12-10 | N/A | 7.8 HIGH |
| Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-22282 | 2 Elecom, Microsoft | 2 Wab-mat, Windows | 2023-12-10 | N/A | 7.3 HIGH |
| WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. | |||||
| CVE-2023-27386 | 1 Intel | 1 Pathfinder For Risc-v | 2023-12-10 | N/A | 7.3 HIGH |
| Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-0357 | 1 Bitdefender | 3 Antivirus Plus, Internet Security, Total Security | 2023-12-10 | N/A | 7.8 HIGH |
| Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. | |||||
| CVE-2022-43474 | 1 Intel | 2 Dsp Builder, Quartus Prime | 2023-12-10 | N/A | 7.8 HIGH |
| Uncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPGAs Pro Edition may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41693 | 1 Intel | 1 Quartus Prime | 2023-12-10 | N/A | 7.8 HIGH |
| Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||