CWE:
 

Topic
Date
Author
Med.
Trend Maximum Security 2019 Unquoted Search Path
27.08.2019
Silton Santos
Med.
Progea Movicon 11.5.1181 Search Path Issues
01.11.2017
Karn Ganeshen
Med.
Samsung SW Update Service Unquoted Service Path Privilege Escalation
09.11.2016
CT-Zer0 Team
Med.
Comodo Chromodo Browser Privilege Escalation
07.10.2016
Yunus YILDIRIM
Med.
Comodo Dragon Browser Privilege Escalation
07.10.2016
Yunus YILDIRIM


CVEMAP Search Results

CVE
Details
Description
2022-07-12
Medium
CVE-2022-31591

Vendor: SAP
Software: Businessobje...
 

 
SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service

 
2022-06-23
Medium
CVE-2022-2147

Vendor: Cloudflare
Software: WARP
 

 
Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0.

 
2022-06-14
Waiting for details
CVE-2022-31590

Updating...
 

 

 
2022-05-20
Medium
CVE-2022-29320

Vendor: Minitool
Software: Partition wizard
 

 
MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.

 
Medium
CVE-2022-27095

Vendor: Battleye
Software: Battleye
 

 
BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level.

 
Medium
CVE-2022-27094

Vendor: SONY
Software: Playmemories...
 

 
Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.

 
Medium
CVE-2022-27092

Vendor: Privateinternetaccess
Software: Private inte...
 

 
Private Internet Access v3.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.

 
2022-04-11
Medium
CVE-2022-27088

Vendor: Ivanti
Software: Dsm remote
 

 
Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges.

 
Medium
CVE-2022-27089

Vendor: Fujitsu
Software: Plugfree network
 

 
In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level.

 
2022-04-05
Medium
CVE-2022-23909

Updating...
 

 
There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top