CWE:
 

Tytuł
Data
Autor
Med.
Trend Maximum Security 2019 Unquoted Search Path
27.08.2019
Silton Santos
Med.
Progea Movicon 11.5.1181 Search Path Issues
01.11.2017
Karn Ganeshen
Med.
Samsung SW Update Service Unquoted Service Path Privilege Escalation
09.11.2016
CT-Zer0 Team
Med.
Comodo Chromodo Browser Privilege Escalation
07.10.2016
Yunus YILDIRIM
Med.
Comodo Dragon Browser Privilege Escalation
07.10.2016
Yunus YILDIRIM


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-01-11
Medium
CVE-2021-45460

Updating...
 

 
A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service.

 
2021-11-26
Low
CVE-2021-25269

Vendor: Sophos
Software: Exploit prev...
 

 
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3.

 
2021-11-18
Medium
CVE-2021-23197

Vendor: Gallagher
Software: Command centre
 

 
Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;

 
2021-11-17
Medium
CVE-2021-33095

Updating...
 

 
Unquoted search path in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

 
2021-11-12
Medium
CVE-2021-42563

Updating...
 

 
There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.

 
2021-10-25
Medium
CVE-2021-35231

Vendor: Solarwinds
Software: Kiwi syslog ...
 

 
As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: "Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kiwi Syslog Server\Parameters\Application".

 
2021-10-04
Medium
CVE-2021-40683

Updating...
 

 
In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution.

 
2021-07-14
Medium
CVE-2021-35469

Vendor: Lexmark
Software: Printer soft...
 

 
The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.

 
2021-04-22
Medium
CVE-2021-31553

Vendor: Mediawiki
Software: Mediawiki
 

 
An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could turn off Special:CheckUserLog and thus interfere with usage tracking.

 
2021-04-14
Medium
CVE-2021-27608

Vendor: SAP
Software: Setup
 

 
An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top