Total
201 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8225 | 1 Lenovo | 2 Edge Keyboard Driver, Slim Usb Keyboard Driver | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. | |||||
| CVE-2017-13993 | 1 I-sens | 1 Smartlog Diabetes Management Software | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. This vulnerability does not affect the connected blood glucose monitor and would not impact delivery of therapy to the patient. | |||||
| CVE-2017-15383 | 1 Nero | 1 Nero | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory. | |||||
| CVE-2017-3757 | 1 Emc | 1 Elan Touchpad Driver | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with local privileges to execute code with administrative privileges. | |||||
| CVE-2017-9644 | 2 Automatedlogic, Carrier | 3 I-vu, Sitescan Web, Automatedlogic Webctrl | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
| An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges. | |||||
| CVE-2017-12730 | 1 Myscada | 1 Mypro | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges. | |||||
| CVE-2017-9247 | 1 Sierrawireless | 3 Sierra Wireless Em7345 Software, Sierra Wireless Em7455 Software, Sierra Wireless Location Sensor Driver | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges. | |||||
| CVE-2017-5873 | 1 Unisys | 1 Secure Partitioning | 2025-04-20 | 4.6 MEDIUM | 6.7 MEDIUM |
| Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. | |||||
| CVE-2017-7180 | 1 Eduiq | 1 Net Monitor For Employees | 2025-04-20 | 6.9 MEDIUM | 7.3 HIGH |
| Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application. | |||||
| CVE-2017-3005 | 2 Adobe, Microsoft | 2 Photoshop Cc, Windows | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have an unquoted search path vulnerability. | |||||
| CVE-2017-14019 | 1 Progea | 1 Movicon | 2025-04-20 | 4.6 MEDIUM | 6.7 MEDIUM |
| An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate his or her privileges. | |||||
| CVE-2017-3751 | 1 Lenovo | 1 Thinkpad Compact Usb Keyboard Driver | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges. | |||||
| CVE-2022-46662 | 1 Corel | 1 Roxio Creator Ljb | 2025-04-16 | N/A | 6.7 MEDIUM |
| Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and versions are as follows: Roxio Creator LJB version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A) | |||||
| CVE-2019-19705 | 1 Lenovo | 272 Aio300-23isu, Aio300-23isu Firmware, Aio310-20iap and 269 more | 2025-04-14 | N/A | 7.8 HIGH |
| Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading. | |||||
| CVE-2016-5793 | 1 Moxa | 1 Active Opc Server | 2025-04-12 | 7.2 HIGH | 8.8 HIGH |
| Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. | |||||
| CVE-2016-6935 | 1 Adobe | 1 Creative Cloud | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.8.0.310 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. | |||||
| CVE-2014-5455 | 2 Openvpn, Privatetunnel | 2 Openvpn, Privatetunnel | 2025-04-12 | 6.9 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder. | |||||
| CVE-2015-4173 | 1 Sonicwall | 1 Netextender | 2025-04-12 | 6.9 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. | |||||
| CVE-2024-24722 | 1 12dsynergy | 2 12dsynergy, File Replication Server | 2025-04-02 | N/A | 9.1 CRITICAL |
| An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and 5.1.6.235. | |||||
| CVE-2022-44264 | 1 Dentsplysirona | 1 Sidexis | 2025-03-31 | N/A | 7.8 HIGH |
| Dentsply Sirona Sidexis <= 4.3 is vulnerable to Unquoted Service Path. | |||||