Total
201 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34848 | 1 Intel | 1 Nuc Pro Software Suite | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-33920 | 1 Dell | 1 Geodrive | 2024-11-21 | N/A | 7.8 HIGH |
| Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. | |||||
| CVE-2022-31591 | 1 Sap | 1 Businessobjects Bw Publisher Service | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service | |||||
| CVE-2022-31590 | 1 Sap | 1 Powerdesigner Proxy | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system. | |||||
| CVE-2022-2147 | 1 Cloudflare | 1 Warp | 2024-11-21 | 4.6 MEDIUM | 6.5 MEDIUM |
| Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0. | |||||
| CVE-2022-29320 | 1 Minitool | 1 Partition Wizard | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
| CVE-2022-27966 | 2 Microsoft, Netsarang | 2 Windows, Xshell | 2024-11-21 | 6.9 MEDIUM | 6.5 MEDIUM |
| Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | |||||
| CVE-2022-27965 | 2 Microsoft, Netsarang | 2 Windows, Xlpd | 2024-11-21 | 6.9 MEDIUM | 6.5 MEDIUM |
| Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | |||||
| CVE-2022-27964 | 2 Microsoft, Netsarang | 2 Windows, Xmanager | 2024-11-21 | 6.9 MEDIUM | 6.5 MEDIUM |
| Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | |||||
| CVE-2022-27963 | 2 Microsoft, Netsarang | 2 Windows, Xftp | 2024-11-21 | 6.9 MEDIUM | 6.5 MEDIUM |
| Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | |||||
| CVE-2022-27905 | 1 Controlup | 1 Controlup | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this. | |||||
| CVE-2022-27095 | 1 Battleye | 1 Battleye | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
| CVE-2022-27094 | 1 Sony | 1 Playmemories Home | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
| CVE-2022-27089 | 1 Fujitsu | 1 Plugfree Network | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level. | |||||
| CVE-2022-27088 | 1 Ivanti | 1 Dsm Remote | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges. | |||||
| CVE-2022-27052 | 1 Freesshd | 1 Freeftpd | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | |||||
| CVE-2022-27050 | 2 Bitcomet, Microsoft | 2 Bitcomet, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level. | |||||
| CVE-2022-26634 | 1 Hma | 1 Hidemyass | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
| CVE-2022-25031 | 1 Rdpsoft | 1 Remote Desktop Commander Suite Agent | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
| CVE-2022-23909 | 2 Gimmal, Microsoft | 2 Sherpa Connector Service, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file. | |||||