Total
201 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1697 | 1 Okta | 1 Active Directory Agent | 2024-11-21 | N/A | 3.9 LOW |
| Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation. | |||||
| CVE-2022-0883 | 2 Microsoft, Snowsoftware | 2 Windows, Snow License Manager | 2024-11-21 | 4.6 MEDIUM | 7.3 HIGH |
| SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched. | |||||
| CVE-2022-0357 | 1 Bitdefender | 3 Antivirus Plus, Internet Security, Total Security | 2024-11-21 | N/A | 6.7 MEDIUM |
| Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. | |||||
| CVE-2022-0237 | 1 Rapid7 | 1 Insight Agent | 2024-11-21 | 7.2 HIGH | 4.0 MEDIUM |
| Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80. | |||||
| CVE-2021-46368 | 1 Trigonesoft | 1 Remote System Monitor | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges. | |||||
| CVE-2021-45819 | 1 Wordline | 1 Hidccemonitorsvc | 2024-11-21 | 7.2 HIGH | 6.4 MEDIUM |
| Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level. | |||||
| CVE-2021-45460 | 1 Siemens | 2 Sicam Pq Analyzer, Sicam Pq Analyzer Firmware | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service. | |||||
| CVE-2021-43463 | 1 Ext2 File System Driver Project | 1 Ext2 File System Driver | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the Ext2Srv Service executable service path. | |||||
| CVE-2021-43460 | 1 Systemexplorer | 1 System Explorer | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path. | |||||
| CVE-2021-43458 | 1 Vembu | 1 Bdr Suite | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths. | |||||
| CVE-2021-43457 | 1 Bvpn | 1 Bvpn | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a specially crafted file in the waselvpnserv service path. | |||||
| CVE-2021-43456 | 1 Rumble Mail Server Project | 1 Rumble Mail Server | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path. | |||||
| CVE-2021-43455 | 1 Freelan | 1 Freelan | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path. | |||||
| CVE-2021-43454 | 1 Anytxt | 1 Anytxt Searcher | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path. . | |||||
| CVE-2021-42563 | 2 Microsoft, Ni | 2 Windows, Ni Service Locator | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. | |||||
| CVE-2021-40683 | 2 Akamai, Microsoft | 2 Enterprise Application Access, Windows | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution. | |||||
| CVE-2021-35469 | 1 Lexmark | 3 Printer Software G2, Printer Software G3, Printer Software G4 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path. | |||||
| CVE-2021-35231 | 1 Solarwinds | 1 Kiwi Syslog Server | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: "Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kiwi Syslog Server\Parameters\Application". | |||||
| CVE-2021-35056 | 1 Unisys | 1 Stealth | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task. An unintended executable might run. | |||||
| CVE-2021-33095 | 1 Intel | 3 Nuc M15 Laptop Kit Keyboard Led Service Driver Pack, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Unquoted search path in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||