Vulnerabilities > Unquoted Search Path or Element

DATE CVE VULNERABILITY TITLE RISK
2020-12-29 CVE-2020-27645 Unquoted Search Path or Element vulnerability in 1E Client 5.0.0.745
The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe.
network
low complexity
1e CWE-428
6.5
2020-12-29 CVE-2020-27644 Unquoted Search Path or Element vulnerability in 1E Client 5.0.0.745
The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe.
network
low complexity
1e CWE-428
6.5
2020-11-19 CVE-2020-28209 Unquoted Search Path or Element vulnerability in Schneider-Electric Enterprise Server Installer 1.9/3.1
A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service.
4.4
2020-11-12 CVE-2020-7331 Unquoted Search Path or Element vulnerability in Mcafee Endpoint Security
Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.
local
low complexity
mcafee CWE-428
4.6
2020-11-02 CVE-2020-27992 Unquoted Search Path or Element vulnerability in Wondershare Dr.Fone 3.0.0
Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users.
local
low complexity
wondershare CWE-428
7.2
2020-10-19 CVE-2020-15261 Unquoted Search Path or Element vulnerability in Veyon
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges.
local
low complexity
veyon CWE-428
4.6
2020-10-07 CVE-2020-7316 Unquoted Search Path or Element vulnerability in Mcafee File and Removable Media Protection
Unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP) prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder.
local
low complexity
mcafee CWE-428
4.6
2020-09-09 CVE-2020-10051 Unquoted Search Path or Element vulnerability in Siemens Simatic Rtls Locating Manager 2.10/2.9.3
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2).
local
low complexity
siemens CWE-428
7.2
2020-09-03 CVE-2020-7382 Unquoted Search Path or Element vulnerability in Rapid7 Nexpose
Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path.
local
rapid7 CWE-428
4.4
2020-07-29 CVE-2020-13699 Unquoted Search Path or Element vulnerability in Teamviewer
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers.
6.8