Vulnerabilities > Unquoted Search Path or Element

DATE CVE VULNERABILITY TITLE RISK
2021-04-29 CVE-2021-31776 Unquoted Search Path or Element vulnerability in Aviatrix VPN Client
Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.
local
low complexity
aviatrix CWE-428
7.8
2021-04-22 CVE-2021-31553 Unquoted Search Path or Element vulnerability in Mediawiki
An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2.
network
low complexity
mediawiki CWE-428
6.5
2021-04-14 CVE-2021-27608 Unquoted Search Path or Element vulnerability in SAP Setup 9.0
An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered.
local
high complexity
sap CWE-428
7.5
2021-03-15 CVE-2021-23879 Unquoted Search Path or Element vulnerability in Mcafee Endpoint Product Removal Tool
Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder.
local
low complexity
mcafee CWE-428
6.7
2021-02-03 CVE-2020-35152 Unquoted Search Path or Element vulnerability in Cloudflare Warp 1.2.2544.0
Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path.
local
low complexity
cloudflare CWE-428
7.8
2021-01-09 CVE-2020-5147 Unquoted Search Path or Element vulnerability in Sonicwall Netextender
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system.
local
low complexity
sonicwall CWE-428
5.3
2020-12-29 CVE-2020-27645 Unquoted Search Path or Element vulnerability in 1E Client 5.0.0.745
The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe.
network
low complexity
1e CWE-428
8.8
2020-12-29 CVE-2020-27644 Unquoted Search Path or Element vulnerability in 1E Client 5.0.0.745
The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe.
network
low complexity
1e CWE-428
8.8
2020-11-12 CVE-2020-7331 Unquoted Search Path or Element vulnerability in Mcafee Endpoint Security
Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.
local
low complexity
mcafee CWE-428
7.8
2020-10-07 CVE-2020-7316 Unquoted Search Path or Element vulnerability in Mcafee File and Removable Media Protection
Unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP) prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder.
local
low complexity
mcafee CWE-428
7.8