• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-428

CVE-2022-4429

February 23, 2023 by godfreyd94

Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78

CVE-2022-4258

February 23, 2023 by godfreyd94

In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.

CVE-2022-39959

February 23, 2023 by godfreyd94

Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%PaniniEverest EngineEverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%PaniniEverest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file.

CVE-2022-37197

February 23, 2023 by godfreyd94

IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.

CVE-2022-36384

February 23, 2023 by godfreyd94

Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-36344

February 23, 2023 by godfreyd94

An unquoted search path vulnerability exists in ‘JustSystems JUST Online Update for J-License’ bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 13
  • Go to page 14
  • Go to page 15
  • Go to page 16
  • Go to page 17
  • Interim pages omitted …
  • Go to page 19
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE