CVE-2024-24722

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-428
View all →

Vulnerability Description

An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and 5.1.6.235.

Related Vulnerabilities

CVE-2016-5793

HIGH
CVSS:8.8(High)

Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.

CWE-4282016

CVE-2020-27644

HIGH
CVSS:8.8(High)

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and l...

CWE-4282020

CVE-2020-27645

HIGH
CVSS:8.8(High)

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and l...

CWE-4282020

CVE-2020-5569

HIGH
CVSS:8.4(High)

An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO ...

CWE-4282020

CVE-2019-17658

CRITICAL
CVSS:9.8(Critical)

An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable...

CWE-4282019

CVE-2019-8459

CRITICAL
CVSS:9.8(Critical)

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable...

CWE-4282019