Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

CVEs (426)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-34848 1Intel 1Nuc Pro Software Suite Nov 21, 2024 May 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-2417 1Ks Soft 1Advanced Host Monitor Nov 21, 2024 Apr 29, 2023 N/A· v4 7.8 HIGH· v3 4.3 MEDIUM· v2 A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 and classified as problematic. Affected by this issue is some unknown functionality of the file C:\Program Files (x86)\HostMonitor\RMA-Win\rma_active...Show more A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 and classified as problematic. Affected by this issue is some unknown functionality of the file C:\Program Files (x86)\HostMonitor\RMA-Win\rma_active.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 12.60 is able to address this issue. It is recommended to upgrade the affected component. VDB-227714 is the identifier assigned to this vulnerability.Show less
CVE-2023-2331 142gears 1Surelock Nov 21, 2024 Apr 27, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service (NixService.Exe) on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windo...Show more Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service (NixService.Exe) on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0. Show less
CVE-2023-22282 1Elecom 1Wab Mat Feb 11, 2025 Apr 11, 2023 N/A· v4 7.3 HIGH· v3 N/A· v2 WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the exec...Show more WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service.Show less
CVE-2023-24671 1Vxsearch 1Vx Search Nov 21, 2024 Mar 16, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 VX Search v13.8 and v14.7 was discovered to contain an unquoted service path vulnerability which allows attackers to execute arbitrary commands at elevated privileges via a crafted executable file.
CVE-2023-24575 1Dell 1Multifunction Printer E525w Driver And Software Suite Nov 21, 2024 Feb 21, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected sys...Show more Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system Show less
CVE-2023-0887 1Tftpd64 Project 1Tftpd64 Nov 21, 2024 Feb 17, 2023 N/A· v4 7.8 HIGH· v3 6.0 MEDIUM· v2 A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to b...Show more A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The associated identifier of this vulnerability is VDB-221351.Show less
CVE-2022-44264 1Dentsplysirona 1Sidexis Mar 31, 2025 Jan 26, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Dentsply Sirona Sidexis <= 4.3 is vulnerable to Unquoted Service Path.
CVE-2022-4258 1Hima 4Hopcs X Opc A+eX Opc Da+1 more Nov 21, 2024 Jan 16, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.
CVE-2022-4429 1Avira 1Avira Security Nov 21, 2024 Jan 10, 2023 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78
CVE-2019-19705 1Lenovo 136Aio300 23isu Firmware Aio310 20iap FirmwareAio510 22ish Firmware+133 more Apr 14, 2025 Dec 26, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles...Show more Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading.Show less
CVE-2022-46662 1Corel 1Roxio Creator Ljb Apr 16, 2025 Dec 21, 2022 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be...Show more Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and versions are as follows: Roxio Creator LJB version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A)Show less
CVE-2022-37197 1Iobit 1Iotransfer Apr 29, 2025 Nov 18, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.
CVE-2022-36384 1Intel 1Nuc Kit Wireless Adapter Driver Installer Feb 4, 2025 Nov 11, 2022 N/A· v4 7.3 HIGH· v3 N/A· v2 Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via loca...Show more Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.Show less
CVE-2022-33920 1Dell 1Geodrive Nov 21, 2024 Oct 12, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security...Show more Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.Show less
CVE-2022-39959 1Panini 1Everest Engine Nov 21, 2024 Oct 7, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path...Show more Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%\Panini\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file.Show less
CVE-2022-35292 1Sap 1Business One Nov 21, 2024 Sep 13, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTE...Show more In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability.Show less
CVE-2022-1697 1Okta 1Active Directory Agent Nov 21, 2024 Sep 6, 2022 N/A· v4 3.9 LOW· v3 N/A· v2 Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reins...Show more Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation.Show less
CVE-2022-36344 1Justsystems 60Atok Medical 2 Atok Medical 3Atok Pro 3+57 more Nov 21, 2024 Aug 16, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts...Show more An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.Show less
CVE-2022-35899 1Asus 1Aura Ready Game Software Development Kit Nov 21, 2024 Jul 21, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.

Previous 1...141516...22 Next