Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

CVEs (426)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-35056 1Unisys 1Stealth Nov 21, 2024 Jul 15, 2021 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task. An unintended executable might run.
CVE-2021-35469 1Lexmark 3Printer Software G2 Printer Software G3Printer Software G4 Nov 21, 2024 Jul 14, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.
CVE-2021-0112 1Intel 1Unite Nov 21, 2024 Jun 9, 2021 N/A· v4 7.3 HIGH· v3 4.4 MEDIUM· v2 Unquoted service path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.
CVE-2020-22809 1Windscribe 1Windscribe Nov 21, 2024 May 10, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In Windscribe v1.83 Build 20, 'WindscribeService' has an Unquoted Service Path that facilitates privilege escalation.
CVE-2021-31776 1Aviatrix 1Vpn Client Nov 21, 2024 Apr 29, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories th...Show more Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.Show less
CVE-2021-31553 1Mediawiki 1Mediawiki Nov 21, 2024 Apr 22, 2021 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain...Show more An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could turn off Special:CheckUserLog and thus interfere with usage tracking.Show less
CVE-2021-27608 1Sap 1Setup Nov 21, 2024 Apr 14, 2021 N/A· v4 7.5 HIGH· v3 4.4 MEDIUM· v2 An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete comprom...Show more An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability.Show less
CVE-2021-23879 1Mcafee 1Endpoint Product Removal Tool Nov 21, 2024 Mar 15, 2021 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder...Show more Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileges are required to place the files in the required location.Show less
CVE-2020-35152 1Cloudflare 1Warp Nov 21, 2024 Feb 3, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service...Show more Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service's binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1.Show less
CVE-2021-21292 1Traccar 1Traccar Nov 21, 2024 Feb 2, 2021 N/A· v4 6.3 MEDIUM· v3 1.9 LOW· v2 Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to the filesystem on t...Show more Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacker can lift their privilege to the same as Traccar service (system). This is fixed in version 4.12.Show less
CVE-2020-5147 1Sonicwall 1Netextender Nov 21, 2024 Jan 9, 2021 N/A· v4 5.3 MEDIUM· v3 4.6 MEDIUM· v2 SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtend...Show more SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.Show less
CVE-2020-27645 11e 1Client Nov 21, 2024 Dec 29, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain e...Show more The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges.Show less
CVE-2020-27644 11e 1Client Nov 21, 2024 Dec 29, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain e...Show more The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\Temp\.Show less
CVE-2020-28209 1Schneider Electric 1Enterprise Server Installer May 28, 2026 Nov 19, 2020 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user w...Show more A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central is always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location.Show less
CVE-2020-7331 1Mcafee 1Endpoint Security Nov 21, 2024 Nov 12, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executa...Show more Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.Show less
CVE-2020-15261 1Veyon 1Veyon Nov 21, 2024 Oct 19, 2020 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privile...Show more On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.Show less
CVE-2020-7316 1Mcafee 1File And Removable Media Protection Nov 21, 2024 Oct 7, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP) prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder. Th...Show more Unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP) prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder. This issue may result in files not being encrypted when a policy is triggered.Show less
CVE-2020-10051 1Siemens 1Simatic Rtls Locating Manager Nov 21, 2024 Sep 9, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This cou...Show more A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are execeuted instead of the legitimate service.Show less
CVE-2020-7382 1Rapid7 1Nexpose Nov 21, 2024 Sep 3, 2020 N/A· v4 6.5 MEDIUM· v3 4.4 MEDIUM· v2 Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose...Show more Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40.Show less
CVE-2020-8326 1Lenovo 1Drivers Management Nov 21, 2024 Jul 24, 2020 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.

Previous 1...171819...22 Next