Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

CVEs (426)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-16647 1Maxthon 1Maxthon Browser Nov 21, 2024 Oct 29, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.
CVE-2019-6145 1Forcepoint 1Vpn Client Nov 21, 2024 Sep 20, 2019 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables...Show more Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us.Show less
CVE-2019-14685 1Trendmicro 4Antivirus + Security 2019 Internet Security 2019Maximum Security 2019+1 more Nov 21, 2024 Aug 21, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service.
CVE-2019-7590 1Johnsoncontrols 1Exacqvision Server Nov 21, 2024 Jul 19, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be execut...Show more ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4.Show less
CVE-2019-8459 1Checkpoint 6Capsule Docs Standalone Client Endpoint Security ClientsEndpoint Security Server Package+3 more Nov 21, 2024 Jun 20, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar...Show more Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.Show less
CVE-2019-11093 1Intel 1Scs Discovery Utility Nov 21, 2024 May 17, 2019 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 Unquoted service path in the installer for the Intel(R) SCS Discovery Utility version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2018-20341 1Winmagic 1Securedoc Disk Encryption Nov 21, 2024 Apr 8, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 WINMAGIC SecureDoc Disk Encryption software before 8.3 has an Unquoted Service Path vulnerability, which could allow an attacker to execute arbitrary code on a target system. If the executable is enclosed in quote tags "...Show more WINMAGIC SecureDoc Disk Encryption software before 8.3 has an Unquoted Service Path vulnerability, which could allow an attacker to execute arbitrary code on a target system. If the executable is enclosed in quote tags "" then the system will know where to find it. However if the path of where the application binary is located doesn't contain any quotes then Windows will try to find it and execute it inside every folder of this path until they reach the executable.Show less
CVE-2019-6149 1Lenovo 1Dynamic Power Reduction Nov 21, 2024 Mar 18, 2019 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-16098 1Lenovo 59Synaptics Thinkpad Ultranav Driver Thiankpad L430 FirmwareThiankpad L530 Firmware+56 more Nov 21, 2024 Jan 24, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.
CVE-2017-3141 1Isc 1Bind Nov 21, 2024 Jan 16, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4...Show more The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1.Show less
CVE-2018-16183 1Panasonic 2System Interface Device 0021 System Interface Device 0040 Nov 21, 2024 Jan 9, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than...Show more An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.Show less
CVE-2018-14789 1Philips 2Intellispace Cardiovascular Xcelera Nov 21, 2024 Aug 22, 2018 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to e...Show more In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges.Show less
CVE-2018-11063 1Dell 1Wyse Management Suite Nov 21, 2024 Aug 10, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes....Show more Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to execute arbitrary executables with elevated privileges.Show less
CVE-2018-3688 1Intel 1Quartus Prime Programmer And Tools Nov 21, 2024 Jul 10, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.
CVE-2018-3687 1Intel 1Quartus Ii Programmer And Tools Nov 21, 2024 Jul 10, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.
CVE-2018-3684 1Intel 1Quartus Ii Nov 21, 2024 Jul 10, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.
CVE-2018-3683 1Intel 1Quartus Prime Nov 21, 2024 Jul 10, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.
CVE-2018-3668 1Intel 1Processor Diagnostic Tool Nov 21, 2024 Jul 10, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code.
CVE-2017-11672 1Opcfoundation 1Local Discovery Server Nov 21, 2024 Jun 13, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges.
CVE-2018-10619 1Rockwellautomation 2Factorytalk Linx Gateway Rslinx Classic Nov 21, 2024 Jun 7, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and...Show more An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation.Show less

Previous 1...18 192021 22 Next