National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): unquoted search path
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 63 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-6149

An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.

Published: March 17, 2019; 09:32:29 PM -04:00
V3: 6.7 MEDIUM
V2: 7.2 HIGH
CVE-2018-16098

In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.

Published: January 24, 2019; 05:29:00 PM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-16183

An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.

Published: January 09, 2019; 06:29:03 PM -05:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-14789

In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges.

Published: August 22, 2018; 02:29:00 PM -04:00
V3: 6.7 MEDIUM
V2: 4.6 MEDIUM
CVE-2018-10619

An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation.

Published: June 07, 2018; 04:29:00 PM -04:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-4873

Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.

Published: May 19, 2018; 01:29:00 PM -04:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-2406

Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.

Published: April 10, 2018; 11:29:01 AM -04:00
V3: 5.3 MEDIUM
V2: 4.6 MEDIUM
CVE-2018-5470

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.

Published: March 26, 2018; 10:29:00 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-6321

Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.

Published: March 12, 2018; 05:29:00 PM -04:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-6016

Unquoted Windows search path vulnerability in the srvInventoryWebServer service in 10-Strike Network Monitor 5.4 allows local users to gain privileges via a malicious artefact.

Published: March 12, 2018; 05:29:00 PM -04:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-6384

Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.

Published: January 31, 2018; 11:29:00 AM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2016-6803

An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit.

Published: November 13, 2017; 09:29:00 AM -05:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2017-14019

An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate his or her privileges.

Published: October 19, 2017; 07:29:00 PM -04:00
V3: 6.7 MEDIUM
V2: 4.6 MEDIUM
CVE-2017-12730

An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.

Published: October 06, 2017; 12:29:00 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-9644

An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.

Published: August 25, 2017; 03:29:00 PM -04:00
V3: 7.0 HIGH
V2: 6.9 MEDIUM
CVE-2017-3005

Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have an unquoted search path vulnerability.

Published: April 12, 2017; 10:59:01 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-5873

Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.

Published: April 11, 2017; 11:59:00 AM -04:00
V3: 6.7 MEDIUM
V2: 4.6 MEDIUM
CVE-2016-8769

Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed.

Published: April 02, 2017; 04:59:01 PM -04:00
V3: 6.7 MEDIUM
V2: 7.2 HIGH
CVE-2016-9356

An issue was discovered in Moxa DACenter Versions 1.4 and older. The application may suffer from an unquoted search path issue.

Published: February 13, 2017; 04:59:01 PM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2016-5852

For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path.

Published: November 08, 2016; 03:59:05 PM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH