I observed that unquoted path vulnerability detection script namely “gb_unquoted_path_vulnerabilities_win.nasl” produces some false positives. Script looks for vulnerable services but if it founds any of them than it reports 56 different CVEs.
All the CVEs are related to Unquoted Path Vulnerability but not all of them may be related to service that the script finds. For example, CVE-2016-8769 relates to a Huawei service, and CVE-2015-4173 relates to Dell SonicWall NetExtender software which I’m sure that I don’t have any product in my system.
Maybe a detailed check for these CPEs of the reported CVEs must be written in the script.