Vulnerabilities > Uncontrolled Search Path Element

DATE CVE VULNERABILITY TITLE RISK
2024-09-17 CVE-2024-44168 Uncontrolled Search Path Element vulnerability in Apple Macos
A library injection issue was addressed with additional restrictions.
local
low complexity
apple CWE-427
5.5
2024-09-16 CVE-2024-34153 Uncontrolled Search Path Element vulnerability in Intel Raid web Console
Uncontrolled search path element in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-427
7.8
2024-09-16 CVE-2024-39613 Uncontrolled Search Path Element vulnerability in Mattermost Desktop
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.
local
low complexity
mattermost CWE-427
7.8
2024-09-12 CVE-2024-20430 Uncontrolled Search Path Element vulnerability in Cisco Meraki Systems Manager
A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.&nbsp; This vulnerability is due to incorrect handling of directory search paths at runtime.
local
low complexity
cisco CWE-427
7.3
2024-09-12 CVE-2024-6510 Uncontrolled Search Path Element vulnerability in AVG Internet Security
Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.
local
low complexity
avg CWE-427
7.8
2024-09-10 CVE-2024-44107 Uncontrolled Search Path Element vulnerability in Ivanti Workspace Control
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.
local
low complexity
ivanti CWE-427
7.8
2024-09-10 CVE-2024-8441 Uncontrolled Search Path Element vulnerability in Ivanti Endpoint Manager
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
local
low complexity
ivanti CWE-427
6.7
2024-09-04 CVE-2024-7834 Uncontrolled Search Path Element vulnerability in Overwolf
A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch.
local
low complexity
overwolf CWE-427
7.8
2024-08-29 CVE-2024-34017 Uncontrolled Search Path Element vulnerability in Acronis Snap Deploy 6
Local privilege escalation due to DLL hijacking vulnerability.
local
low complexity
acronis CWE-427
7.3
2024-08-29 CVE-2024-34019 Uncontrolled Search Path Element vulnerability in Acronis Snap Deploy 6
Local privilege escalation due to DLL hijacking vulnerability.
local
low complexity
acronis CWE-427
7.3