Vulnerabilities > Uncontrolled Search Path Element
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-28 | CVE-2022-32168 | Uncontrolled Search Path Element vulnerability in Notepad-Plus-Plus Notepad++ Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++. | 7.8 |
| 2022-08-05 | CVE-2022-36840 | Uncontrolled Search Path Element vulnerability in Samsung Update DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code. | 7.8 |
| 2022-07-27 | CVE-2022-2313 | Uncontrolled Search Path Element vulnerability in Mcafee Agent A DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL into the folder from where the Smart installer is being executed. | 7.3 |
| 2022-07-14 | CVE-2022-32222 | Uncontrolled Search Path Element vulnerability in multiple products A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3. | 5.3 |
| 2022-07-14 | CVE-2022-32223 | Uncontrolled Search Path Element vulnerability in Nodejs Node.Js Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability. | 7.3 |
| 2022-06-30 | CVE-2017-20123 | Uncontrolled Search Path Element vulnerability in Sparklabs Viscosity 1.6.7 A vulnerability was found in Viscosity 1.6.7. | 6.9 |
| 2022-06-29 | CVE-2022-33035 | Uncontrolled Search Path Element vulnerability in Netsarang Xlpd XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | 7.2 |
| 2022-06-29 | CVE-2022-33036 | Uncontrolled Search Path Element vulnerability in Embarcadero Dev-C++ 6.3 A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file. | 4.4 |
| 2022-06-29 | CVE-2022-33037 | Uncontrolled Search Path Element vulnerability in Orwell-Dev-Cpp Project Orwell-Dev-Cpp A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file. | 4.4 |
| 2022-06-20 | CVE-2022-1824 | Uncontrolled Search Path Element vulnerability in Mcafee Consumer Product Removal Tool An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. | 8.2 |