Vulnerabilities > Uncontrolled Search Path Element

DATE CVE VULNERABILITY TITLE RISK
2023-02-01 CVE-2022-34396 Uncontrolled Search Path Element vulnerability in Dell Openmanage Server Administrator
Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability.
local
low complexity
dell CWE-427
7.8
2023-01-27 CVE-2022-47632 Uncontrolled Search Path Element vulnerability in Razer Synapse
Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation.
low complexity
razer CWE-427
6.8
2023-01-26 CVE-2022-41141 Uncontrolled Search Path Element vulnerability in Windscribe 2.3.16
This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe.
local
low complexity
windscribe CWE-427
7.8
2023-01-20 CVE-2020-25502 Uncontrolled Search Path Element vulnerability in Cybereason Endpoint Detection and Response 20.2.0
Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges.
local
low complexity
cybereason CWE-427
7.8
2023-01-11 CVE-2023-22947 Uncontrolled Search Path Element vulnerability in Shibboleth Service Provider
Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder.
local
low complexity
shibboleth CWE-427
7.3
2023-01-06 CVE-2022-44939 Uncontrolled Search Path Element vulnerability in Echatserver Easy Chat Server 3.1
Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll.
local
low complexity
echatserver CWE-427
7.8
2022-12-22 CVE-2022-22736 Uncontrolled Search Path Element vulnerability in Mozilla Firefox
If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries.
local
high complexity
mozilla CWE-427
7.0
2022-12-22 CVE-2022-36314 Uncontrolled Search Path Element vulnerability in Mozilla Firefox
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows.
local
low complexity
mozilla CWE-427
5.5
2022-12-22 CVE-2021-36631 Uncontrolled Search Path Element vulnerability in Baidu Baidunetdisk 7.4.3
Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
baidu CWE-427
6.7
2022-12-21 CVE-2022-46330 Uncontrolled Search Path Element vulnerability in Squirrel.Windows Project Squirrel.Windows
Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications.
local
low complexity
squirrel-windows-project CWE-427
7.8