Vulnerabilities > Uncontrolled Search Path Element
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-23 | CVE-2022-31467 | Uncontrolled Search Path Element vulnerability in Quickheal Total Security 10.1.0.316/11.00/12.00 A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load. | 4.4 |
2022-05-20 | CVE-2022-28965 | Uncontrolled Search Path Element vulnerability in Avast Premium Security 19.8.2393/20.8.2429 Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file. | 6.5 |
2022-05-16 | CVE-2022-30696 | Uncontrolled Search Path Element vulnerability in Acronis Snap Deploy 6 Local privilege escalation due to a DLL hijacking vulnerability. | 4.4 |
2022-05-12 | CVE-2022-22139 | Uncontrolled Search Path Element vulnerability in Intel Extreme Tuning Utility 6.4.1.21/6.5.1.360/6.5.3.25 Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.4 |
2022-05-11 | CVE-2022-28247 | Uncontrolled Search Path Element vulnerability in Adobe products Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation. | 4.4 |
2022-05-11 | CVE-2022-0025 | Uncontrolled Search Path Element vulnerability in Paloaltonetworks Cortex XDR Agent A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. | 7.2 |
2022-05-11 | CVE-2021-34606 | Uncontrolled Search Path Element vulnerability in Xinje Xd/E Series PLC Program Tool A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. | 6.9 |
2022-05-06 | CVE-2021-42743 | Uncontrolled Search Path Element vulnerability in Splunk A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows. | 4.6 |
2022-05-05 | CVE-2022-28714 | Uncontrolled Search Path Element vulnerability in F5 products On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. | 4.4 |
2022-05-04 | CVE-2021-20051 | Uncontrolled Search Path Element vulnerability in Sonicwall Global VPN Client 4.10.4.0314/4.10.6 SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. | 6.9 |