Vulnerabilities > Uncontrolled Search Path Element

DATE CVE VULNERABILITY TITLE RISK
2022-07-18 CVE-2021-42923 Uncontrolled Search Path Element vulnerability in Showmypc 3606
ShowMyPC 3606 on Windows suffers from a DLL hijack vulnerability.
local
low complexity
showmypc CWE-427
7.3
2022-07-14 CVE-2022-32222 Uncontrolled Search Path Element vulnerability in multiple products
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.
network
low complexity
nodejs siemens CWE-427
5.3
2022-07-14 CVE-2022-32223 Uncontrolled Search Path Element vulnerability in Nodejs Node.Js
Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.
local
low complexity
nodejs CWE-427
7.3
2022-06-30 CVE-2017-20123 Uncontrolled Search Path Element vulnerability in Sparklabs Viscosity 1.6.7
A vulnerability was found in Viscosity 1.6.7.
local
low complexity
sparklabs CWE-427
7.8
2022-06-29 CVE-2022-33035 Uncontrolled Search Path Element vulnerability in Netsarang Xlpd 7.0.0094
XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
local
low complexity
netsarang CWE-427
7.8
2022-06-29 CVE-2022-33036 Uncontrolled Search Path Element vulnerability in Embarcadero Dev-C++ 6.3
A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file.
local
low complexity
embarcadero CWE-427
7.8
2022-06-29 CVE-2022-33037 Uncontrolled Search Path Element vulnerability in Orwell-Dev-Cpp Project Orwell-Dev-Cpp 5.11
A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file.
local
low complexity
orwell-dev-cpp-project CWE-427
7.8
2022-06-20 CVE-2022-1824 Uncontrolled Search Path Element vulnerability in Mcafee Consumer Product Removal Tool
An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name.
local
low complexity
mcafee CWE-427
8.2
2022-06-16 CVE-2017-20051 Uncontrolled Search Path Element vulnerability in Jrsoftware Inno Setup
A vulnerability was found in InnoSetup Installer.
local
low complexity
jrsoftware CWE-427
7.8
2022-06-15 CVE-2022-22788 Uncontrolled Search Path Element vulnerability in Zoom Meetings and Rooms
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed.
local
low complexity
zoom CWE-427
7.8