Vulnerabilities > Uncontrolled Search Path Element

DATE CVE VULNERABILITY TITLE RISK
2022-06-13 CVE-2022-24077 Uncontrolled Search Path Element vulnerability in Naver Cloud Explorer
Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection.
local
low complexity
naver CWE-427
7.8
2022-06-10 CVE-2022-29092 Uncontrolled Search Path Element vulnerability in Dell products
Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability.
local
low complexity
dell CWE-427
7.8
2022-06-09 CVE-2017-20018 Uncontrolled Search Path Element vulnerability in Apachefriends Xampp 7.1.10Vc14
A vulnerability was found in XAMPP 7.1.1-0-VC14.
local
low complexity
apachefriends CWE-427
7.8
2022-06-07 CVE-2022-30744 Uncontrolled Search Path Element vulnerability in Samsung Kies
DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code.
local
low complexity
samsung CWE-427
7.8
2022-05-27 CVE-2022-28394 Uncontrolled Search Path Element vulnerability in Trendmicro Password Manager
EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
local
low complexity
trendmicro CWE-427
7.8
2022-05-27 CVE-2022-30701 Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 2019
An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations.
local
low complexity
trendmicro CWE-427
7.8
2022-05-24 CVE-2022-23050 Uncontrolled Search Path Element vulnerability in Zohocorp Manageengine Applications Manager
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
network
low complexity
zohocorp CWE-427
7.2
2022-05-23 CVE-2022-31467 Uncontrolled Search Path Element vulnerability in Quickheal Total Security 10.1.0.316/11.00/12.00
A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load.
local
low complexity
quickheal CWE-427
7.3
2022-05-20 CVE-2022-28965 Uncontrolled Search Path Element vulnerability in Avast Premium Security 19.8.2393/20.8.2429
Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file.
local
low complexity
avast CWE-427
6.5
2022-05-16 CVE-2022-30696 Uncontrolled Search Path Element vulnerability in Acronis Snap Deploy 6
Local privilege escalation due to a DLL hijacking vulnerability.
local
low complexity
acronis CWE-427
7.8