Vulnerabilities > Uncontrolled Search Path Element

DATE CVE VULNERABILITY TITLE RISK
2022-05-12 CVE-2022-22139 Uncontrolled Search Path Element vulnerability in Intel Extreme Tuning Utility 6.4.1.21/6.5.1.360/6.5.3.25
Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-427
7.3
2022-05-11 CVE-2022-0025 Uncontrolled Search Path Element vulnerability in Paloaltonetworks Cortex XDR Agent 7.7.1
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges.
local
low complexity
paloaltonetworks CWE-427
6.7
2022-05-11 CVE-2021-34606 Uncontrolled Search Path Element vulnerability in Xinje Xd/E Series PLC Program Tool
A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL.
local
low complexity
xinje CWE-427
7.3
2022-05-06 CVE-2021-42743 Uncontrolled Search Path Element vulnerability in Splunk
A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.
local
low complexity
splunk CWE-427
7.8
2022-05-04 CVE-2021-20051 Uncontrolled Search Path Element vulnerability in Sonicwall Global VPN Client 4.10.4.0314/4.10.6/4.10.7.1117
SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components.
local
low complexity
sonicwall CWE-427
7.8
2022-05-03 CVE-2022-28792 Uncontrolled Search Path Element vulnerability in Samsung Gear Iconx PC Manager
DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code.
local
low complexity
samsung CWE-427
7.8
2022-04-22 CVE-2022-0192 Uncontrolled Search Path Element vulnerability in Lenovo Pcmanager
A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.
local
low complexity
lenovo CWE-427
7.8
2022-04-12 CVE-2022-24767 Uncontrolled Search Path Element vulnerability in multiple products
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.
7.8
2022-04-12 CVE-2022-23449 Uncontrolled Search Path Element vulnerability in Siemens products
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1).
local
low complexity
siemens CWE-427
7.3
2022-04-11 CVE-2022-27842 Uncontrolled Search Path Element vulnerability in Samsung Smart Switch PC
DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code.
local
low complexity
samsung CWE-427
7.8