Vulnerabilities > Uncontrolled Search Path Element

DATE CVE VULNERABILITY TITLE RISK
2022-03-18 CVE-2020-25182 Uncontrolled Search Path Element vulnerability in multiple products
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries.
6.7
2022-03-17 CVE-2022-25969 Uncontrolled Search Path Element vulnerability in Kingsoft WPS Office 10.8.0.6186
The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
local
low complexity
kingsoft CWE-427
7.8
2022-03-17 CVE-2022-26081 Uncontrolled Search Path Element vulnerability in Kingsoft WPS Office 10.8.0.5745
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
local
low complexity
kingsoft CWE-427
7.8
2022-03-17 CVE-2022-26511 Uncontrolled Search Path Element vulnerability in Kingsoft WPS Presentation 11.8.0.5745
WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading).
local
low complexity
kingsoft CWE-427
7.8
2022-03-11 CVE-2022-23401 Uncontrolled Search Path Element vulnerability in Yokogawa products
The following Yokogawa Electric products contain insecure DLL loading issues.
local
low complexity
yokogawa CWE-427
7.8
2022-03-08 CVE-2022-26319 Uncontrolled Search Path Element vulnerability in Trendmicro Portable Security 2.0/3.0
An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges.
local
low complexity
trendmicro CWE-427
6.5
2022-03-08 CVE-2022-26337 Uncontrolled Search Path Element vulnerability in Trendmicro Password Manager
Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine.
local
low complexity
trendmicro CWE-427
7.8
2022-03-03 CVE-2022-22943 Uncontrolled Search Path Element vulnerability in VMWare Tools
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability.
local
low complexity
vmware CWE-427
6.7
2022-02-15 CVE-2021-43940 Uncontrolled Search Path Element vulnerability in Atlassian Confluence Data Center
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer.
local
low complexity
atlassian CWE-427
7.8
2022-02-14 CVE-2022-23410 Uncontrolled Search Path Element vulnerability in Axis IP Utility 4.17.0
AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking.
local
low complexity
axis CWE-427
7.8