Vulnerabilities > Uncontrolled Search Path Element

DATE CVE VULNERABILITY TITLE RISK
2022-01-10 CVE-2021-30360 Uncontrolled Search Path Element vulnerability in Checkpoint Endpoint Security
Users have access to the directory where the installation repair occurs.
local
low complexity
checkpoint CWE-427
7.8
2021-12-14 CVE-2021-4007 Uncontrolled Search Path Element vulnerability in Rapid7 Insight Agent
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path.
local
low complexity
rapid7 CWE-427
7.8
2021-12-08 CVE-2021-20047 Uncontrolled Search Path Element vulnerability in Sonicwall Global VPN Client
SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability.
local
low complexity
sonicwall CWE-427
7.8
2021-12-06 CVE-2021-43037 Uncontrolled Search Path Element vulnerability in Kaseya Unitrends Backup
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5.
local
low complexity
kaseya CWE-427
7.8
2021-12-01 CVE-2021-32592 Uncontrolled Search Path Element vulnerability in Fortinet products
An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.
local
low complexity
fortinet CWE-427
7.8
2021-11-29 CVE-2021-44198 Uncontrolled Search Path Element vulnerability in Acronis Cyber Protect 15
DLL hijacking could lead to local privilege escalation.
local
low complexity
acronis CWE-427
7.8
2021-11-29 CVE-2021-44199 Uncontrolled Search Path Element vulnerability in Acronis Agent, Cyber Protect and Cyber Protect Home Office
DLL hijacking could lead to denial of service.
local
low complexity
acronis CWE-427
5.5
2021-11-17 CVE-2021-0082 Uncontrolled Search Path Element vulnerability in Intel products
Uncontrolled search path in software installer for Intel(R) PROSet/Wireless WiFi in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-427
7.8
2021-11-12 CVE-2021-3840 Uncontrolled Search Path Element vulnerability in Lenovo Antilles 1.0.0
A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi).
network
low complexity
lenovo CWE-427
8.8
2021-11-10 CVE-2021-31853 Uncontrolled Search Path Element vulnerability in Mcafee Drive Encryption
DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.
local
low complexity
mcafee CWE-427
7.8