Vulnerabilities > Uncontrolled Search Path Element
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-13 | CVE-2021-35957 | Uncontrolled Search Path Element vulnerability in Stormshield Endpoint Security 2.0.0/2.0.2 Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones. | 6.7 |
| 2021-07-13 | CVE-2021-36376 | Uncontrolled Search Path Element vulnerability in Delta Project Delta dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory. | 7.8 |
| 2021-07-02 | CVE-2021-3606 | Uncontrolled Search Path Element vulnerability in Openvpn OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe). | 7.8 |
| 2021-07-02 | CVE-2021-3613 | Uncontrolled Search Path Element vulnerability in Openvpn Connect OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe). | 7.8 |
| 2021-06-24 | CVE-2021-29949 | Uncontrolled Search Path Element vulnerability in Mozilla Thunderbird When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. | 7.8 |
| 2021-06-23 | CVE-2021-21999 | Uncontrolled Search Path Element vulnerability in VMWare APP Volumes, Remote Console and Tools VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. | 7.8 |
| 2021-06-16 | CVE-2021-1567 | Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. | 6.7 |
| 2021-06-16 | CVE-2021-34803 | Uncontrolled Search Path Element vulnerability in Teamviewer TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations. | 7.8 |
| 2021-06-10 | CVE-2021-31840 | Uncontrolled Search Path Element vulnerability in Mcafee Agent 5.0.0/5.6.6 A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. | 7.3 |
| 2021-06-10 | CVE-2021-23023 | Uncontrolled Search Path Element vulnerability in F5 Big-Ip Access Policy Manager On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. | 7.8 |