Vulnerabilities > Uncontrolled Search Path Element
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-23 | CVE-2021-28822 | Uncontrolled Search Path Element vulnerability in Tibco Enterprise Message Service 8.5.1 The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. | 7.8 |
| 2021-03-23 | CVE-2021-28820 | Uncontrolled Search Path Element vulnerability in Tibco FTL The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. | 7.8 |
| 2021-03-22 | CVE-2021-28955 | Uncontrolled Search Path Element vulnerability in Git-Bug Project Git-Bug git-bug before 0.7.2 has an Uncontrolled Search Path Element. | 7.5 |
| 2021-03-21 | CVE-2021-28953 | Uncontrolled Search Path Element vulnerability in C/C++ Advanced Lint Project C/C++ Advanced Lint The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted repository. | 7.8 |
| 2021-03-18 | CVE-2020-9367 | Uncontrolled Search Path Element vulnerability in Zohocorp Manageengine Desktop Central 10.0.486 The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. | 6.9 |
| 2021-03-18 | CVE-2021-22665 | Uncontrolled Search Path Element vulnerability in Rockwellautomation Drivetools Add-On Profiles and Drivetools SP Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system. | 7.2 |
| 2021-03-12 | CVE-2021-21518 | Uncontrolled Search Path Element vulnerability in Dell products Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. | 7.2 |
| 2021-03-12 | CVE-2021-20674 | Uncontrolled Search Path Element vulnerability in Ntt-Tx Magicconnect Untrusted search path vulnerability in Installer of MagicConnect Client program distributed before 2021 March 1 allows an attacker to gain privileges and via a Trojan horse DLL in an unspecified directory and to execute arbitrary code with the privilege of the user invoking the installer when a terminal is connected remotely using Remote desktop. | 6.8 |
| 2021-02-26 | CVE-2020-28646 | Uncontrolled Search Path Element vulnerability in Owncloud Desktop Client ownCloud owncloud/client before 2.7 allows DLL Injection. | 4.4 |
| 2021-02-17 | CVE-2021-1366 | Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. | 7.8 |