Vulnerabilities > Uncontrolled Search Path Element
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-09 | CVE-2020-25238 | Uncontrolled Search Path Element vulnerability in Siemens products A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). | 7.8 |
| 2021-01-29 | CVE-2020-35145 | Uncontrolled Search Path Element vulnerability in Acronis True Image Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue. | 7.8 |
| 2021-01-27 | CVE-2021-25247 | Uncontrolled Search Path Element vulnerability in Trendmicro Housecall for Home Networks 5.3.0.1063 A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. | 7.8 |
| 2021-01-26 | CVE-2021-3115 | Uncontrolled Search Path Element vulnerability in multiple products Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download). | 7.5 |
| 2021-01-13 | CVE-2021-1240 | Uncontrolled Search Path Element vulnerability in Cisco Proximity A vulnerability in the loading process of specific DLLs in Cisco Proximity Desktop for Windows could allow an authenticated, local attacker to load a malicious library. | 7.3 |
| 2021-01-13 | CVE-2021-1237 | Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. | 7.8 |
| 2021-01-13 | CVE-2021-20616 | Uncontrolled Search Path Element vulnerability in Skygroup Skysea Client View Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2021-01-12 | CVE-2020-26050 | Uncontrolled Search Path Element vulnerability in Safervpn 5.0.3.3/5.0.4.15 SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low privileged users to SYSTEM via a crafted openssl configuration file. | 7.8 |
| 2021-01-11 | CVE-2020-35483 | Uncontrolled Search Path Element vulnerability in Anydesk 5.4.2/6.0.8 AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file. | 7.8 |
| 2020-12-24 | CVE-2020-5681 | Uncontrolled Search Path Element vulnerability in Epson products Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |