Vulnerabilities > Uncontrolled Search Path Element
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-12 | CVE-2020-29654 | Uncontrolled Search Path Element vulnerability in Westerndigital Dashboard Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account. | 7.8 |
2020-12-04 | CVE-2020-28950 | Uncontrolled Search Path Element vulnerability in Kaspersky Anti-Ransomware Tool 4.0 The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process. | 7.8 |
2020-12-04 | CVE-2020-27348 | Uncontrolled Search Path Element vulnerability in Canonical Snapcraft and Ubuntu Linux In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. | 6.8 |
2020-12-03 | CVE-2020-6021 | Uncontrolled Search Path Element vulnerability in Checkpoint Endpoint Security Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. | 7.8 |
2020-11-27 | CVE-2020-25738 | Uncontrolled Search Path Element vulnerability in Cyberark Endpoint Privilege Manager 11.1.0.173 CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database. | 5.5 |
2020-11-24 | CVE-2020-5674 | Uncontrolled Search Path Element vulnerability in Epson products Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
2020-11-12 | CVE-2020-12329 | Uncontrolled Search Path Element vulnerability in Intel Vtune Profiler 2017/2018/2019 Uncontrolled search path in the Intel(R) VTune(TM) Profiler before version 2020 Update 1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2020-11-12 | CVE-2020-12320 | Uncontrolled Search Path Element vulnerability in Intel SCS Add-On for Microsoft Sccm 2.1.10 Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM before version 2.1.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2020-11-12 | CVE-2020-13771 | Uncontrolled Search Path Element vulnerability in Ivanti Endpoint Manager Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation of privileges to the level of privilege held by the vulnerable component such as NT AUTHORITY\SYSTEM) via DLL hijacking. | 7.8 |
2020-11-11 | CVE-2020-5992 | Uncontrolled Search Path Element vulnerability in Nvidia Geforce NOW NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges. | 7.8 |