Vulnerabilities > Uncontrolled Search Path Element
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-24 | CVE-2020-14349 | Uncontrolled Search Path Element vulnerability in multiple products It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. | 7.1 |
| 2020-08-17 | CVE-2020-3433 | Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. | 7.8 |
| 2020-08-14 | CVE-2020-9767 | Uncontrolled Search Path Element vulnerability in Zoom Sharing Service 5.0.4 A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL. | 7.2 |
| 2020-08-13 | CVE-2020-7360 | Uncontrolled Search Path Element vulnerability in Philips Smartcontrol 4.3.15 An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. | 6.9 |
| 2020-08-13 | CVE-2020-8687 | Uncontrolled Search Path Element vulnerability in Intel Rste Software Raid Uncontrolled search path in the installer for Intel(R) RSTe Software RAID Driver for the Intel(R) Server Board M10JNP2SB before version 4.7.0.1119 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
| 2020-08-11 | CVE-2020-13177 | Uncontrolled Search Path Element vulnerability in Teradici Graphics Agent and Pcoip Standard Agent The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path. | 4.4 |
| 2020-08-10 | CVE-2020-15657 | Uncontrolled Search Path Element vulnerability in Mozilla Firefox Firefox could be made to load attacker-supplied DLL files from the installation directory. | 6.9 |
| 2020-07-29 | CVE-2020-16143 | Uncontrolled Search Path Element vulnerability in Seafile Seafile-Client 7.0.8 The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijacking because it loads exchndl.dll from the current working directory. | 4.4 |
| 2020-07-09 | CVE-2020-12423 | Uncontrolled Search Path Element vulnerability in Mozilla Firefox When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. | 7.8 |
| 2020-07-03 | CVE-2019-20419 | Uncontrolled Search Path Element vulnerability in Atlassian Jira Data Center and Jira Server Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. | 4.4 |