Vulnerabilities > Uncontrolled Search Path Element

DATE CVE VULNERABILITY TITLE RISK
2020-10-10 CVE-2020-26947 Uncontrolled Search Path Element vulnerability in Getmonero Monero
monero-wallet-gui in Monero GUI before 0.17.1.0 includes the .
local
low complexity
getmonero CWE-427
7.8
2020-10-08 CVE-2019-19115 Uncontrolled Search Path Element vulnerability in Nahimic APO Software Component
An escalation of privilege vulnerability in Nahimic APO Software Component Driver 1.4.2, 1.5.0, 1.5.1, 1.6.1 and 1.6.2 allows an attacker to execute code with SYSTEM privileges.
local
low complexity
nahimic CWE-427
7.8
2020-10-08 CVE-2020-26894 Uncontrolled Search Path Element vulnerability in Faulknermedia Wildlife Issues in the NEW Millennium 18.0.160
LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application.
local
low complexity
faulknermedia CWE-427
7.8
2020-10-08 CVE-2020-3535 Uncontrolled Search Path Element vulnerability in Cisco Webex Teams
A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows could allow an authenticated, local attacker to load a malicious library.
local
low complexity
cisco CWE-427
8.4
2020-10-02 CVE-2020-24356 Uncontrolled Search Path Element vulnerability in Cloudflare Cloudflared
`cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems.
local
low complexity
cloudflare CWE-427
7.8
2020-10-02 CVE-2020-26538 Uncontrolled Search Path Element vulnerability in Foxitsoftware Foxit Reader
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.
local
low complexity
foxitsoftware CWE-427
7.8
2020-10-01 CVE-2020-15663 Uncontrolled Search Path Element vulnerability in Mozilla Firefox
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges.
network
low complexity
mozilla CWE-427
8.8
2020-09-18 CVE-2020-3979 Uncontrolled Search Path Element vulnerability in Installbuilder
InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users.
local
low complexity
installbuilder CWE-427
7.8
2020-09-18 CVE-2020-7358 Uncontrolled Search Path Element vulnerability in Rapid7 Appspider
In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine.
local
low complexity
rapid7 CWE-427
6.5
2020-09-10 CVE-2020-7312 Uncontrolled Search Path Element vulnerability in Mcafee Agent 5.0.0
DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.
local
low complexity
mcafee CWE-427
7.8