Vulnerabilities > Uncontrolled Search Path Element

DATE CVE VULNERABILITY TITLE RISK
2020-09-04 CVE-2019-3881 Uncontrolled Search Path Element vulnerability in Bundler
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available.
local
low complexity
bundler CWE-427
7.8
2020-09-03 CVE-2020-24162 Uncontrolled Search Path Element vulnerability in Tencent 5.8.2.5300
The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability.
local
low complexity
tencent CWE-427
7.8
2020-09-03 CVE-2020-24161 Uncontrolled Search Path Element vulnerability in 163 Netease Mail Master 4.14.1.1004
Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability.
local
low complexity
163 CWE-427
7.8
2020-09-03 CVE-2020-24160 Uncontrolled Search Path Element vulnerability in Tencent TIM 3.0.0.21315
Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code.
local
low complexity
tencent CWE-427
7.8
2020-09-03 CVE-2020-24159 Uncontrolled Search Path Element vulnerability in 163 Netease Youdao Dictionary 8.9.2.0
NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions.
local
low complexity
163 CWE-427
7.8
2020-09-03 CVE-2020-24158 Uncontrolled Search Path Element vulnerability in 360 Speed Browser 12.0.1247.0
360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code.
local
low complexity
360 CWE-427
7.8
2020-09-02 CVE-2020-25045 Uncontrolled Search Path Element vulnerability in Kaspersky Security Center and Security Center web Console
Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system.
local
low complexity
kaspersky CWE-427
7.8
2020-09-02 CVE-2020-15167 Uncontrolled Search Path Element vulnerability in Johnkerl Miller 5.9.0
In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc` file in the working directory.
local
low complexity
johnkerl CWE-427
8.6
2020-08-31 CVE-2020-5419 Uncontrolled Search Path Element vulnerability in multiple products
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution.
local
low complexity
pivotal-software vmware CWE-427
6.7
2020-08-24 CVE-2020-14349 Uncontrolled Search Path Element vulnerability in multiple products
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication.
network
high complexity
postgresql opensuse CWE-427
7.1