Vulnerabilities > Uncontrolled Search Path Element

DATE CVE VULNERABILITY TITLE RISK
2020-08-19 CVE-2020-9724 Uncontrolled Search Path Element vulnerability in Adobe Lightroom 9.2.0.10
Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library loading vulnerability.
local
low complexity
adobe CWE-427
7.8
2020-08-17 CVE-2020-3433 Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack.
local
low complexity
cisco CWE-427
7.8
2020-08-14 CVE-2020-9767 Uncontrolled Search Path Element vulnerability in Zoom Sharing Service 5.0.4
A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL.
local
low complexity
zoom CWE-427
7.8
2020-08-13 CVE-2020-7360 Uncontrolled Search Path Element vulnerability in Philips Smartcontrol 4.3.15
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path.
local
low complexity
philips CWE-427
7.3
2020-08-13 CVE-2020-8687 Uncontrolled Search Path Element vulnerability in Intel Rste Software Raid
Uncontrolled search path in the installer for Intel(R) RSTe Software RAID Driver for the Intel(R) Server Board M10JNP2SB before version 4.7.0.1119 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-427
7.8
2020-08-12 CVE-2020-15596 Uncontrolled Search Path Element vulnerability in HP products
The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file.
local
low complexity
hp CWE-427
6.7
2020-08-11 CVE-2020-13177 Uncontrolled Search Path Element vulnerability in Teradici Graphics Agent and Pcoip Standard Agent
The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path.
local
low complexity
teradici CWE-427
7.8
2020-08-10 CVE-2020-15657 Uncontrolled Search Path Element vulnerability in Mozilla Firefox
Firefox could be made to load attacker-supplied DLL files from the installation directory.
local
low complexity
mozilla CWE-427
7.8
2020-07-29 CVE-2020-16143 Uncontrolled Search Path Element vulnerability in Seafile Seafile-Client 7.0.8
The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijacking because it loads exchndl.dll from the current working directory.
local
low complexity
seafile CWE-427
7.8
2020-07-21 CVE-2020-15724 Uncontrolled Search Path Element vulnerability in 360Totalsecurity 360 Total Security
In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability.
local
low complexity
360totalsecurity CWE-427
7.8