Vulnerabilities > Uncontrolled Search Path Element
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-14 | CVE-2019-7960 | Uncontrolled Search Path Element vulnerability in Adobe Animate CC Adobe Animate CC versions 19.2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. | 4.4 |
2019-11-12 | CVE-2019-5695 | Uncontrolled Search Path Element vulnerability in Nvidia Geforce Experience and GPU Driver NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. | 6.9 |
2019-11-09 | CVE-2019-5701 | Uncontrolled Search Path Element vulnerability in Nvidia Geforce Experience NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution. | 6.2 |
2019-11-09 | CVE-2019-5694 | Uncontrolled Search Path Element vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. | 4.4 |
2019-10-24 | CVE-2019-6692 | Uncontrolled Search Path Element vulnerability in Fortinet Forticlient A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL. | 4.4 |
2019-10-21 | CVE-2019-9491 | Uncontrolled Search Path Element vulnerability in Trendmicro Anti-Threat Toolkit 1.62.0.1218 Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. | 7.8 |
2019-10-11 | CVE-2019-6333 | Uncontrolled Search Path Element vulnerability in HP Touchpoint Analytics A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. | 7.2 |
2019-09-24 | CVE-2019-3726 | Uncontrolled Search Path Element vulnerability in Dell Update Package Framework 19.1.0.413/3.8.3.67 An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. | 6.2 |
2019-09-12 | CVE-2019-11773 | Uncontrolled Search Path Element vulnerability in Eclipse OMR Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users. | 4.4 |
2019-08-26 | CVE-2019-4447 | Uncontrolled Search Path Element vulnerability in IBM DB2 High Performance Unload Load 6.1/6.1.0.1/6.1.0.2 IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. | 7.8 |