Vulnerabilities > Uncontrolled Search Path Element
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-11 | CVE-2020-35483 | Uncontrolled Search Path Element vulnerability in Anydesk 5.4.2/6.0.8 AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file. | 7.8 |
| 2020-12-24 | CVE-2020-5681 | Uncontrolled Search Path Element vulnerability in Epson products Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2020-12-12 | CVE-2020-29654 | Uncontrolled Search Path Element vulnerability in Westerndigital Dashboard Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account. | 7.8 |
| 2020-12-11 | CVE-2020-24447 | Uncontrolled Search Path Element vulnerability in Adobe Lightroom 10.0/9.2.0.10/9.3 Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. | 7.0 |
| 2020-12-11 | CVE-2020-24440 | Uncontrolled Search Path Element vulnerability in Adobe Prelude 9.0/9.0.1 Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. | 7.0 |
| 2020-12-09 | CVE-2020-2049 | Uncontrolled Search Path Element vulnerability in Paloaltonetworks Cortex XDR Agent A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. | 7.8 |
| 2020-12-04 | CVE-2020-28950 | Uncontrolled Search Path Element vulnerability in Kaspersky Anti-Ransomware Tool 4.0 The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process. | 7.8 |
| 2020-12-04 | CVE-2020-27348 | Uncontrolled Search Path Element vulnerability in Canonical Snapcraft and Ubuntu Linux In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. | 6.8 |
| 2020-12-03 | CVE-2020-6021 | Uncontrolled Search Path Element vulnerability in Checkpoint Endpoint Security Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. | 7.8 |
| 2020-11-27 | CVE-2020-25738 | Uncontrolled Search Path Element vulnerability in Cyberark Endpoint Privilege Manager 11.1.0.173 CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database. | 5.5 |