Vulnerabilities > Uncontrolled Search Path Element

DATE CVE VULNERABILITY TITLE RISK
2020-05-16 CVE-2020-13110 Uncontrolled Search Path Element vulnerability in Kerberos Project Kerberos
The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search.
local
low complexity
kerberos-project CWE-427
7.8
2020-05-14 CVE-2020-10616 Uncontrolled Search Path Element vulnerability in Opto22 Softpac Project 9.6
Opto 22 SoftPAC Project Version 9.6 and prior.
network
low complexity
opto22 CWE-427
8.8
2020-05-14 CVE-2020-10626 Uncontrolled Search Path Element vulnerability in multiple products
In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.
local
low complexity
fazecast schneider-electric CWE-427
7.8
2020-05-12 CVE-2020-6244 Uncontrolled Search Path Element vulnerability in SAP Business Client 7.0
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element.
local
low complexity
sap CWE-427
7.8
2020-04-29 CVE-2019-20781 Uncontrolled Search Path Element vulnerability in LG Bridge
An issue was discovered in LG Bridge before April 2019 on Windows.
local
low complexity
lg CWE-427
7.8
2020-04-22 CVE-2020-5740 Uncontrolled Search Path Element vulnerability in Plex Media Server
Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges.
local
low complexity
plex CWE-427
7.8
2020-04-17 CVE-2019-20780 Uncontrolled Search Path Element vulnerability in Google Android
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software.
network
low complexity
google CWE-427
critical
9.8
2020-04-17 CVE-2019-20769 Uncontrolled Search Path Element vulnerability in LG PC Suite 5.3.27
An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier).
local
low complexity
lg CWE-427
7.8
2020-04-02 CVE-2020-10515 Uncontrolled Search Path Element vulnerability in Starface Unified Communication & Collaboration Client
STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006.
network
low complexity
starface CWE-427
critical
9.8
2020-04-01 CVE-2020-8146 Uncontrolled Search Path Element vulnerability in UI Unifi Video
In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities.
local
low complexity
ui CWE-427
7.8