Vulnerabilities > Uncontrolled Search Path Element

DATE CVE VULNERABILITY TITLE RISK
2020-03-25 CVE-2020-3803 Uncontrolled Search Path Element vulnerability in Adobe Acrobat DC
Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an insecure library loading (dll hijacking) vulnerability.
local
low complexity
adobe CWE-427
7.8
2020-03-25 CVE-2020-10649 Uncontrolled Search Path Element vulnerability in Asus Device Activation
DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.
local
low complexity
asus CWE-427
7.8
2020-03-23 CVE-2020-7474 Uncontrolled Search Path Element vulnerability in Schneider-Electric Pmepxm0100 Prosoft Configurator 1.002
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL.
local
low complexity
schneider-electric CWE-427
7.8
2020-03-15 CVE-2020-9290 Uncontrolled Search Path Element vulnerability in Fortinet Forticlient
An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.
local
low complexity
fortinet CWE-427
7.8
2020-03-15 CVE-2020-9287 Uncontrolled Search Path Element vulnerability in Fortinet Forticlient Emergency Management Server 6.2.1
An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory.
local
low complexity
fortinet CWE-427
7.8
2020-03-12 CVE-2020-8469 Uncontrolled Search Path Element vulnerability in Trendmicro Password Manager 5.0
Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation.
local
low complexity
trendmicro CWE-427
7.8
2020-03-12 CVE-2020-0565 Uncontrolled Search Path Element vulnerability in Intel Graphics Driver
Uncontrolled search path in Intel(R) Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-427
7.8
2020-03-12 CVE-2020-0515 Uncontrolled Search Path Element vulnerability in Intel Graphics Driver
Uncontrolled search path element in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7584, 15.45.30.5103, 15.40.44.5107, 15.36.38.5117, and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege via local access
local
low complexity
intel CWE-427
7.8
2020-02-20 CVE-2020-8601 Uncontrolled Search Path Element vulnerability in Trendmicro vulnerability Protection 2.0
Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory.
local
low complexity
trendmicro CWE-427
7.8
2020-02-20 CVE-2019-14688 Uncontrolled Search Path Element vulnerability in Trendmicro products
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation.
local
high complexity
trendmicro CWE-427
7.0