Vulnerabilities > Uncontrolled Search Path Element
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-25 | CVE-2019-12280 | Uncontrolled Search Path Element vulnerability in multiple products PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. | 6.8 |
2019-06-21 | CVE-2019-12572 | Uncontrolled Search Path Element vulnerability in Londontrustmedia Private Internet Access 1.0.2 A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. | 7.2 |
2019-06-18 | CVE-2019-12133 | Uncontrolled Search Path Element vulnerability in Zohocorp products Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. | 7.2 |
2019-05-22 | CVE-2018-7840 | Uncontrolled Search Path Element vulnerability in Pelco Videoxpert Opscenter A Uncontrolled Search Path Element (CWE-427) vulnerability exists in VideoXpert OpsCenter versions prior to 3.1 which could allow an attacker to cause the system to call an incorrect DLL. | 6.8 |
2019-05-17 | CVE-2019-11644 | Uncontrolled Search Path Element vulnerability in F-Secure products In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. | 6.8 |
2019-05-15 | CVE-2019-5526 | Uncontrolled Search Path Element vulnerability in VMWare Workstation VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. | 9.3 |
2019-05-10 | CVE-2019-5676 | Uncontrolled Search Path Element vulnerability in Nvidia Geforce Experience and GPU Display Driver NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution. | 7.2 |
2019-05-09 | CVE-2019-6564 | Uncontrolled Search Path Element vulnerability in GE Communicator 3.15 GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade. | 7.8 |
2019-05-09 | CVE-2019-6546 | Uncontrolled Search Path Element vulnerability in GE Communicator 3.15 GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements. | 7.8 |
2019-04-18 | CVE-2019-1794 | Uncontrolled Search Path Element vulnerability in Cisco Meeting Server 2.2 A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. | 5.1 |