Vulnerabilities > Uncontrolled Search Path Element
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-11 | CVE-2019-6534 | Uncontrolled Search Path Element vulnerability in Gemalto Sentinel Ultrapro Client Library 1.3.0/1.3.1/1.3.2 The uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 enables an attacker to load and execute a malicious file. | 7.8 |
2019-03-25 | CVE-2015-1014 | Uncontrolled Search Path Element vulnerability in Schneider-Electric OPC Factory Server 3.5 A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. | 4.4 |
2019-03-21 | CVE-2019-9896 | Uncontrolled Search Path Element vulnerability in multiple products In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | 4.6 |
2019-03-21 | CVE-2019-4094 | Uncontrolled Search Path Element vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. | 7.8 |
2019-03-11 | CVE-2018-1890 | Uncontrolled Search Path Element vulnerability in IBM SDK 8.0 IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. | 4.6 |
2019-03-08 | CVE-2019-9634 | Uncontrolled Search Path Element vulnerability in Golang GO Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection. | 6.8 |
2019-03-01 | CVE-2019-9546 | Uncontrolled Search Path Element vulnerability in Solarwinds Orion Platform SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. | 7.5 |
2019-02-25 | CVE-2019-9116 | Uncontrolled Search Path Element vulnerability in Sublimetext Sublime Text 3 3.1.1 DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublime_text.exe to open a .txt file within an attacker's %LOCALAPPDATA%\Temp\sublime_text folder. | 7.8 |
2019-02-09 | CVE-2019-7653 | Uncontrolled Search Path Element vulnerability in multiple products The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. | 7.5 |
2019-01-09 | CVE-2018-16177 | Uncontrolled Search Path Element vulnerability in Ntt-West Fall Creators Update Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 4.4 |