Vulnerabilities > Uncontrolled Search Path Element

DATE CVE VULNERABILITY TITLE RISK
2019-07-18 CVE-2019-7956 Uncontrolled Search Path Element vulnerability in Adobe Dreamweaver
Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability.
local
low complexity
adobe CWE-427
7.8
2019-07-15 CVE-2019-6825 Uncontrolled Search Path Element vulnerability in Schneider-Electric Proclima 6.0.1/6.1
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0.
local
low complexity
schneider-electric CWE-427
7.8
2019-07-13 CVE-2019-5629 Uncontrolled Search Path Element vulnerability in Rapid7 Insight Agent
Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path.
local
low complexity
rapid7 CWE-427
7.8
2019-07-11 CVE-2019-12575 Uncontrolled Search Path Element vulnerability in Londontrustmedia Private Internet Access VPN Client 82
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges.
local
low complexity
londontrustmedia CWE-427
7.8
2019-07-04 CVE-2019-1855 Uncontrolled Search Path Element vulnerability in Cisco Jabber
A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack.
local
low complexity
cisco CWE-427
7.3
2019-07-02 CVE-2019-5443 Uncontrolled Search Path Element vulnerability in multiple products
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation.
local
low complexity
haxx oracle netapp CWE-427
7.8
2019-06-25 CVE-2019-12280 Uncontrolled Search Path Element vulnerability in multiple products
PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.
local
low complexity
pc-doctor dell CWE-427
7.8
2019-06-21 CVE-2019-12572 Uncontrolled Search Path Element vulnerability in Londontrustmedia Private Internet Access 1.0.2
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges.
local
low complexity
londontrustmedia CWE-427
7.8
2019-06-13 CVE-2019-5245 Uncontrolled Search Path Element vulnerability in Huawei Hisuite
HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability.
local
low complexity
huawei CWE-427
5.3
2019-06-03 CVE-2019-12177 Uncontrolled Search Path Element vulnerability in HTC Viveport
Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking.
local
low complexity
htc CWE-427
7.8