Vulnerabilities > Uncontrolled Search Path Element
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-05-24 | CVE-2019-7093 | Uncontrolled Search Path Element vulnerability in Adobe Creative Cloud Creative Cloud Desktop Application (installer) versions 4.7.0.400 and earlier have an insecure library loading (dll hijacking) vulnerability. | 7.8 |
2019-05-22 | CVE-2018-7840 | Uncontrolled Search Path Element vulnerability in Pelco Videoxpert Opscenter A Uncontrolled Search Path Element (CWE-427) vulnerability exists in VideoXpert OpsCenter versions prior to 3.1 which could allow an attacker to cause the system to call an incorrect DLL. | 7.8 |
2019-05-17 | CVE-2019-11644 | Uncontrolled Search Path Element vulnerability in F-Secure products In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. | 7.8 |
2019-05-15 | CVE-2019-5526 | Uncontrolled Search Path Element vulnerability in VMWare Workstation VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. | 7.8 |
2019-05-10 | CVE-2019-5676 | Uncontrolled Search Path Element vulnerability in Nvidia Geforce Experience and GPU Display Driver NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution. | 6.7 |
2019-05-09 | CVE-2019-6564 | Uncontrolled Search Path Element vulnerability in GE Communicator 3.15 GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade. | 7.8 |
2019-05-09 | CVE-2019-6546 | Uncontrolled Search Path Element vulnerability in GE Communicator 3.15 GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements. | 7.8 |
2019-04-18 | CVE-2019-1794 | Uncontrolled Search Path Element vulnerability in Cisco Meeting Server 2.2 A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. | 5.1 |
2019-04-11 | CVE-2019-6534 | Uncontrolled Search Path Element vulnerability in Gemalto Sentinel Ultrapro Client Library 1.3.0/1.3.1/1.3.2 The uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 enables an attacker to load and execute a malicious file. | 7.8 |
2019-03-25 | CVE-2015-1014 | Uncontrolled Search Path Element vulnerability in Schneider-Electric OPC Factory Server 3.5 A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. | 7.3 |