Vulnerabilities > Uncontrolled Search Path Element

DATE CVE VULNERABILITY TITLE RISK
2019-05-24 CVE-2019-7093 Uncontrolled Search Path Element vulnerability in Adobe Creative Cloud
Creative Cloud Desktop Application (installer) versions 4.7.0.400 and earlier have an insecure library loading (dll hijacking) vulnerability.
local
low complexity
adobe CWE-427
7.8
2019-05-22 CVE-2018-7840 Uncontrolled Search Path Element vulnerability in Pelco Videoxpert Opscenter
A Uncontrolled Search Path Element (CWE-427) vulnerability exists in VideoXpert OpsCenter versions prior to 3.1 which could allow an attacker to cause the system to call an incorrect DLL.
local
low complexity
pelco CWE-427
7.8
2019-05-17 CVE-2019-11644 Uncontrolled Search Path Element vulnerability in F-Secure products
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer.
local
low complexity
f-secure CWE-427
7.8
2019-05-15 CVE-2019-5526 Uncontrolled Search Path Element vulnerability in VMWare Workstation
VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application.
local
low complexity
vmware CWE-427
7.8
2019-05-10 CVE-2019-5676 Uncontrolled Search Path Element vulnerability in Nvidia Geforce Experience and GPU Display Driver
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution.
local
low complexity
nvidia CWE-427
6.7
2019-05-09 CVE-2019-6564 Uncontrolled Search Path Element vulnerability in GE Communicator 3.15
GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade.
local
low complexity
ge CWE-427
7.8
2019-05-09 CVE-2019-6546 Uncontrolled Search Path Element vulnerability in GE Communicator 3.15
GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements.
local
low complexity
ge CWE-427
7.8
2019-04-18 CVE-2019-1794 Uncontrolled Search Path Element vulnerability in Cisco Meeting Server 2.2
A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing.
local
low complexity
cisco CWE-427
5.1
2019-04-11 CVE-2019-6534 Uncontrolled Search Path Element vulnerability in Gemalto Sentinel Ultrapro Client Library 1.3.0/1.3.1/1.3.2
The uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 enables an attacker to load and execute a malicious file.
local
low complexity
gemalto CWE-427
7.8
2019-03-25 CVE-2015-1014 Uncontrolled Search Path Element vulnerability in Schneider-Electric OPC Factory Server 3.5
A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA..
local
low complexity
schneider-electric CWE-427
7.3