Vulnerabilities > Uncontrolled Search Path Element
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-03-21 | CVE-2019-9896 | Uncontrolled Search Path Element vulnerability in multiple products In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | 7.8 |
2019-03-21 | CVE-2019-4094 | Uncontrolled Search Path Element vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. | 7.8 |
2019-03-11 | CVE-2018-1890 | Uncontrolled Search Path Element vulnerability in IBM SDK 8.0 IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. | 7.8 |
2019-03-08 | CVE-2019-9634 | Uncontrolled Search Path Element vulnerability in Golang GO Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection. | 7.8 |
2019-03-01 | CVE-2019-9546 | Uncontrolled Search Path Element vulnerability in Solarwinds Orion Platform SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. | 9.8 |
2019-02-25 | CVE-2019-9116 | Uncontrolled Search Path Element vulnerability in Sublimetext Sublime Text 3 3.1.1 DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublime_text.exe to open a .txt file within an attacker's %LOCALAPPDATA%\Temp\sublime_text folder. | 7.8 |
2019-02-09 | CVE-2019-7653 | Uncontrolled Search Path Element vulnerability in multiple products The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. | 9.8 |
2019-01-09 | CVE-2018-16177 | Uncontrolled Search Path Element vulnerability in Ntt-West Fall Creators Update Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
2019-01-02 | CVE-2018-20211 | Uncontrolled Search Path Element vulnerability in Exiftool Project Exiftool 8.32 ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. | 7.8 |
2018-11-13 | CVE-2018-15452 | Uncontrolled Search Path Element vulnerability in Cisco Advanced Malware Protection for Endpoints A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. | 6.7 |