Vulnerabilities > Uncontrolled Search Path Element
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-06 | CVE-2019-20406 | Uncontrolled Search Path Element vulnerability in Atlassian Confluence The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability. | 7.8 |
| 2020-02-06 | CVE-2019-20400 | Uncontrolled Search Path Element vulnerability in Atlassian Jira Server The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability. | 7.8 |
| 2020-01-30 | CVE-2013-0725 | Uncontrolled Search Path Element vulnerability in Hexagongeospatial Erdas ER Viewer 13.0 ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary code execution vulnerabilities | 7.8 |
| 2020-01-28 | CVE-2020-8315 | Uncontrolled Search Path Element vulnerability in Python In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. | 5.5 |
| 2020-01-22 | CVE-2019-6858 | Uncontrolled Search Path Element vulnerability in Schneider-Electric MSX Configurator A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX Configurator (Software Version prior to V1.0.8.1), which could cause privilege escalation when injecting a malicious DLL. | 7.8 |
| 2020-01-17 | CVE-2019-14600 | Uncontrolled Search Path Element vulnerability in Intel Snmp Subagent Stand-Alone Uncontrolled search path element in the installer for Intel(R) SNMP Subagent Stand-Alone for Windows* may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 |
| 2020-01-14 | CVE-2016-6592 | Uncontrolled Search Path Element vulnerability in Symantec Norton Download Manager A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. | 7.8 |
| 2020-01-09 | CVE-2016-5311 | Uncontrolled Search Path Element vulnerability in Symantec products A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges. | 7.8 |
| 2019-12-24 | CVE-2019-19954 | Uncontrolled Search Path Element vulnerability in Signal Signal-Desktop Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file. | 7.3 |
| 2019-12-23 | CVE-2019-5539 | Uncontrolled Search Path Element vulnerability in VMWare Horizon View Agent and Workstation VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. | 7.8 |