Vulnerabilities > Untrusted Search Path

DATE CVE VULNERABILITY TITLE RISK
2022-05-20 CVE-2022-28964 Untrusted Search Path vulnerability in Avast Premium Security 19.8.2393/20.8.2429
An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file.
local
avast CWE-426
5.4
2022-04-22 CVE-2022-29583 Untrusted Search Path vulnerability in Service Project Service
service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory.
local
low complexity
service-project CWE-426
4.6
2022-04-20 CVE-2022-24826 Untrusted Search Path vulnerability in GIT Large File Storage Project GIT Large File Storage
On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code.
4.4
2022-03-31 CVE-2022-25348 Untrusted Search Path vulnerability in Hibara Attachecase
Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
local
hibara CWE-426
4.4
2022-03-31 CVE-2022-28128 Untrusted Search Path vulnerability in Hibara Attachecase
Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
local
hibara CWE-426
4.4
2022-03-21 CVE-2022-26183 Untrusted Search Path vulnerability in Pnpm
PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content.
network
low complexity
pnpm CWE-426
6.5
2022-03-21 CVE-2022-26184 Untrusted Search Path vulnerability in Python-Poetry Poetry
Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content.
network
low complexity
python-poetry CWE-426
7.5
2022-03-17 CVE-2022-26526 Untrusted Search Path vulnerability in multiple products
Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable.
local
low complexity
anaconda conda CWE-426
4.6
2022-03-10 CVE-2022-26488 Untrusted Search Path vulnerability in Python
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured.
local
python CWE-426
4.4
2022-01-26 CVE-2021-45975 Untrusted Search Path vulnerability in Acer Care Center
In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack.
local
acer CWE-426
6.9