Vulnerabilities > Untrusted Search Path
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-24 | CVE-2020-14350 | Untrusted Search Path vulnerability in multiple products It was found that some PostgreSQL extensions did not use search_path safely in their installation script. | 7.3 |
| 2020-07-24 | CVE-2020-10610 | Untrusted Search Path vulnerability in Osisoft products In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification. | 7.8 |
| 2020-07-24 | CVE-2020-8317 | Untrusted Search Path vulnerability in Lenovo Drivers Management A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. | 7.8 |
| 2020-07-20 | CVE-2020-15009 | Untrusted Search Path vulnerability in Asus Screenpad2 Upgrade Tool 1.0.3 AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name. | 7.8 |
| 2020-07-17 | CVE-2020-15801 | Untrusted Search Path vulnerability in multiple products In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. | 9.8 |
| 2020-07-17 | CVE-2020-9673 | Untrusted Search Path vulnerability in Adobe Coldfusion 2016/2018 Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. | 7.8 |
| 2020-07-17 | CVE-2020-9672 | Untrusted Search Path vulnerability in Adobe Coldfusion 2016/2018 Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. | 7.8 |
| 2020-07-15 | CVE-2020-15602 | Untrusted Search Path vulnerability in Trendmicro products An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. | 7.8 |
| 2020-07-14 | CVE-2020-1458 | Untrusted Search Path vulnerability in Microsoft 365 Apps A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading dynamic link library (DLL) files, aka 'Microsoft Office Remote Code Execution Vulnerability'. | 7.8 |
| 2020-06-30 | CVE-2019-19161 | Untrusted Search Path vulnerability in Cymiinstaller322 Activex Project Cymiinstaller322 Activex 2016.5.26.1 CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. | 7.2 |