Vulnerabilities > Untrusted Search Path

DATE CVE VULNERABILITY TITLE RISK
2019-08-19 CVE-2019-6165 Untrusted Search Path vulnerability in Lenovo Yoga 700-11Isk Firmware and Yoga 700-14Isk Firmware
A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation.
local
low complexity
lenovo CWE-426
7.8
2019-08-19 CVE-2019-5631 Untrusted Search Path vulnerability in Rapid7 Insightappsec
The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product.
local
low complexity
rapid7 CWE-426
7.8
2019-08-01 CVE-2016-10837 Untrusted Search Path vulnerability in Cpanel
cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).
network
high complexity
cpanel CWE-426
7.5
2019-07-26 CVE-2019-9492 Untrusted Search Path vulnerability in Trendmicro Officescan 11.0/Xg
A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection.
local
low complexity
trendmicro CWE-426
7.8
2019-07-19 CVE-2019-1010100 Untrusted Search Path vulnerability in Akeo Rufus
Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking.
local
low complexity
akeo CWE-426
7.8
2019-07-17 CVE-2019-13637 Untrusted Search Path vulnerability in Logmeininc Join.Me
In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system.
network
low complexity
logmeininc CWE-426
8.8
2019-07-17 CVE-2019-12912 Untrusted Search Path vulnerability in Rdbrck Shift
Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application.
local
low complexity
rdbrck CWE-426
5.5
2019-07-11 CVE-2019-12576 Untrusted Search Path vulnerability in Londontrustmedia Private Internet Access VPN Client 82
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges.
local
low complexity
londontrustmedia CWE-426
7.8
2019-07-11 CVE-2019-12574 Untrusted Search Path vulnerability in Londontrustmedia Private Internet Access VPN Client 1.0
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges.
local
low complexity
londontrustmedia CWE-426
7.8
2019-06-12 CVE-2019-10971 Untrusted Search Path vulnerability in Omron Network Configurator for Devicenet Safety 3.41
The application (Network Configurator for DeviceNet Safety 3.41 and prior) searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the application's direct control and outside the intended directories.
local
low complexity
omron CWE-426
7.8