Vulnerabilities > Untrusted Search Path

DATE CVE VULNERABILITY TITLE RISK
2019-01-04 CVE-2018-1888 Untrusted Search Path vulnerability in IBM I Access 6.1/7.1
An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windows can allow arbitrary code execution via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.
local
low complexity
ibm CWE-426
7.8
2018-12-20 CVE-2018-18629 Untrusted Search Path vulnerability in Keybase
An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux.
local
low complexity
keybase CWE-426
7.8
2018-12-20 CVE-2018-7365 Untrusted Search Path vulnerability in ZTE Usmartview and Zxcloud Irai
All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations.
network
low complexity
zte CWE-426
7.2
2018-11-29 CVE-2018-12245 Untrusted Search Path vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker.
local
low complexity
symantec CWE-426
7.8
2018-11-23 CVE-2018-19486 Untrusted Search Path vulnerability in multiple products
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
network
low complexity
git-scm canonical CWE-426
critical
9.8
2018-11-19 CVE-2018-18519 Untrusted Search Path vulnerability in Bestxsoftware Best Free Keylogger 5.2.9
BestXsoftware Best Free Keylogger before 6.0.0 allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%\BFK 5.2.9\syscrb.exe" file because of insecure permissions for the BUILTIN\Users group.
local
low complexity
bestxsoftware CWE-426
7.8
2018-11-15 CVE-2018-0692 Untrusted Search Path vulnerability in Baidu Spark Browser
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
baidu CWE-426
7.8
2018-11-09 CVE-2018-1802 Untrusted Search Path vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library.
local
low complexity
ibm CWE-426
7.8
2018-10-17 CVE-2018-15974 Untrusted Search Path vulnerability in Adobe Framemaker
Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability.
local
low complexity
adobe CWE-426
7.8
2018-10-15 CVE-2018-17980 Untrusted Search Path vulnerability in Nomachine
NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed.
local
low complexity
nomachine CWE-426
7.8