Vulnerabilities > Untrusted Search Path
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-22 | CVE-2022-29583 | Untrusted Search Path vulnerability in Service Project Service service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. | 7.8 |
| 2022-04-20 | CVE-2022-24826 | Untrusted Search Path vulnerability in GIT Large File Storage Project GIT Large File Storage On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code. | 4.4 |
| 2022-03-21 | CVE-2022-26183 | Untrusted Search Path vulnerability in Pnpm PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. | 8.8 |
| 2022-03-21 | CVE-2022-26184 | Untrusted Search Path vulnerability in Python-Poetry Poetry Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. | 9.8 |
| 2022-03-10 | CVE-2022-26488 | Untrusted Search Path vulnerability in multiple products In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. | 7.0 |
| 2022-02-19 | CVE-2022-25366 | Untrusted Search Path vulnerability in Cryptomator Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. | 7.8 |
| 2022-01-26 | CVE-2021-45975 | Untrusted Search Path vulnerability in Acer Care Center In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. | 6.9 |
| 2022-01-12 | CVE-2022-0014 | Untrusted Search Path vulnerability in Paloaltonetworks Cortex XDR Agent An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. | 6.9 |
| 2021-11-17 | CVE-2021-33063 | Untrusted Search Path vulnerability in Intel Realsense D400 Series Universal Windows Platform Driver Uncontrolled search path in the Intel(R) RealSense(TM) D400 Series UWP driver for Windows 10 before version 6.1.160.22 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.4 |
| 2021-11-15 | CVE-2020-12892 | Untrusted Search Path vulnerability in AMD Radeon Software 20.11.2/20.7.1 An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution. | 4.4 |