CWE-426
High likelihoodUntrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
639 vulnerabilities with CWE-426
CVE-2021-4435
HIGH
Yarn < 1.22.13 - Untrusted Search Path Execution via Directory Content
CVSS 7.7
CVE-2021-26738
HIGH
Zscaler Client Connector < 3.7 - Untrusted Search Path via PATH Variable
CVSS 7.8
CVE-2021-3305
HIGH
Feishu 3.40.3-3.41.3 - Untrusted Search Path
CVSS 7.8
CVE-2021-36666
HIGH
Druva inSync Client < 7.0.0 - Privilege Escalation via inSyncDecommission
CVSS 7.8
CVE-2021-45975
HIGH
Acer Care Center <4.00.3038 - DLL Hijacking
CVSS 7.8
CVE-2021-33063
HIGH
Intel(R) RealSense(TM) D400 Series UWP - Privilege Escalation
CVSS 7.8
CVE-2021-26557
HIGH
Octopus Tentacle 3.15.4-6.0.489 - Untrusted Search Path via Custom Folder Installation
CVSS 7.8
CVE-2021-26556
HIGH
Octopus Deploy 0.9-2020.4.229 and Octopus Server 2020.5.0-2020.5.256 - Untrusted Search Path via DLL Side-Loading
CVSS 7.8
CVE-2021-36297
HIGH
SupportAssist Client <3.8-3.9 - Code Injection
CVSS 7.8
CVE-2021-31841
HIGH
McAfee Agent < 5.7.4 - DLL Sideloading via Unsigned DLL
CVSS 8.2
CVE-2021-41387
HIGH
seatd 0.6.0-0.6.1 - Privilege Escalation via execlp Untrusted Search Path
CVSS 8.8
CVE-2021-37617
HIGH
Nextcloud Desktop 3.0.3-3.2.4 - Uncontrolled Search Path Element via Uninstall.exe
CVSS 7.3
CVE-2021-21562
MEDIUM
Dell EMC PowerScale OneFS - Untrusted Search Path
CVSS 4.4
CVE-2021-25699
HIGH
Teradici PCoIP Client < 21.07.0 - DLL Hijacking via OpenSSL Config Directory
CVSS 7.8
CVE-2021-25698
HIGH
Teradici PCoIP Standard Agent < 21.07.0 - Privilege Escalation via OpenSSL DLL Hijacking
CVSS 7.8
CVE-2021-26807
HIGH
GOG Galaxy 2.0.28.9 - Untrusted Search Path DLL Loading
CVSS 7.8
CVE-2021-29221
HIGH
Erlang/OTP < 23.2.3 - Local Privilege Escalation via Unsafe Filesystem Permissions
CVSS 7.0
CVE-2021-3146
HIGH
Dolby Audio X2 < 0.8.8.90 - Untrusted Search Path Privilege Escalation
CVSS 7.8
CVE-2021-28249
HIGH
CA eHealth Performance Manager <6.3.2.12 - Privilege Escalation
CVSS 8.8
CVE-2021-28246
HIGH
CA eHealth Performance Manager <6.3.2.12 - Privilege Escalation
CVSS 7.8
CVE-2021-21078
MEDIUM
Adobe Creative Cloud Desktop App <5.3 - RCE
CVSS 6.5
CVE-2021-22980
HIGH
Edge Client <7.2.1.1, 7.1.9.x-7.1.9.8, 7.1.x-7.1.8.5 - DLL Hijacking
CVSS 7.8
CVE-2021-21055
MEDIUM
Adobe Dreamweaver <21.0-20.2 - Info Disclosure
CVSS 6.2
CVE-2021-21237
HIGH
Git LFS <2.13.2 - Windows Code Execution via Current-Directory Git Binary
CVSS 7.2
CVE-2020-8094
HIGH
Bitdefender Antivirus Free 2020 - Code Injection
CVSS 7.8
Details
Vulnerabilities
639
Exploit Likelihood
High