CWE-426
High likelihoodUntrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
639 vulnerabilities with CWE-426
CVE-2020-3768
HIGH
ColdFusion <2016,2018 - Privilege Escalation
CVSS 7.8
CVE-2020-7279
MEDIUM
McAfee Host Intrusion Prevention < 8.0.0 Patch 15 Update - DLL Search Order Hijacking in Installer
CVSS 4.6
CVE-2020-13813
HIGH
Foxit Studio Photo < 3.6.6.922 - Untrusted Search Path via DLL in Current Working Directory
CVSS 7.8
CVE-2020-13812
HIGH
Foxit Studio Photo < 3.6.6.922 - Privilege Escalation via DLL Hijacking
CVSS 7.8
CVE-2020-4019
HIGH
Atlassian Companion < 1.0.0 - Untrusted Search Path via File Editing Functionality
CVSS 7.8
CVE-2020-7490
HIGH
Vijeo Designer Basic < 1.1 HotFix 15 and Vijeo Designer < 6.9 SP9 - Untrusted Search Path
CVSS 7.8
CVE-2020-8895
HIGH
Google Earth < 7.3.3 - Unauthenticated Remote Code Execution via Untrusted Search Path
CVSS 7.8
CVE-2020-7079
HIGH
Autodesk Dynamo BIM 2.5.0-2.5.1 - Untrusted Search Path Code Execution via Malicious DLL
CVSS 7.8
CVE-2020-0598
HIGH
Intel Binary Configuration Tool - Untrusted Search Path Privilege Escalation
CVSS 7.8
CVE-2020-8096
MEDIUM
Bitdefender Antimalware Software Development Kit < 3.0.1.204 - Untrusted Search Path
CVSS 6.3
CVE-2020-11507
HIGH
Malwarebytes AdwCleaner 8.0.3 - Untrusted Search Path
CVSS 7.8
CVE-2020-7260
HIGH
McAfee Application and Change Control < 8.3.0 - DLL Side Loading via Installer Execution from Compromised Folder
CVSS 7.3
CVE-2020-7476
HIGH
Schneider Electric ULTI ZigBee Installation Toolkit < 1.0.1 - Untrusted Search Path
CVSS 7.8
CVE-2020-9418
HIGH
PDFescape < 4.0.22 - Untrusted Search Path via DLL Hijacking
CVSS 7.8
CVE-2020-8793
MEDIUM
OpenSMTPD < 6.6.4 - Local Arbitrary File Read via Race Condition in makemap.c and smtpd.c
CVSS 4.7
CVE-2019-25257
MEDIUM
LogicalDOC Enterprise 7.7.4 - Command Injection
CVSS 6.5
CVE-2019-19161
HIGH
CyMiInstaller322 ActiveX < 2016.5.26.1 - Untrusted Search Path DLL Loading
CVSS 7.2
CVE-2019-6196
MEDIUM
Lenovo Installation Package < 1.2.9.3 - Symbolic Link Vulnerability
CVSS 6.7
CVE-2019-6173
MEDIUM
Lenovo Installation Package < 1.2.9.3 - DLL Search Path Privilege Escalation
CVSS 6.7
CVE-2019-20456
HIGH
Goverlan Reach Console <9.50/Server <3.50/Client Agent <9.20.50 - Local Privilege Escalation via DLL Hijacking
CVSS 7.8
CVE-2019-4732
MEDIUM
IBM SDK Java Technology Edition <8.0.6.0 - Local Authenticated RCE
CVSS 6.5
CVE-2019-20358
HIGH
Trend Micro Anti-Threat Toolkit < 1.62.0.1218 - Uncontrolled Search Path Element
CVSS 7.8
CVE-2019-17099
MEDIUM
Bitdefender Endpoint Security Tools < 6.6.11.163 - Untrusted Search Path in EPSecurityService.exe
CVSS 5.3
CVE-2019-17100
MEDIUM
Bitdefender Total Security 2020 < 24.0.12.69 - Untrusted Search Path in bdserviceshost.exe
CVSS 5.2
CVE-2019-6019
HIGH
STAMP Workbench - Untrusted Search Path Privilege Escalation via Trojan Horse DLL
CVSS 7.8
Details
Vulnerabilities
639
Exploit Likelihood
High