CWE-426

High likelihood

Untrusted Search Path

Parent: CWE-642 - External Control of Critical State Data

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

639 vulnerabilities with CWE-426
CVE-2019-1010100 HIGH
Akeo Rufus < 3.0 - DLL Search Order Hijacking in Executable Installers
CVSS 7.8
CVE-2019-13637 HIGH
join.me < 3.16.0.5505 - Untrusted Search Path via Windows URI Handler
CVSS 8.8
CVE-2019-12912 MEDIUM
rdbrck shift < 3.4.3 - Email Information Disclosure
CVSS 5.5
CVE-2019-12576 HIGH
Private Internet Access VPN Client v82 - Authenticated Privilege Escalation via Untrusted Search Path
CVSS 7.8
CVE-2019-12574 HIGH
Private Internet Access VPN Client v1.0 - Authenticated DLL Injection via Updater Library Loading
CVSS 7.8
CVE-2019-10971 HIGH
Network Configurator for DeviceNet Safety < 3.41 - Untrusted Search Path DLL Execution
CVSS 7.8
CVE-2019-12569 HIGH
Viber < 10.7.0 - Untrusted Search Path via Application URI Handler
CVSS 7.8
CVE-2019-5589 HIGH
FortiClient < 6.0.6 - Unauthenticated Remote Code Execution via DLL Hijacking
CVSS 7.8
CVE-2019-5958 HIGH
Electronic Reception and Examination of Application for Radio Licenses Offline < 1.0.9.0 - Untrusted Search Path
CVSS 7.8
CVE-2019-5957 HIGH
Electronic Reception and Examination of Application for Radio Licenses Online < 1.0.9.0 - Untrusted Search Path
CVSS 7.8
CVE-2019-5429 HIGH
FileZilla <3.41.0-rc1 - Privilege Escalation
CVSS 7.8
CVE-2019-9798 HIGH
Firefox < 66.0 - Untrusted Search Path via APITRACE_LIB
CVSS 7.4
CVE-2019-11351 HIGH
TeamSpeak < 3.2.5 - Remote Code Execution via Untrusted Search Path
CVSS 8.8
CVE-2019-8453 MEDIUM
Check Point ZoneAlarm < 15.4.062 - Denial of Service via DLL Replacement
CVSS 5.5
CVE-2019-6154 MEDIUM
Lenovo Bootable Generator < Mar-2019 - Untrusted Search Path
CVSS 5.3
CVE-2019-0809 HIGH
Visual Studio C++ Redistributable Installer - RCE
CVSS 7.8
CVE-2019-6724 HIGH
Barracuda VPN Client < 5.0.2.7 - Untrusted Search Path via barracudavpn Component
CVSS 7.8
CVE-2019-5922 HIGH
Microsoft Teams - Untrusted Search Path via Trojan Horse DLL
CVSS 7.8
CVE-2019-5921 HIGH
Windows 7 - Untrusted Search Path Vulnerability via Trojan Horse DLL
CVSS 7.8
CVE-2019-5913 HIGH
LHMelting < 1.65.3.6 - Untrusted Search Path
CVSS 7.8
CVE-2019-5912 HIGH
unarj32.dll < 1.10.1.25 - Untrusted Search Path
CVSS 7.8
CVE-2019-5911 HIGH
UNLHA32.DLL < 2.67.1.2 - Untrusted Search Path
CVSS 7.8
CVE-2019-3587 HIGH
McAfee Total Protection < 16.0.18 - DLL Search Order Hijacking
CVSS 7.2
CVE-2018-21241 HIGH
Foxit PhantomPDF < 8.3.6 - Remote Code Execution via Untrusted Search Path
CVSS 7.8
CVE-2018-16156 HIGH
PaperStream IP (TWAIN) 1.42.0.5685 - Unauthenticated Local Privilege Escalation via Untrusted Search Path
CVSS 7.8
Details
Vulnerabilities 639
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits