CWE-426

High likelihood

Untrusted Search Path

Parent: CWE-642 - External Control of Critical State Data

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

639 vulnerabilities with CWE-426
CVE-2018-0593 HIGH
Microsoft OneDrive - Untrusted Search Path
CVSS 7.8
CVE-2018-0592 HIGH
Microsoft OneDrive - Untrusted Search Path Vulnerability
CVSS 7.8
CVE-2018-0563 HIGH
FLET'S VIRUS CLEAR Easy Setup & Application Tool < 13.0 - Untrusted Search Path
CVSS 7.8
CVE-2018-1000201 HIGH
ruby-ffi < 1.9.23 - DLL Hijacking via Symbol DLL Name
CVSS 7.8
CVE-2018-6514 HIGH
Puppet Agent 1.10.0-1.10.12 - DLL Preloading Privilege Escalation via Facter
CVSS 7.8
CVE-2018-6513 HIGH
Puppet Agent 1.10.0-1.10.12 and Puppet Enterprise 2016.4.0-2016.4.11 - Untrusted Search Path
CVSS 8.8
CVE-2018-7884 HIGH
DisplayLink Core Software Cleaner Application 8.2.1956 - Untrusted Search Path via DLL Hijacking
CVSS 7.8
CVE-2018-11551 HIGH
AXON PBX 2.02 - Unauthenticated Remote Code Execution via DLL Hijacking
CVSS 7.8
CVE-2018-10650 HIGH
Citrix XenMobile Server <10.8 - Path Traversal
CVSS 7.8
CVE-2018-4927 HIGH
Adobe InDesign < 13.0 - Untrusted Search Path
CVSS 7.8
CVE-2018-10027 HIGH
ESTsoft ALZip <10.76 - Code Injection
CVSS 7.8
CVE-2018-0580 HIGH
CLIP STUDIO PAINT < 1.7.3, CLIP STUDIO ACTION < 1.5.5, CLIP STUDIO MODELER < 1.6.3 - Untrusted Search Path
CVSS 7.8
CVE-2018-6306 HIGH
Kaspersky Password Manager < 8.0.6.538 - Unauthenticated DLL Hijacking
CVSS 7.8
CVE-2018-0562 HIGH
SoundEngine Free < 5.21 - Untrusted Search Path via Trojan Horse DLL
CVSS 7.8
CVE-2018-0561 HIGH
PhishWall Client Internet Explorer edition < 3.7.15 - Untrusted Search Path
CVSS 7.8
CVE-2018-6661 HIGH
McAfee True Key < 4.20 - DLL Side-Loading via Unverified DLL Signature
CVSS 7.8
CVE-2018-5470 HIGH
Philips IntelliSpace Portal - Privilege Escalation
CVSS 7.8
CVE-2018-0552 HIGH
PhishWall Client Firefox and Chrome edition < 5.1.26 - Untrusted Search Path
CVSS 7.8
CVE-2018-0540 HIGH
ViX 2.21.148.0 - Untrusted Search Path Privilege Escalation via Trojan Horse DLL
CVSS 7.8
CVE-2018-1437 HIGH
IBM Notes 8.5 and 9.0 - DLL Hijacking via Untrusted Search Path
CVSS 7.8
CVE-2018-1435 HIGH
IBM Notes 8.5 and 9.0 - DLL Hijacking via Untrusted Search Path
CVSS 7.8
CVE-2018-7239 HIGH
Schneider Electric SoMove and DTM Software < 2.6.2 - DLL Hijacking
CVSS 7.8
CVE-2018-0544 HIGH
WinShot < 1.53a - Untrusted Search Path via Trojan Horse DLL
CVSS 7.8
CVE-2018-0543 HIGH
Jtrim < 1.53c - Untrusted Search Path via Trojan Horse DLL
CVSS 7.8
CVE-2018-7484 HIGH
PureVPN through 5.19.4.0 - Untrusted Search Path via DLL Hijacking
CVSS 7.8
Details
Vulnerabilities 639
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits