CWE-426

High likelihood

Untrusted Search Path

Parent: CWE-642 - External Control of Critical State Data

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

643 vulnerabilities with CWE-426
CVE-2016-7804 HIGH
7-Zip < 16.02 - Untrusted Search Path
CVSS 7.8
CVE-2016-4901 HIGH
National Tax Agency e-Tax Software - Untrusted Search Path
CVSS 7.8
CVE-2016-4900 HIGH
Evernote for Windows < 6.3 - Untrusted Search Path
CVSS 7.8
CVE-2016-4846 HIGH
PhishWall Client Internet Explorer < 3.7.8.1 - Untrusted Search Path
CVSS 7.8
CVE-2016-6167 HIGH
Putty beta 0.67 - Untrusted Search Path via Trojan Horse DLL
CVSS 7.8
CVE-2016-1417 HIGH
Snort 2.9.7.0-WIN32 - Remote Code Execution via DLL Hijacking
CVSS 8.8
CVE-2016-1281 HIGH
TrueCrypt 7.1a-7.2 and VeraCrypt < 1.16 - Untrusted Search Path DLL Hijacking
CVSS 7.8
CVE-2016-10009 HIGH
OpenSSH < 7.3 - Remote Code Execution via Forwarded SSH-Agent PKCS#11 Module Loading
CVSS 7.3
CVE-2016-7085 HIGH
VMware Workstation Pro and Player 12.x - Untrusted Search Path
CVSS 7.8
CVE-2016-7300 HIGH
Microsoft Auto Updater for Mac - Untrusted Search Path Privilege Escalation
CVSS 7.8
CVE-2016-9274 HIGH
Git for Windows 1.0.0-1.9.3 - Untrusted Search Path via Trojan Horse git.exe
CVSS 7.8
CVE-2016-5330 HIGH
VMware Workstation Player 12.1.0-12.1.1 - Untrusted Search Path via HGFS Shared Folders
CVSS 7.8
CVE-2016-1014 HIGH
Adobe Flash Player < 18.0.0.343, 19.x-21.x < 21.0.0.213, < 11.2.202.616 - Untrusted Search Path
CVSS 7.3
CVE-2016-0018 HIGH
Microsoft Windows 7 SP1 to 10 (1511) Privilege Escalation via DLL Loading
CVSS 7.3
CVE-2016-0016 HIGH
Microsoft Windows - Untrusted Search Path DLL Loading Privilege Escalation
CVSS 7.8
CVE-2016-0014 HIGH
Microsoft Windows - Untrusted Search Path Elevation of Privilege via DLL Loading
CVSS 7.8
CVE-2015-3887 HIGH
ProxyChains-NG <4.9 - Privilege Escalation
CVSS 7.8
CVE-2015-0974 HIGH
Mobilis Mobiconnect - Untrusted Search Path
CVSS 7.8
CVE-2015-8264 HIGH
F-Secure Online Scanner - Untrusted Search Path DLL Hijacking
CVSS 7.8
CVE-2015-6305
Cisco AnyConnect Secure Mobility Client 2.0-4.1 - Untrusted Search Path via vpndownloader.exe
CVE-2015-3987
McAfee ePO Deep Command 2.1-2.2 - Untrusted Search Path Privilege Escalation
CVE-2015-0096
Microsoft Windows Shell LNK Code Execution
CVE-2014-3860 HIGH
Xilisoft Video Converter Ultimate 7.8.1 build-20140505 - DLL Hijacking
CVSS 7.8
CVE-2014-8358 HIGH
Huawei EC156, EC176, and EC177 Firmware - Untrusted Search Path via Mobile Partner Directory
CVSS 7.8
CVE-2014-0315
Microsoft Windows - Privilege Escalation
Details
Vulnerabilities 643
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits