CWE-426

High likelihood

Untrusted Search Path

Parent: CWE-642 - External Control of Critical State Data

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

639 vulnerabilities with CWE-426
CVE-2024-42439 MEDIUM
Zoom Workplace Desktop App <6.1.0 - Privilege Escalation
CVSS 6.5
CVE-2024-41865 HIGH
Adobe Dimension < 3.4.11 - Untrusted Search Path
CVSS 7.8
CVE-2024-6975 HIGH
Cato Networks SDP Client < 5.10.34 - Local Privilege Escalation via OpenSSL Configuration File
CVSS 8.8
CVE-2024-6974 HIGH
Cato Networks SDP Client < 5.10.34 - Local Privilege Escalation via Self-Upgrade
CVSS 8.8
CVE-2024-34123 HIGH
Premiere Pro < 23.6.7 - Untrusted Search Path Arbitrary Code Execution
CVSS 7.0
CVE-2024-35260 HIGH
Microsoft Power Platform - Authenticated Remote Code Execution via Untrusted Search Path
CVSS 8.0
CVE-2024-36071 MEDIUM
Samsung Magician 8.0.0 - Privilege Escalation
CVSS 6.3
CVE-2024-6080 HIGH
Intelbras InControl <2.21.56 - Unquoted Search Path
CVSS 7.8
CVE-2024-38462 CRITICAL
iRODS < 4.3.2 - Untrusted Search Path via msiSendMail Function
CVSS 9.8
CVE-2024-30100 HIGH
Microsoft SharePoint Server - Remote Code Execution
CVSS 7.8
CVE-2024-28060 HIGH
Apiris Kafeo <6.4.4 - Code Injection
CVSS 7.3
CVE-2024-28133 HIGH
CHARX SEC-3000/3050/3100/3150 Firmware < 1.5.1 - Untrusted Search Path
CVSS 7.8
CVE-2024-32019 HIGH
netdata 1.44.0-60-1.45.0-169 and 1.45.0-1.45.3 - Local Privilege Escalation via PATH Environment Variable Manipulation
CVSS 8.8
CVE-2024-20693 HIGH
Windows Kernel - Privilege Escalation
CVSS 7.8
CVE-2024-20754 HIGH
Lightroom < 7.2 - Untrusted Search Path
CVSS 7.8
CVE-2024-26198 HIGH
Microsoft Exchange Server - Remote Code Execution via Untrusted Search Path
CVSS 8.8
CVE-2024-21435 HIGH
Windows 11 22H2 < 10.0.22621.3296 and 23H2 < 10.0.22631.3296 - Remote Code Execution via OLE
CVSS 8.8
CVE-2024-27303 HIGH
electron-builder <24.13.2 - Command Injection
CVSS 7.3
CVE-2024-25103 MEDIUM
AppSamvid Software <= 2.0.1 - DLL Hijacking via Untrusted Search Path
CVSS 6.3
CVE-2024-24697 HIGH
Zoom Meeting SDK < 5.17.0 - Authenticated Privilege Escalation via Untrusted Search Path
CVSS 7.2
CVE-2024-24810 HIGH
WiX toolset <4.0.4 - Privilege Escalation
CVSS 8.2
CVE-2024-23304 HIGH
Cybozu KUNAI for Android 3.0.20-3.0.21 - Unauthenticated Denial of Service
CVSS 7.5
CVE-2024-22410 LOW
Creditcoin - Untrusted Search Path via Windows DLL Loading
CVSS 3.3
CVE-2024-22190 HIGH
GitPython < 3.1.41 - Untrusted Search Path on Windows via Git or Bash Execution
CVSS 7.8
CVE-2024-21325 HIGH
Microsoft Printer Metadata Troubleshooter Tool < 1.0.0.1 - Remote Code Execution
CVSS 7.8
Details
Vulnerabilities 639
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits