CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,171 vulnerabilities with CWE-427
CVE-2023-31210 HIGH
Checkmk <2.2.0p16 - Privilege Escalation
CVSS 8.8
CVE-2023-48677 HIGH
Acronis Cyber Protect Home Office < 40901 - Local Privilege Escalation via DLL Hijacking
CVSS 7.8
CVE-2023-41117 HIGH
EnterpriseDB Postgres Advanced Server Uncontrolled Search Path in SECURITY DEFINER Functions
CVSS 8.8
CVE-2023-48861 HIGH
TTplayer <7.0.2 - Privilege Escalation
CVSS 7.8
CVE-2023-41613 HIGH
EzViz Studio <2.2.0 - Code Injection
CVSS 7.8
CVE-2023-45252 HIGH
Huddly HuddlyCameraService < 8.0.7 - DLL Hijacking via Insecure Service Directory
CVSS 7.8
CVE-2023-47454 HIGH
NetEase CloudMusic 2.10.4 - Untrusted Search Path Privilege Escalation via urlmon.dll
CVSS 7.8
CVE-2023-47453 HIGH
Sohu Video Player 7.0.15.0 - Uncontrolled Search Path Element via version.dll
CVSS 7.8
CVE-2023-47452 HIGH
Notepad++ 6.5 - Untrusted Search Path Element via msimg32.dll
CVSS 7.8
CVE-2023-6401 MEDIUM
NotePad++ <8.1 - Uncontrolled Search Path
CVSS 5.3
CVE-2023-4770 MEDIUM
4D and 4D Server 19 R8 100218 - Uncontrolled Search Path Element via DLL Hijacking
CVSS 6.5
CVE-2023-4931 MEDIUM
Plesk Installer 3.27.0.0 - Uncontrolled Search Path Element via DLL Hijacking
CVSS 6.3
CVE-2023-41790 HIGH
Pandora FMS 700-773 - Uncontrolled Search Path Element
CVSS 7.6
CVE-2023-41787 MEDIUM
Pandora FMS 700-772 - Uncontrolled Search Path Element
CVSS 6.0
CVE-2023-29069 HIGH
Autodesk Desktop Connector <= 16.2.1.2016 - Privilege Escalation
CVSS 7.8
CVE-2023-46814 HIGH
VideoLAN VLC <3.0.19 - Privilege Escalation
CVSS 7.8
CVE-2023-6235 HIGH
Duet Display <2.5.9.1 - Code Injection
CVSS 7.8
CVE-2023-22818 HIGH
SanDisk Security Installer < 1.0.0.25 - DLL Search Order Hijack via Local Malicious DLL
CVSS 7.3
CVE-2023-34430 MEDIUM
Intel Battery Life Diagnostic Tool < 2.2.1 - Authenticated Privilege Escalation via Uncontrolled Search Path
CVSS 6.7
CVE-2023-34350 MEDIUM
Intel Extreme Tuning Utility < 7.12.0.15 - Authenticated Privilege Escalation via Uncontrolled Search Path
CVSS 6.7
CVE-2023-33874 MEDIUM
Intel(R) NUC 12 Pro Kits & Mini PCs <2.2.2.1 - Privilege Escalation
CVSS 6.7
CVE-2023-32660 MEDIUM
Intel Thunderbolt 3 Controller Firmware < 46 - Authenticated Privilege Escalation via Uncontrolled Search Path
CVSS 6.7
CVE-2023-29504 MEDIUM
Intel RealSense D400 Series Dynamic Calibration Tool < 2.13.1.0 - Privilege Escalation via Uncontrolled Search Path
CVSS 6.7
CVE-2023-29161 MEDIUM
Intel(R) OFU <14.1.31 - Privilege Escalation
CVSS 6.7
CVE-2023-28740 MEDIUM
Intel(R) QAT <2.0.4 - Privilege Escalation
CVSS 6.7
Details
Vulnerabilities 1,171
Links
MITRE CWE Entry Search this CWE With Exploits