CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,172 vulnerabilities with CWE-427
CVE-2021-36770 HIGH
p5-encode 3.05-3.11 - Uncontrolled Search Path Element via Encode::ConfigLocal Library
CVSS 7.8
CVE-2021-38571 HIGH
Foxit Reader & PhantomPDF <10.1.4 - Code Injection
CVSS 7.8
CVE-2021-0160 HIGH
Intel NUC Pro Chassis Element AverMedia Capture Card < 3.0.64.143 Privilege Escalation via Uncontrolled Search Path
CVSS 7.8
CVE-2021-32580 HIGH
Acronis True Image - Uncontrolled Search Path Element
CVSS 7.8
CVE-2021-1593 HIGH
Cisco Packet Tracer - Authenticated DLL Injection via Configuration File Path Manipulation
CVSS 7.3
CVE-2021-1089 HIGH
NVIDIA GPU Display Driver 427.33-427.48 - Uncontrolled DLL Loading in nvidia-smi
CVSS 7.8
CVE-2021-3550 HIGH
Lenovo PCManager <3.0.500.5102 - Privilege Escalation
CVSS 7.8
CVE-2021-36753 HIGH
bat < 0.18.2 - Uncontrolled Search Path Element via less.exe Execution
CVSS 7.8
CVE-2021-3042 HIGH
Palo Alto Networks Cortex XDR <6.1-7.2 - Privilege Escalation
CVSS 7.8
CVE-2021-22000 HIGH
VMware ThinApp 5.2-5.2.9 - Uncontrolled Search Path Element
CVSS 7.8
CVE-2021-35957 MEDIUM
Stormshield Endpoint Security Evolution <2.0.3 - Privilege Escalation
CVSS 6.7
CVE-2021-36376 HIGH
dandavison delta <0.8.3 - Path Traversal
CVSS 7.8
CVE-2021-3613 HIGH
OpenVPN Connect 3.2.0-3.3.0 - Uncontrolled Search Path Element via OpenSSL Configuration File
CVSS 7.8
CVE-2021-3606 HIGH
OpenVPN < 2.5.3 - Uncontrolled Search Path Element via OpenSSL Configuration File
CVSS 7.8
CVE-2021-28570 HIGH
Adobe After Effects < 18.1 - Unauthenticated Uncontrolled Search Path Element
CVSS 8.3
CVE-2021-29949 HIGH
Thunderbird < 78.9.1 - Uncontrolled Search Path Element via OTR Library Loading
CVSS 7.8
CVE-2021-21999 HIGH
VMware Tools < 11.2.6, Remote Console < 12.0.1, App Volumes < 2.18.10 - Local Privilege Escalation
CVSS 7.8
CVE-2021-1567 HIGH
Cisco AnyConnect < 4.10.01075 Authenticated DLL Hijacking via Race Condition
CVSS 7.0
CVE-2021-34803 HIGH
TeamViewer < 9.0.259145 - Uncontrolled Search Path Element
CVSS 7.8
CVE-2021-31840 HIGH
McAfee Agent for Windows < 5.7.3 - Authenticated DLL Preloading Attack via Unsigned DLLs
CVSS 7.3
CVE-2021-23023 HIGH
BIG-IP Edge Client <7.2.1.3, 7.1.x <7.1.9.9 - DLL Hijacking
CVSS 7.8
CVE-2021-3041 HIGH
Palo Alto Networks Cortex XDR <5.0.11, <6.1.8 - Privilege Escalation
CVSS 7.8
CVE-2021-0108 HIGH
Intel Unite < 4.2.25031 - Authenticated Privilege Escalation via Uncontrolled Search Path
CVSS 7.3
CVE-2021-0104 HIGH
Intel Rapid Storage Technology < 17.9.1.1009.5 - Authenticated Privilege Escalation via Uncontrolled Search Path
CVSS 7.8
CVE-2021-0090 HIGH
Intel Driver & Support Assistant < 20.11.50.9 - Authenticated Privilege Escalation via Uncontrolled Search Path
CVSS 7.3
Details
Vulnerabilities 1,172
Links
MITRE CWE Entry Search this CWE With Exploits