CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,172 vulnerabilities with CWE-427
CVE-2021-0057 HIGH
Intel LAPBC510 and LAPBC710 Firmware < 1.1 - Authenticated Privilege Escalation via Uncontrolled Search Path
CVSS 7.8
CVE-2021-1536 MEDIUM
Cisco Webex Meetings Desktop App for Windows - Authenticated DLL Injection via Directory Path Handling
CVSS 4.8
CVE-2021-20726 HIGH
Overwolf <2.168.0.n - Privilege Escalation
CVSS 7.8
CVE-2021-20722 HIGH
ScanSnap Manager <V7.0L20 - Privilege Escalation
CVSS 7.8
CVE-2021-3423 HIGH
Bitdefender GravityZone Business Security < 6.6.23.329 - Uncontrolled Search Path Element in OpenSSL Component
CVSS 7.8
CVE-2021-25694 HIGH
Teradici PCoIP Graphics Agent < 21.03 - Uncontrolled Search Path Element via NVENC.dll
CVSS 7.8
CVE-2021-1496 HIGH
Cisco AnyConnect Secure Mobility Client for Windows - Privilege Esc...
CVSS 7.0
CVE-2021-1430 HIGH
Cisco AnyConnect Secure Mobility Client for Windows - Privilege Esc...
CVSS 7.0
CVE-2021-1429 HIGH
Cisco AnyConnect Secure Mobility Client for Windows - Privilege Esc...
CVSS 7.0
CVE-2021-1428 HIGH
Cisco AnyConnect Secure Mobility Client for Windows - Privilege Esc...
CVSS 7.0
CVE-2021-1427 HIGH
Cisco AnyConnect Secure Mobility Client for Windows - Privilege Esc...
CVSS 7.0
CVE-2021-1426 HIGH
Cisco AnyConnect Secure Mobility Client for Windows - Privilege Esc...
CVSS 7.0
CVE-2021-3464 HIGH
Lenovo PCManager < 3.0.400.3252 - DLL Search Path Privilege Escalation
CVSS 7.8
CVE-2021-21070 MEDIUM
Adobe Robohelp <2020.0.3 - Privilege Escalation
CVSS 6.5
CVE-2021-28098 HIGH
Forescout CounterACT <8.1.4 - Privilege Escalation
CVSS 7.8
CVE-2021-28647 HIGH
Trend Micro Password Manager 5.0-5.0.0.1217 - DLL Hijacking during Installation
CVSS 7.8
CVE-2021-21545 HIGH
Dell Peripheral Manager < 1.3.1 - Local Privilege Escalation via Uncontrolled Search Path Element
CVSS 7.8
CVE-2021-1386 HIGH
Cisco AMP for Endpoints <7.3.15, ClamAV <0.103.2, Immunet <7.4.0 - DLL Hijacking via Uncontrolled Search Path
CVSS 7.0
CVE-2021-22195 HIGH
GitLab VSCode Extension < 3.15.0 - Client-Side Code Execution via Uncontrolled Search Path Element
CVSS 8.6
CVE-2021-28822 HIGH
TIBCO Enterprise Message Service < 8.5.1 - Uncontrolled Search Path Element
CVSS 8.8
CVE-2021-28820 HIGH
TIBCO FTL < 6.6.0 - Uncontrolled Search Path Element
CVSS 8.8
CVE-2021-28955 CRITICAL
git-bug < 0.7.2 - Uncontrolled Search Path Element via git.bat Execution
CVSS 9.8
CVE-2021-28954 HIGH
bit < 1.0.5 - Remote Code Execution via Crafted Repository
CVSS 7.8
CVE-2021-28953 HIGH
C/C++ Advanced Lint < 1.9.0 - Arbitrary Binary Execution via Crafted Repository
CVSS 7.8
CVE-2021-22665 HIGH
Rockwell Automation DriveTools SP <5.13 - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 1,172
Links
MITRE CWE Entry Search this CWE With Exploits