Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-427

CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,172 vulnerabilities with CWE-427

CVE-2020-0515 HIGH

Intel Graphics Driver < 15.33.49.5100 - Authenticated Privilege Escalation via Uncontrolled Search Path

CVE-2020-5324 HIGH

Dell G3/G5/G7/Inspiron Firmware - Arbitrary File Overwrite via Symlink Attack

CVE-2020-8601 HIGH

Trend Micro Vulnerability Protection 2.0 - Code Injection

CVE-2020-3153 MEDIUM KEV

Cisco AnyConnect < - Path Traversal

CVE-2020-8959 HIGH

Westerndigital Sandiskssddashboardsetup.exe - Uncontrolled Search Path

CVE-2020-5821 HIGH

Symantec Endpoint Protection <14.2 RU2 MP1 - Code Injection

CVE-2020-8315 MEDIUM

Python <3.6.11, <3.7.7, <3.8.2 - Info Disclosure

CVE-2019-25268 CRITICAL

NREL BEopt 2.8.0.0 - Code Injection

CVE-2019-4588 HIGH

IBM Db2 9.7, 10.1, 10.5, 11.1, 11.5 - DLL Hijacking via Uncontrolled Search Path

CVE-2019-19115 HIGH

Nahimic APO Software Component Driver <1.6.2 - Privilege Escalation

CVE-2019-3881 HIGH

Bundler < 2.1.0 - Unauthenticated Arbitrary Code Execution via Predictable /tmp/ Path

CVE-2019-20419 HIGH

Atlassian Jira Server and Data Center < 8.5.5 and 8.6.0-8.7.2 - Remote Code Execution via Tomcat DLL Hijacking

CVE-2019-20856 CRITICAL

Mattermost Desktop App < 4.3.0 - Uncontrolled Search Path Element

CVE-2019-3613 MEDIUM

McAfee Agent 5.0.0-5.0.6 - DLL Search Order Hijacking via Compromised Folder Execution

CVE-2019-20781 HIGH

LG Bridge < 2019-04 - DLL Hijacking

CVE-2019-20780 CRITICAL

LG Android 7.0-8.1 - Uncontrolled Search Path Element

CVE-2019-20769 HIGH

LG PC Suite < 5.3.27 - DLL Hijacking via Current Working Directory

CVE-2019-14688 HIGH

Trend Micro Control Manager - Uncontrolled Search Path Element during Installation

CVE-2019-20406 HIGH

Confluence < 7.0.5 and 7.1.0 - DLL Hijacking via Global Path Environmental Variable

CVE-2019-20400 HIGH

Jira Server 8.3.2-8.5.1 - Local DLL Hijacking via Global Path Environment Variable

CVE-2019-20358 HIGH

Trend Micro Anti-Threat Toolkit < 1.62.0.1218 - Uncontrolled Search Path Element

CVE-2019-6858 HIGH

MSX Configurator <V1.0.8.1 - Privilege Escalation

CVE-2019-14600 MEDIUM

Intel(R) SNMP Subagent Stand-Alone - Privilege Escalation

CVE-2019-19954 HIGH

Signal Desktop < 1.29.1 - Uncontrolled Search Path Element via Trojan Horse wmic.exe

CVE-2019-5539 HIGH

VMware Workstation <15.5.1 & Horizon View Agent DLL Hijacking

Previous Page 41 of 47 Next

Details

Vulnerabilities 1,172

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy