Total
521 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17099 | 1 Bitdefender | 1 Endpoint Security Tools | 2024-09-16 | 5.3 Medium |
| An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163. | ||||
| CVE-2011-3691 | 1 Foxitsoftware | 1 Foxit Reader | 2024-09-16 | N/A |
| Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory. | ||||
| CVE-2020-8096 | 1 Bitdefender | 1 Antimalware Software Development Kit | 2024-09-16 | 6.3 Medium |
| Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 . | ||||
| CVE-2010-5250 | 1 Pthread-win32 Project | 1 Pthreads-win32 | 2024-09-16 | N/A |
| Untrusted search path vulnerability in the pthread_win32_process_attach_np function in pthreadGC2.dll in Pthreads-win32 2.8.0 allows local users to gain privileges via a Trojan horse quserex.dll file in the current working directory. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2024-45281 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-09-16 | 5.8 Medium |
| SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL related tasks. This could result in a high impact on confidentiality and integrity of the application. | ||||
| CVE-2021-21055 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2024-09-16 | 6.2 Medium |
| Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure. | ||||
| CVE-2024-5622 | 2 B And R Industrial Automotion, Br-automation | 2 B And R Aprol, Industrial Automation Aprol | 2024-09-13 | 7.8 High |
| An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges. | ||||
| CVE-2024-5623 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-09-13 | 7.8 High |
| An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges. | ||||
| CVE-2022-22047 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2024-09-10 | 7.8 High |
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | ||||
| CVE-2024-32019 | 2024-09-06 | 8.8 High | ||
| Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the `PATH` environment variable. This allows an attacker to control where `ndsudo` looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-6473 | 1 Yandex | 1 Yandex Browser | 2024-09-05 | 7.8 High |
| Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used. | ||||
| CVE-2024-22190 | 1 Gitpython Project | 1 Gitpython | 2024-09-03 | 7.8 High |
| GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41. | ||||
| CVE-2023-39202 | 1 Zoom | 2 Rooms, Virtual Desktop Infrastructure | 2024-08-29 | 3.1 Low |
| Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access. | ||||
| CVE-2024-42439 | 1 Zoom | 2 Meeting Software Development Kit, Workplace Desktop | 2024-08-29 | 6.5 Medium |
| Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access. | ||||
| CVE-2024-6975 | 1 Catonetworks | 2 Cato Client, Sdp Client | 2024-08-27 | 8.8 High |
| Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file. This issue affects SDP Client before 5.10.34. | ||||
| CVE-2024-6974 | 1 Catonetworks | 2 Cato Client, Sdp Client | 2024-08-27 | 8.8 High |
| Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34. | ||||
| CVE-2024-38462 | 1 Irods | 1 Irods | 2024-08-21 | 9.8 Critical |
| iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference. | ||||
| CVE-2024-38305 | 1 Dell | 1 Supportassist For Home Pcs | 2024-08-21 | 7.3 High |
| Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with elevated privileges. | ||||
| CVE-2024-41865 | 1 Adobe | 1 Dimension | 2024-08-19 | 7.8 High |
| Dimension versions 3.4.11 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur if the application uses a search path to locate executables or libraries. Exploitation of this issue requires user interaction. | ||||
| CVE-2024-27303 | 2024-08-13 | 7.3 High | ||
| electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. No known workaround exists. The code executes at the installer-level before the app is present on the system, so there's no way to check if it exists in a current installer. | ||||