Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-426
Total 403 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-0074 1 Litespeedtech 1 Openlitespeed 2022-12-09 N/A 8.8 HIGH
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.
CVE-2022-3734 1 Redis 1 Redis 2022-11-29 N/A 9.8 CRITICAL
** DISPUTED ** A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only.
CVE-2022-31253 1 Opensuse 1 Openldap2 2022-11-10 N/A 7.8 HIGH
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1.
CVE-2022-41796 1 Sony 1 Content Transfer 2022-10-24 N/A 7.8 HIGH
Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2019-5429 3 Debian, Fedoraproject, Filezilla-project 3 Debian Linux, Fedora, Filezilla Client 2022-10-11 6.8 MEDIUM 7.8 HIGH
Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.
CVE-2020-8895 1 Google 1 Earth 2022-10-06 4.4 MEDIUM 7.8 HIGH
Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system.
CVE-2022-36403 1 Ricoh 1 Device Software Manager 2022-09-15 N/A 7.8 HIGH
Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2022-36070 2 Microsoft, Python-poetry 2 Windows, Poetry 2022-09-13 N/A 7.3 HIGH
Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. `git config`. These commands are being executed using the executable’s name and not its absolute path. This can lead to the execution of untrusted code due to the way Windows resolves executable names to paths. Unlike Linux-based operating systems, Windows searches for the executable in the current directory first and looks in the paths that are defined in the `PATH` environment variable afterward. This vulnerability can lead to Arbitrary Code Execution, which would lead to the takeover of the system. If a developer is exploited, the attacker could steal credentials or persist their access. If the exploit happens on a server, the attackers could use their access to attack other internal systems. Since this vulnerability requires a fair amount of user interaction, it is not as dangerous as a remotely exploitable one. However, it still puts developers at risk when dealing with untrusted files in a way they think is safe. The victim could also not protect themself by vetting any Git or Poetry config files that might be present in the directory, because the behavior is undocumented. Versions 1.1.9 and 1.2.0b1 contain patches for this issue.
CVE-2010-5250 1 Pthread-win32 Project 1 Pthreads-win32 2022-09-06 6.9 MEDIUM N/A
Untrusted search path vulnerability in the pthread_win32_process_attach_np function in pthreadGC2.dll in Pthreads-win32 2.8.0 allows local users to gain privileges via a Trojan horse quserex.dll file in the current working directory. NOTE: some of these details are obtained from third party information.
CVE-2022-26488 3 Microsoft, Netapp, Python 4 Windows, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 1 more 2022-09-02 4.4 MEDIUM 7.0 HIGH
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.
CVE-2021-26556 1 Octopus 2 Octopus Deploy, Octopus Server 2022-07-27 4.4 MEDIUM 7.8 HIGH
When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.
CVE-2022-31012 1 Gitforwindows 1 Git 2022-07-22 4.4 MEDIUM 7.3 HIGH
Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into `C:\mingw64\bin\git.exe` by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is included in version 2.37.1. Two workarounds are available. Create the `C:\mingw64` folder and remove read/write access from this folder, or disallow arbitrary authenticated users to create folders in `C:\`.
CVE-2021-28249 1 Ca 1 Ehealth Performance Manager 2022-07-12 7.2 HIGH 8.8 HIGH
** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is run. The code in the library will be executed as the root user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2021-41387 1 Seatd Project 1 Seatd 2022-07-12 8.5 HIGH 8.8 HIGH
seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.
CVE-2008-5983 3 Canonical, Fedoraproject, Python 3 Ubuntu Linux, Fedora, Python 2022-07-05 6.9 MEDIUM N/A
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.
CVE-2020-15801 3 Microsoft, Netapp, Python 3 Windows, Max Data, Python 2022-06-27 7.5 HIGH 9.8 CRITICAL
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.
CVE-2022-26526 2 Anaconda, Conda 2 Anaconda3, Miniconda3 2022-06-07 4.6 MEDIUM 7.8 HIGH
Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed.
CVE-2021-25698 1 Teradici 1 Pcoip Standard Agent 2022-06-06 4.4 MEDIUM 7.8 HIGH
The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory.
CVE-2020-7279 1 Mcafee 1 Host Intrusion Prevention 2022-06-02 4.4 MEDIUM 7.8 HIGH
DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder.
CVE-2020-7315 1 Mcafee 1 Mcafee Agent 2022-06-02 4.6 MEDIUM 6.7 MEDIUM
DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL.