PT-2022-4346 · Aveva · Aveva Edge

Name of the Vulnerable Software and Affected Versions: AVEVA Edge versions 2020 SP2 Patch 04201.2111.1802.0000 Description: The issue is related to an uncontrolled search path element in the AVEVA Edge SCADA system, which can be exploited to execute arbitrary code or elevate privileges. Remote...

CVE-2021-38410 AVEVA PCS Portal Uncontrolled Search Path Element

AVEVA Software Platform Common Services PCS Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path...

AutomationDirect C-More EA9 HMI

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: C-more EA9 HMI Vulnerabilities: Uncontrolled Search Path Element, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these...

CVE-2022-28541

CVE-2022-28541 describes an Uncontrolled search path element vulnerability in Samsung Update, affecting versions prior to 3.0.77.0. The flaw allows local attackers with Samsung Update permission to execute arbitrary code. No exploit details, affected platforms, nor fixed versions are provided bey...

CVE-2022-26337

Trend Micro Password Manager Consumer installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine...

CVE-2022-26337

Trend Micro Password Manager Consumer installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine...

CVE-2021-3840

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index PyPi. MITRE classifies this weakness as...

Type confusion

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index PyPi. MITRE classifies this weakness as...

CVE-2021-3840

CVE-2021-3840 : A dependency confusion flaw in the Antilles open-source software prior to 1.0.1 could allow remote code execution during installation when a package listed in requirements.txt does not exist in PyPI. The issue is categorized as CWE-427 (Uncontrolled Search Path Element) where a pr...

Delta Electronics DIALink

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIALink Vulnerabilities: Cleartext Transmission of Sensitive Information, Cross-site Scripting, Improper Neutralization of Formula Elements in a CSV File, Cleartext Storage...

CVE-2021-35982

CVE-2021-35982 affects Adobe Acrobat Reader DC and related products, with an Uncontrolled Search Path Element leading to DLL hijacking and arbitrary code execution in the current user context. Root cause: vulnerable DLL search path handling enables a local attacker with non-administrative privile...

Adobe Acrobat < 2017.011.30202 / 2020.004.30015 / 2021.007.20091 Multiple Vulnerabilities (APSB21-55)

The version of Adobe Acrobat installed on the remote Windows host is a version prior to 2017.011.30202, 2020.004.30015, or 2021.007.20091. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199...

Adobe Reader < 2017.011.30202 / 2020.004.30015 / 2021.007.20091 Multiple Vulnerabilities (APSB21-55)

The version of Adobe Reader installed on the remote Windows host is a version prior to 2017.011.30202, 2020.004.30015, or 2021.007.20091. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199...

CVE-2021-22775

GP-Pro EX, V4.09.250 and earlier, are affected by CWE-427: Uncontrolled Search Path Element. The issue stems from failure to properly filter special elements in the software’s search path, potentially enabling local code execution with elevated privileges during installation. Impact: local code e...

CVE-2021-28594

The CVE-2021-28594 entry concerns Adobe Creative Cloud Desktop Application installer (2.4 and earlier). The vulnerability is an Uncontrolled Search Path Element in the installer, allowing arbitrary code execution in the current user context. Exploitation requires user interaction (victim opens a ...

CVE-2021-28636

CVE-2021-28636 is an Uncontrolled Search Path Element vulnerability in Adobe Acrobat Reader DC. Affected products include Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier), and 2017.011.30197 (and earlier). The underlying issue is an unsafely chosen search path...

CVE-2021-28595

Adobe Dimension 3.4 and earlier are affected by an Uncontrolled Search Path Element vulnerability that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). The issue is addressed in APSB21-40 with a patch likel...

CVE-2021-28636

Acrobat Reader DC versions 2021.005.20054 and earlier, 2020.004.30005 and earlier and 2017.011.30197 and earlier are affected by an Uncontrolled Search Path Element vulnerability. An attacker with access to the victim's C:/ folder could leverage this vulnerability to achieve arbitrary code...

CVE-2021-3423

CVE-2021-3423 describes an uncontrolled search path element issue in the OpenSSL usage within Bitdefender GravityZone Business Security that enables local privilege escalation by loading a third-party DLL. Affected versions are GravityZone Business Security prior to 6.6.23.329. The root cause is ...

Bitdefender GravityZone Business Security 代码问题漏洞

Bitdefender GravityZone Business is an application from the American company Bitdefender. A scanning software. A code issue vulnerability exists in Bitdefender GravityZone Business Security prior to version 6.6.23.329, which stems from an uncontrolled search path element vulnerability in the...