Lucene search
+L

203 matches found

BDU FSTEC
BDU FSTEC
added 2023/01/23 12:0 a.m.7 views

The vulnerability of Zoom video conferencing software relates to an uncontrolled search path element, allowing attackers to elevate their privileges to that of the SYSTEM user.

The vulnerability of Zoom video conferencing software is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow a hacker to elevate their privileges to that of the SYSTEM user...

8.2CVSS7.2AI score0.00466EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/01/12 5:15 p.m.15 views

Code injection

Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1...

4.4CVSS7.6AI score0.00403EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/01/12 12:0 a.m.67 views

CVE-2023-0247

CVE-2023-0247 affects the Go library bits-and-blooms/bloom, with versions prior to 3.3.1 vulnerable to an Uncontrolled Search Path Element. The issue originates from how the application resolves search paths, enabling potential path hijacking. Affected product/version: bits-and-blooms/bloom befor...

7.8CVSS7.6AI score0.00403EPSS
Exploits1References2Affected Software1
ICS
ICS
added 2022/11/22 12:0 a.m.45 views

AVEVA Edge

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: Edge Vulnerabilities: Uncontrolled Search Path Element, Exposure of Sensitive Information to an Unauthorized Actor, Uncontrolled Resource Consumption, Improper Access Control, Windows...

9.8CVSS8.4AI score0.01199EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/11/08 12:0 a.m.5 views

NEC Expresscluster X 代码问题漏洞

NEC Expresscluster X is a specialized high availability cluster software from Nippon Electric NEC. It is used to enable fast restore functions and continuously protect critical applications and data. A security vulnerability exists in NEC Expresscluster X 5.0 for Windows and prior versions,...

9.8CVSS8.6AI score0.01187EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/08/31 3:33 p.m.27 views

CVE-2022-2006 AutomationDirect C-more EA9 HMI Uncontrolled Search Path Element

AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to...

7.8CVSS7.8AI score0.00337EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/07/27 8:23 p.m.7 views

CVE-2021-38410 AVEVA PCS Portal Uncontrolled Search Path Element

AVEVA Software Platform Common Services PCS Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path...

7.3CVSS7.6AI score0.00215EPSS
Exploits0References2
ICS
ICS
added 2022/06/16 12:0 a.m.48 views

AutomationDirect C-More EA9 HMI

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: C-more EA9 HMI Vulnerabilities: Uncontrolled Search Path Element, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these...

8.3AI score
Exploits0References4
CVE
CVE
added 2022/04/11 7:37 p.m.82 views

CVE-2022-28541

CVE-2022-28541 describes an Uncontrolled search path element vulnerability in Samsung Update, affecting versions prior to 3.0.77.0. The flaw allows local attackers with Samsung Update permission to execute arbitrary code. No exploit details, affected platforms, nor fixed versions are provided bey...

7.8CVSS7.9AI score0.00369EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/03/08 10:15 p.m.4 views

CVE-2022-26337

Trend Micro Password Manager Consumer installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine...

7.8CVSS7.1AI score0.00672EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/03/08 9:55 p.m.32 views

CVE-2022-26337

Trend Micro Password Manager Consumer installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine...

7.8AI score0.00672EPSS
Exploits0References1
OSV
OSV
added 2021/11/12 10:15 p.m.12 views

CVE-2021-3840

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index PyPi. MITRE classifies this weakness as...

8.8CVSS8.9AI score
Exploits0References1
Prion
Prion
added 2021/11/12 10:15 p.m.12 views

Type confusion

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index PyPi. MITRE classifies this weakness as...

6.8CVSS8.9AI score0.01971EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/11/12 10:5 p.m.74 views

CVE-2021-3840

CVE-2021-3840 : A dependency confusion flaw in the Antilles open-source software prior to 1.0.1 could allow remote code execution during installation when a package listed in requirements.txt does not exist in PyPI. The issue is categorized as CWE-427 (Uncontrolled Search Path Element) where a pr...

8.8CVSS8.8AI score0.01971EPSS
Exploits0References1Affected Software1
ICS
ICS
added 2021/10/21 12:0 a.m.90 views

Delta Electronics DIALink

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIALink Vulnerabilities: Cleartext Transmission of Sensitive Information, Cross-site Scripting, Improper Neutralization of Formula Elements in a CSV File, Cleartext Storage...

8.8CVSS7AI score0.12337EPSS
Exploits0References5
CVE
CVE
added 2021/09/29 3:36 p.m.107 views

CVE-2021-35982

CVE-2021-35982 affects Adobe Acrobat Reader DC and related products, with an Uncontrolled Search Path Element leading to DLL hijacking and arbitrary code execution in the current user context. Root cause: vulnerable DLL search path handling enables a local attacker with non-administrative privile...

7.3CVSS7.3AI score0.01716EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/09/14 12:0 a.m.83 views

Adobe Reader < 2017.011.30202 / 2020.004.30015 / 2021.007.20091 Multiple Vulnerabilities (APSB21-55)

The version of Adobe Reader installed on the remote Windows host is a version prior to 2017.011.30202, 2020.004.30015, or 2021.007.20091. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199...

7.8CVSS7AI score0.76055EPSS
Exploits1References29
Tenable Nessus
Tenable Nessus
added 2021/09/14 12:0 a.m.47 views

Adobe Acrobat < 2017.011.30202 / 2020.004.30015 / 2021.007.20091 Multiple Vulnerabilities (APSB21-55)

The version of Adobe Acrobat installed on the remote Windows host is a version prior to 2017.011.30202, 2020.004.30015, or 2021.007.20091. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199...

7.8CVSS7AI score0.76055EPSS
Exploits1References29
CVE
CVE
added 2021/09/02 4:52 p.m.44 views

CVE-2021-22775

GP-Pro EX, V4.09.250 and earlier, are affected by CWE-427: Uncontrolled Search Path Element. The issue stems from failure to properly filter special elements in the software’s search path, potentially enabling local code execution with elevated privileges during installation. Impact: local code e...

7.8CVSS7.7AI score0.00328EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/08/24 6:18 p.m.67 views

CVE-2021-28594

The CVE-2021-28594 entry concerns Adobe Creative Cloud Desktop Application installer (2.4 and earlier). The vulnerability is an Uncontrolled Search Path Element in the installer, allowing arbitrary code execution in the current user context. Exploitation requires user interaction (victim opens a ...

9.3CVSS7.7AI score0.02689EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder