Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-7279

Summary
Assigner-trellix
Assigner Org ID-01626437-bf8f-4d1c-912a-893b5eb04808
Published At-10 Jun, 2020 | 11:17
Updated At-16 Sep, 2024 | 20:36
Rejected At-
Credits

DLL search order hijacking in Host IPS

DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:trellix
Assigner Org ID:01626437-bf8f-4d1c-912a-893b5eb04808
Published At:10 Jun, 2020 | 11:17
Updated At:16 Sep, 2024 | 20:36
Rejected At:
â–¼CVE Numbering Authority (CNA)
DLL search order hijacking in Host IPS

DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder.

Affected Products
Vendor
McAfee, LLCMcAfee, LLC
Product
McAfee Host Intrusion Prevention System (Host IPS) for Windows
Versions
Affected
  • From 8.0.x before 8.0.0 Patch 15 update (custom)
Problem Types
TypeCWE IDDescription
CWECWE-426CWE-426: Untrusted Search Path
Type: CWE
CWE ID: CWE-426
Description: CWE-426: Untrusted Search Path
Metrics
VersionBase scoreBase severityVector
3.14.6MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://kc.mcafee.com/corporate/index?page=content&id=SB10320
x_refsource_CONFIRM
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10320
Resource:
x_refsource_CONFIRM
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://kc.mcafee.com/corporate/index?page=content&id=SB10320
x_refsource_CONFIRM
x_transferred
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10320
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:trellixpsirt@trellix.com
Published At:10 Jun, 2020 | 12:15
Updated At:07 Nov, 2023 | 03:25

DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.14.6MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N
Primary2.04.4MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N
Type: Primary
Version: 2.0
Base score: 4.4
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P
CPE Matches

McAfee, LLC
mcafee
>>host_intrusion_prevention>>8.0.0
cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:-:*:*:*:windows:*:*
McAfee, LLC
mcafee
>>host_intrusion_prevention>>8.0.0
cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p1:*:*:*:windows:*:*
McAfee, LLC
mcafee
>>host_intrusion_prevention>>8.0.0
cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p10:*:*:*:windows:*:*
McAfee, LLC
mcafee
>>host_intrusion_prevention>>8.0.0
cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p11:*:*:*:windows:*:*
McAfee, LLC
mcafee
>>host_intrusion_prevention>>8.0.0
cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p12:*:*:*:windows:*:*
McAfee, LLC
mcafee
>>host_intrusion_prevention>>8.0.0
cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p13:*:*:*:windows:*:*
McAfee, LLC
mcafee
>>host_intrusion_prevention>>8.0.0
cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p14:*:*:*:windows:*:*
McAfee, LLC
mcafee
>>host_intrusion_prevention>>8.0.0
cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p15:*:*:*:windows:*:*
McAfee, LLC
mcafee
>>host_intrusion_prevention>>8.0.0
cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p2:*:*:*:windows:*:*
McAfee, LLC
mcafee
>>host_intrusion_prevention>>8.0.0
cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p3:*:*:*:windows:*:*
McAfee, LLC
mcafee
>>host_intrusion_prevention>>8.0.0
cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p4:*:*:*:windows:*:*
McAfee, LLC
mcafee
>>host_intrusion_prevention>>8.0.0
cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p5:*:*:*:windows:*:*
McAfee, LLC
mcafee
>>host_intrusion_prevention>>8.0.0
cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p6:*:*:*:windows:*:*
McAfee, LLC
mcafee
>>host_intrusion_prevention>>8.0.0
cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p7:*:*:*:windows:*:*
McAfee, LLC
mcafee
>>host_intrusion_prevention>>8.0.0
cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p8:*:*:*:windows:*:*
McAfee, LLC
mcafee
>>host_intrusion_prevention>>8.0.0
cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p9:*:*:*:windows:*:*
Weaknesses
CWE IDTypeSource
CWE-426Primarynvd@nist.gov
CWE-426Secondarytrellixpsirt@trellix.com
CWE ID: CWE-426
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-426
Type: Secondary
Source: trellixpsirt@trellix.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://kc.mcafee.com/corporate/index?page=content&id=SB10320trellixpsirt@trellix.com
N/A
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10320
Source: trellixpsirt@trellix.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

173Records found

CVE-2018-6700
Matching Score-10
Assigner-Trellix
ShareView Details
Matching Score-10
Assigner-Trellix
CVSS Score-7.5||HIGH
EPSS-0.94% / 56.51%
||
7 Day CHG~0.00%
Published-24 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
True Key (TK) - DLL Search Order Hijacking vulnerability

DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware.

Action-Not Available
Vendor-McAfee, LLC
Product-true_keyTrue Key (TK)
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-6661
Matching Score-10
Assigner-Trellix
ShareView Details
Matching Score-10
Assigner-Trellix
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.51%
||
7 Day CHG~0.00%
Published-02 Apr, 2018 | 13:00
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TS102801 True Key DLL Side-Loading vulnerability

DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.

Action-Not Available
Vendor-McAfee, LLCMicrosoft Corporation
Product-windowstrue_keyTrue Key
CWE ID-CWE-426
Untrusted Search Path
CVE-2020-7260
Matching Score-10
Assigner-Trellix
ShareView Details
Matching Score-10
Assigner-Trellix
CVSS Score-7.3||HIGH
EPSS-0.41% / 32.87%
||
7 Day CHG~0.00%
Published-26 Mar, 2020 | 10:55
Updated-17 Sep, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MACC installer DLL side loading

DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder.

Action-Not Available
Vendor-McAfee, LLC
Product-application_and_change_controlMcafee Application and Change Control (MACC)
CWE ID-CWE-264
Not Available
CWE ID-CWE-426
Untrusted Search Path
CVE-2022-43751
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.22% / 12.43%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary code with system privileges.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-total_protectionn/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-1824
Matching Score-8
Assigner-Trellix
ShareView Details
Matching Score-8
Assigner-Trellix
CVSS Score-7.9||HIGH
EPSS-0.35% / 26.79%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 10:15
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
McAfee MCPR privilege escalation

An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. This could result in the user gaining elevated permissions and being able to execute arbitrary code as there were insufficient checks on the executable being signed by McAfee.

Action-Not Available
Vendor-McAfee, LLC
Product-consumer_product_removal_toolMcAfee Consumer Product Removal Tool
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2018-6707
Matching Score-8
Assigner-Trellix
ShareView Details
Matching Score-8
Assigner-Trellix
CVSS Score-3.7||LOW
EPSS-0.33% / 25.33%
||
7 Day CHG~0.00%
Published-13 Dec, 2018 | 23:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
McAfee Agent Insecure usage of temporary files vulnerability

Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism.

Action-Not Available
Vendor-McAfee, LLC
Product-agentMcAfee Agent (MA) non-Windows non-Windows versions
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-0859
Matching Score-8
Assigner-Trellix
ShareView Details
Matching Score-8
Assigner-Trellix
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 10.19%
||
7 Day CHG~0.00%
Published-23 Mar, 2022 | 14:20
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ePO database restoration vulnerability

McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server (restricted to administrators) and to know the SQL server password.

Action-Not Available
Vendor-McAfee, LLC
Product-epolicy_orchestratorMcAfee ePolicy Orchestrator (ePO)
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-31854
Matching Score-8
Assigner-Trellix
ShareView Details
Matching Score-8
Assigner-Trellix
CVSS Score-7.7||HIGH
EPSS-1.02% / 59.07%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:00
Updated-24 Feb, 2026 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code injection vulnerability in McAfee Agent

A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree. An attacker may exploit the vulnerability to obtain a reverse shell which can lead to privilege escalation to obtain root privileges.

Action-Not Available
Vendor-McAfee, LLC
Product-agentMcAfee Agent for Windows
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2016-8032
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.29% / 21.24%
||
7 Day CHG~0.00%
Published-31 Mar, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file.

Action-Not Available
Vendor-McAfee, LLCIntel Corporation
Product-anti-malware_scan_engineAnti-Virus Engine (AVE)
CWE ID-CWE-284
Improper Access Control
CVE-2016-8031
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.36% / 28.33%
||
7 Day CHG~0.00%
Published-28 Mar, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file.

Action-Not Available
Vendor-McAfee, LLCIntel Corporation
Product-anti-malware_scan_engineAnti-Virus Engine (AVE)
CVE-2016-1834
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-4.64% / 90.61%
||
7 Day CHG~0.00%
Published-20 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.McAfee, LLClibxml2 (XMLSoft)Red Hat, Inc.Debian GNU/Linux
Product-libxml2debian_linuxubuntu_linuxmac_os_xenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopweb_gatewayenterprise_linux_server_eusiphone_osenterprise_linux_server_austvoswatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2019-3595
Matching Score-8
Assigner-Trellix
ShareView Details
Matching Score-8
Assigner-Trellix
CVSS Score-2||LOW
EPSS-0.71% / 49.05%
||
7 Day CHG~0.00%
Published-24 Jul, 2019 | 14:28
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLP Endpoint ePO extension not sanitizing CSV exports

Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is exported and opened on the their machine. In our checks, the user must explicitly allow the code to execute.

Action-Not Available
Vendor-McAfee, LLC
Product-data_loss_prevention_endpointDLP Endpoint ePO extension
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-31840
Matching Score-8
Assigner-Trellix
ShareView Details
Matching Score-8
Assigner-Trellix
CVSS Score-7.3||HIGH
EPSS-0.35% / 26.75%
||
7 Day CHG~0.00%
Published-10 Jun, 2021 | 16:20
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL preload vulnerability in McAfee Agent for Windows

A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. This would result in the user gaining elevated permissions and being able to execute arbitrary code.

Action-Not Available
Vendor-McAfee, LLC
Product-mcafee_agentMcAfee Agent for Windows
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-31847
Matching Score-8
Assigner-Trellix
ShareView Details
Matching Score-8
Assigner-Trellix
CVSS Score-8.2||HIGH
EPSS-0.39% / 30.56%
||
7 Day CHG~0.00%
Published-22 Sep, 2021 | 13:25
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper privilege management in repair process of MA for Windows

Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.

Action-Not Available
Vendor-McAfee, LLC
Product-agentMcAfee Agent for Windows
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-9484
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7||HIGH
EPSS-56.64% / 98.94%
||
7 Day CHG~0.00%
Published-20 May, 2020 | 18:26
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectMcAfee, LLCThe Apache Software FoundationopenSUSEOracle CorporationCanonical Ltd.
Product-communications_diameter_signaling_routerubuntu_linuxepolicy_orchestratorsiebel_apps_-_marketingsiebel_ui_frameworkcommunications_session_route_managercommunications_session_report_managerdatabasecommunications_instant_messaging_serveragile_plmagile_engineering_data_managementcommunications_cloud_native_core_policymanaged_file_transferdebian_linuxretail_order_brokermysql_enterprise_monitorinstantis_enterprisetrackfedoratransportation_managementhospitality_guest_accesscommunications_cloud_native_core_binding_support_functiontomcatcommunications_element_managerfmw_platformworkload_managerleapApache Tomcat
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-7335
Matching Score-8
Assigner-Trellix
ShareView Details
Matching Score-8
Assigner-Trellix
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.70%
||
7 Day CHG~0.00%
Published-01 Dec, 2020 | 08:50
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation vulnerability in McAfee Total Protection (MTP)

Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploitable in a small time window.

Action-Not Available
Vendor-McAfee, LLC
Product-total_protectionMcAfee Total Protection (MTP)
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-3667
Matching Score-8
Assigner-Trellix
ShareView Details
Matching Score-8
Assigner-Trellix
CVSS Score-6.6||MEDIUM
EPSS-0.34% / 25.41%
||
7 Day CHG~0.00%
Published-11 Dec, 2019 | 06:25
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL Search Order Hijacking

DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker.

Action-Not Available
Vendor-McAfee, LLC
Product-techcheckMcAfee TechCheck
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-3613
Matching Score-8
Assigner-Trellix
ShareView Details
Matching Score-8
Assigner-Trellix
CVSS Score-5.9||MEDIUM
EPSS-0.36% / 28.26%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 11:12
Updated-16 Sep, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL search order hijacking in MA

DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder.

Action-Not Available
Vendor-McAfee, LLC
Product-agentMcAfee Agent (MA)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2015-3987
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.47% / 37.46%
||
7 Day CHG~0.00%
Published-14 May, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unquoted Windows search path vulnerabilities in the (1) Client Management and (2) Gateway in McAfee ePO Deep Command 2.1 and 2.2 before HF 1058831 allow local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-epo_deep_commandn/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2021-31841
Matching Score-6
Assigner-Trellix
ShareView Details
Matching Score-6
Assigner-Trellix
CVSS Score-8.2||HIGH
EPSS-0.23% / 14.17%
||
7 Day CHG~0.00%
Published-22 Sep, 2021 | 13:25
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL side loading vulnerability in MA for Windows

A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature.

Action-Not Available
Vendor-McAfee, LLC
Product-mcafee_agentMcAfee Agent for Windows
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-426
Untrusted Search Path
CVE-2020-7315
Matching Score-6
Assigner-Trellix
ShareView Details
Matching Score-6
Assigner-Trellix
CVSS Score-6||MEDIUM
EPSS-0.47% / 37.12%
||
7 Day CHG~0.00%
Published-10 Sep, 2020 | 09:55
Updated-16 Sep, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL Injection vulnerability in MA for Windows

DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL.

Action-Not Available
Vendor-McAfee, LLC
Product-mcafee_agentMA for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-3648
Matching Score-6
Assigner-Trellix
ShareView Details
Matching Score-6
Assigner-Trellix
CVSS Score-6.1||MEDIUM
EPSS-0.66% / 47.09%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 08:55
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Implicit loading of DLLs

A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.

Action-Not Available
Vendor-McAfee, LLC
Product-anti-virus_plusinternet_securitytotal_protectionMcAfee Total Protection
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-3587
Matching Score-6
Assigner-Trellix
ShareView Details
Matching Score-6
Assigner-Trellix
CVSS Score-7.2||HIGH
EPSS-1.37% / 68.64%
||
7 Day CHG~0.00%
Published-23 Jan, 2019 | 15:00
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL Search Order Hijacking vulnerability

DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder.

Action-Not Available
Vendor-McAfee, LLCMicrosoft Corporation
Product-windowstotal_protectionTotal Protection (MTP)
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-3646
Matching Score-6
Assigner-Trellix
ShareView Details
Matching Score-6
Assigner-Trellix
CVSS Score-6.9||MEDIUM
EPSS-1.48% / 70.75%
||
7 Day CHG~0.00%
Published-13 Sep, 2019 | 13:05
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability

DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.

Action-Not Available
Vendor-McAfee, LLC
Product-total_protectionMcAfee Total Protection - Free Antivirus Trial
CWE ID-CWE-714
Not Available
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-17099
Matching Score-4
Assigner-Bitdefender
ShareView Details
Matching Score-4
Assigner-Bitdefender
CVSS Score-5.3||MEDIUM
EPSS-0.65% / 46.73%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 17:23
Updated-16 Sep, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Untrusted Search Path vulnerability in EPSecurityService.exe (VA-3500)

An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163.

Action-Not Available
Vendor-Bitdefender
Product-endpoint_security_toolsEPSecurityService.exe
CWE ID-CWE-426
Untrusted Search Path
CVE-2025-21365
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.92% / 55.83%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsoffice_long_term_servicing_channelMicrosoft Office LTSC 2024Microsoft 365 Apps for Enterprise
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-20123
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-1.17% / 63.61%
||
7 Day CHG+0.17%
Published-30 Jun, 2022 | 05:05
Updated-15 Apr, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Viscosity DLL untrusted search path

A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-sparklabsunspecifiedMicrosoft Corporation
Product-windowsviscosityViscosity
CWE ID-CWE-426
Untrusted Search Path
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2013-3494
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-7.8||HIGH
EPSS-1.59% / 72.75%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 15:14
Updated-06 Aug, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code.

Action-Not Available
Vendor-umplayer_projectUMPlayer
Product-umplayerUMPlayer
CWE ID-CWE-426
Untrusted Search Path
CVE-2022-41953
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-6.80% / 93.21%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 21:03
Updated-10 Mar, 2025 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Git clone remote code execution vulnerability in git-for-windows

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it, among other things running a spell checker called `aspell.exe` if it was found. Git GUI is implemented as a Tcl/Tk script. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable _always includes the current directory_. Therefore, malicious repositories can ship with an `aspell.exe` in their top-level directory which is executed by Git GUI without giving the user a chance to inspect it first, i.e. running untrusted code. This issue has been addressed in version 2.39.1. Users are advised to upgrade. Users unable to upgrade should avoid using Git GUI for cloning. If that is not a viable option, at least avoid cloning from untrusted sources.

Action-Not Available
Vendor-git-scmgit-for-windowsMicrosoft Corporation
Product-windowsgitgit
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-17100
Matching Score-4
Assigner-Bitdefender
ShareView Details
Matching Score-4
Assigner-Bitdefender
CVSS Score-5.2||MEDIUM
EPSS-0.34% / 26.02%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 13:55
Updated-17 Sep, 2024 | 03:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Untrusted Search Path vulnerability in Bitdefender Total Security 2020 (VA-5895)

An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69.

Action-Not Available
Vendor-Bitdefender
Product-total_security_2020bdserviceshost.exe
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2130
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.74% / 74.90%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-securebrainSecureBrain Corporation
Product-phishwall_clientThe installer of PhishWall Client Internet Explorer version
CWE ID-CWE-426
Untrusted Search Path
CVE-2025-12793
Matching Score-4
Assigner-ASUSTeK Computer Incorporation
ShareView Details
Matching Score-4
Assigner-ASUSTeK Computer Incorporation
CVSS Score-8.5||HIGH
EPSS-0.11% / 1.80%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 02:14
Updated-28 Jan, 2026 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ' Security Update for MyASUS' section on the ASUS Security Advisory for more information.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-myasusASCI
CWE ID-CWE-426
Untrusted Search Path
CVE-2020-12892
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.30% / 22.19%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 18:39
Updated-16 Sep, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwarewindows_10AMD Radeon Software
CWE ID-CWE-426
Untrusted Search Path
CVE-2012-1854
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-21.03% / 97.27%
||
7 Day CHG~0.00%
Published-10 Jul, 2012 | 21:00
Updated-22 Apr, 2026 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-04-27||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-visual_basic_for_applications_sdkofficevisual_basic_for_applicationsn/aVisual Basic for Applications (VBA)
CWE ID-CWE-426
Untrusted Search Path
CVE-2026-53819
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.30% / 21.50%
||
7 Day CHG~0.00%
Published-11 Jun, 2026 | 20:10
Updated-23 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.5.27 - Arbitrary Homebrew Executable Execution via Workspace .env Override

OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill setup to compromise the system.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-8801
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.39% / 30.44%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesmac_os_xiTunes for WindowsmacOS
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-6473
Matching Score-4
Assigner-Yandex N.V.
ShareView Details
Matching Score-4
Assigner-Yandex N.V.
CVSS Score-8.4||HIGH
EPSS-0.71% / 49.01%
||
7 Day CHG-0.01%
Published-03 Sep, 2024 | 10:35
Updated-05 Sep, 2024 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL Hijacking in Yandex Browser

Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.

Action-Not Available
Vendor-yandexYandexyandex
Product-yandex_browserBrowseryandex_browser
CWE ID-CWE-426
Untrusted Search Path
CVE-2022-31012
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.38% / 29.70%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 20:35
Updated-23 Apr, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Git for Windows' installer can be tricked into executing an untrusted binary

Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into `C:\mingw64\bin\git.exe` by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is included in version 2.37.1. Two workarounds are available. Create the `C:\mingw64` folder and remove read/write access from this folder, or disallow arbitrary authenticated users to create folders in `C:\`.

Action-Not Available
Vendor-gitforwindowsgit-for-windows
Product-gitgit
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-49515
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.24% / 15.16%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 20:02
Updated-04 Dec, 2024 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Painter | Untrusted Search Path (CWE-426)

Substance3D - Painter versions 10.1.0 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_painterSubstance3D - Paintersubstance_3d_painter
CWE ID-CWE-426
Untrusted Search Path
CVE-2010-3190
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-9.04% / 94.65%
||
7 Day CHG~0.00%
Published-31 Aug, 2010 | 19:25
Updated-28 May, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-visual_c\+\+visual_studio_.netitunesvisual_studion/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2022-26488
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-1.36% / 68.46%
||
7 Day CHG~0.00%
Published-07 Mar, 2022 | 17:26
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.

Action-Not Available
Vendor-n/aNetApp, Inc.Microsoft CorporationPython Software Foundation
Product-windowspythonactive_iq_unified_managerontap_select_deploy_administration_utilityn/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-49043
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.59% / 43.86%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:53
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability

Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2016sql_server_2019sql_server_2022sql_server_2017Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2017 (CU 31)Microsoft SQL Server 2019 (CU 29)Microsoft SQL Server 2022 for (CU 15)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2022 (GDR)
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-47422
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.34% / 25.59%
||
7 Day CHG~0.00%
Published-09 Oct, 2024 | 14:29
Updated-18 Oct, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Framemaker | Untrusted Search Path (CWE-426)

Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious path into the search directories, which the application could unknowingly execute. This could allow the attacker to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-framemakerwindowsAdobe Framemakerframemaker
CWE ID-CWE-426
Untrusted Search Path
CVE-2022-24826
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.08% / 79.26%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 23:35
Updated-23 Apr, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Git LFS can execute a binary from the current directory on Windows

On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. Similarly, if the malicious repository contains files named `..exe` and `cygpath.exe`, and `cygpath.exe` is not found in `PATH`, the `..exe` program will be executed when certain Git LFS commands are run. More generally, if the current working directory contains any file with a base name of `.` and a file extension from `PATHEXT` (except `.bat` and `.cmd`), and also contains another file with the same base name as a program Git LFS intends to execute (such as `git`, `cygpath`, or `uname`) and any file extension from `PATHEXT` (including `.bat` and `.cmd`), then, on Windows, when Git LFS attempts to execute the intended program the `..exe`, `..com`, etc., file will be executed instead, but only if the intended program is not found in any directory listed in `PATH`. The vulnerability occurs because when Git LFS detects that the program it intends to run does not exist in any directory listed in `PATH` then Git LFS passes an empty string as the executable file path to the Go `os/exec` package, which contains a bug such that, on Windows, it prepends the name of the current working directory (i.e., `.`) to the empty string without adding a path separator, and as a result searches in that directory for a file with the base name `.` combined with any file extension from `PATHEXT`, executing the first one it finds. (The reason `..bat` and `..cmd` files are not executed in the same manner is that, although the Go `os/exec` package tries to execute them just as it does a `..exe` file, the Microsoft Win32 API `CreateProcess()` family of functions have an undocumented feature in that they apparently recognize when a caller is attempting to execute a batch script file and instead run the `cmd.exe` command interpreter, passing the full set of command line arguments as parameters. These are unchanged from the command line arguments set by Git LFS, and as such, the intended program's name is the first, resulting in a command line like `cmd.exe /c git`, which then fails.) Git LFS has resolved this vulnerability by always reporting an error when a program is not found in any directory listed in `PATH` rather than passing an empty string to the Go `os/exec` package in this case. The bug in the Go `os/exec` package has been reported to the Go project and is expected to be patched after this security advisory is published. The problem was introduced in version 2.12.1 and is patched in version 3.1.3. Users of affected versions should upgrade to version 3.1.3. There are currently no known workarounds at this time.

Action-Not Available
Vendor-git_large_file_storage_projectgit-lfs
Product-git_large_file_storagegit-lfs
CWE ID-CWE-426
Untrusted Search Path
CVE-2022-23748
Matching Score-4
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-4
Assigner-Check Point Software Ltd.
CVSS Score-7.8||HIGH
EPSS-9.09% / 94.68%
||
7 Day CHG~0.00%
Published-17 Nov, 2022 | 00:00
Updated-24 Oct, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-02-27||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.

Action-Not Available
Vendor-audinaten/aAudinateMicrosoft Corporation
Product-dante_application_librarywindowsAudinate Dante Application Library for WindowsDante Discovery
CWE ID-CWE-114
Process Control
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-43616
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.73% / 49.94%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft Office LTSC 2024Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office 2019
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-41865
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.34% / 25.43%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 14:55
Updated-19 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Dimension Untrusted Search Path lead to load malicious DLL swift.dll

Dimension versions 3.4.11 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur if the application uses a search path to locate executables or libraries. Exploitation of this issue requires user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-dimensionDimensiondimension
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-36507
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.28% / 19.99%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 18:53
Updated-14 Nov, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering.

Action-Not Available
Vendor-Fortinet, Inc.
Product-forticlientFortiClientWindowsforticlientwindows
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-30100
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.18% / 63.97%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 17:00
Updated-17 Dec, 2025 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2016
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-24810
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.3||HIGH
EPSS-0.24% / 14.31%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 02:39
Updated-01 Aug, 2024 | 23:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WiX is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.

Action-Not Available
Vendor-firegiantwixtoolsetfiregiant
Product-wix_toolsetissueswix_toolset
CWE ID-CWE-426
Untrusted Search Path
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found