CWE-427 - Uncontrolled Search Path Element

Description

    This weakness occurs when application uses fixed or controlled search path to find resources but one or more locations of the path are under control of malicious user.
    It is frequently introduced when a product uses a directory search path to find executables or code libraries, but the path contains a directory that can be modified by an attacker, such as "/tmp" or the current working directory.
   If an attacker gains control over one of the locations that is searched by the system, he can place a malicious library with the corresponding name into this directory and the library will be loaded by the application.
The weakness is introduced during Implementation stage.

Latest vulnerabilities for CWE-427

Multiple vulnerabilities in Oracle Enterprise Manager for Fusion Middleware 2024-04-17
High Yes
Insecure DLL loading in KEYENCE CORPORATION VT STUDIO 2024-04-02
High Yes
Insecure DLL loading in Fujidenolo Solutions SonicDICOM Media Viewer 2024-03-27
High Yes
Insecure DLL loading in EasyRange 2024-03-25
High No
Insecure DLL loading in Microsoft Windows OLE 2024-03-12
High Yes
Insecure DLL loading in Microsoft Exchange Server 2024-03-12
High Yes
Insecure DLL loading in Western Digital SanDisk PrivateAccess Desktop App for Windows 2024-03-08
High Yes
Multiple vulnerabilities in SKYSEA Client View 2024-03-07
Low Yes
Insecure DLL loading in Cisco Secure Client for Linux 2024-03-07
Low Yes
Insecure DLL loading in Delta Electronics CNCSoft-B and DOPSoft 2024-02-23
High Yes

References

Description of CWE-427 on Mitre website