CWE-426
Untrusted Search Path
BaseStableLikelihood: High
Description
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-38
CVEs mapped to this weakness (241)
page 13 of 13| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-3357 | 0.00 | — | 0.00 | Aug 5, 2008 | Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability." |