CWE-427

Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation.

DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access.

A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access.

Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges.

RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the –plugin flag without the –plugin-path flag. This vulnerability appears to have been fixed in 1.27.1.