CWE-427
Uncontrolled Search Path Element
BaseDraft
Description
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-38 · CAPEC-471
CVEs mapped to this weakness (303)
page 12 of 16| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-20043 | Med | 0.44 | 6.7 | 0.00 | May 13, 2025 | Uncontrolled search path for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2025-20041 | Med | 0.44 | 6.7 | 0.00 | May 13, 2025 | Uncontrolled search path for some Intel(R) Graphics software for Intel(R) Arc™ graphics and Intel(R) Iris(R) Xe graphics before version 32.0.101.6325/32.0.101.6252 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2025-20015 | Med | 0.44 | 6.7 | 0.00 | May 13, 2025 | Uncontrolled search path element for some Intel(R) Ethernet Connection software before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-47800 | Med | 0.44 | 6.7 | 0.00 | May 13, 2025 | Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-47795 | Med | 0.44 | 6.7 | 0.00 | May 13, 2025 | Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-46895 | Med | 0.44 | 6.7 | 0.00 | May 13, 2025 | Uncontrolled search path for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6083/32.0.101.5736 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-39833 | Med | 0.44 | 6.7 | 0.00 | May 13, 2025 | Uncontrolled search path for some Intel(R) QAT software before version 2.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-31073 | Med | 0.44 | 6.7 | 0.00 | May 13, 2025 | Uncontrolled search path for some Intel(R) oneAPI Level Zero software may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-47006 | Med | 0.44 | 6.7 | 0.00 | Feb 12, 2025 | Uncontrolled search path for the Intel(R) RealSense D400 Series Universal Windows Platform (UWP) Driver for Windows(R) 10 all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-42492 | Med | 0.44 | 6.7 | 0.00 | Feb 12, 2025 | Uncontrolled search path element in some BIOS and System Firmware Update Package for Intel(R) Server M50FCP family before version R01.02.0002 may allow a privileged user to potentially enable escalation of privilege via local access. | |
| CVE-2024-42405 | Med | 0.44 | 6.7 | 0.00 | Feb 12, 2025 | Uncontrolled search path for some Intel(R) Quartus(R) Prime Software before version 23.1.1 Patch 1.01std may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-39813 | Med | 0.44 | 6.7 | 0.00 | Feb 12, 2025 | Uncontrolled search path for some EPCT software before version 1.42.8.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-39372 | Med | 0.44 | 6.7 | 0.00 | Feb 12, 2025 | Uncontrolled search path for the Intel(R) XTU software for Windows before version 7.14.2.14 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-39365 | Med | 0.44 | 6.7 | 0.00 | Feb 12, 2025 | Uncontrolled search path for the FPGA Support Package for the Intel(R) oneAPI DPC++/C++ Compiler software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-36291 | Med | 0.44 | 6.7 | 0.00 | Feb 12, 2025 | Uncontrolled search path for some Intel(R) Chipset Software Installation Utility before version 10.1.19867.8574 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-36283 | Med | 0.44 | 6.7 | 0.00 | Feb 12, 2025 | Uncontrolled search path for the Intel(R) Thread Director Visualizer software before version 1.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-36280 | Med | 0.44 | 6.7 | 0.00 | Feb 12, 2025 | Uncontrolled search path for some Intel(R) High Level Synthesis Compiler software before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-32938 | Med | 0.44 | 6.7 | 0.00 | Feb 12, 2025 | Uncontrolled search path for some Intel(R) MPI Library for Windows software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-24852 | Med | 0.44 | 6.7 | 0.00 | Feb 12, 2025 | Uncontrolled search path in some Intel(R) Ethernet Adapter Complete Driver Pack install before versions 29.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-21830 | Med | 0.44 | 6.7 | 0.00 | Feb 12, 2025 | Uncontrolled search path in some Intel(R) VPL software before version 2023.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |