CWE-427
Uncontrolled Search Path Element
BaseDraft
Description
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-38 · CAPEC-471
CVEs mapped to this weakness (303)
page 13 of 16| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-49592 | Med | 0.44 | 6.7 | 0.00 | Nov 15, 2024 | Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adversary or knowledgeable user" and the type of attack could be called "DLL-squatting." The issue only affects execution of this installer, and does not leave McAfee Total Protection in a vulnerable state after installation is completed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |
| CVE-2024-38387 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path in the Intel(R) Graphics Driver installers for versions 15.40 and 15.45 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-37024 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path for some ACAT software maintained by Intel(R) for Windows before version 3.11.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-35245 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path element in some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-34167 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path for the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-34165 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path in some Intel(R) oneAPI DPC++/C++ Compiler before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-34164 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path element in some Intel(R) MAS software before version 2.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-34028 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path in some Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for Windows before version 2024.1.0.142, graphics driver 31.0.101.5445 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-31407 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software for Intel(R) Quartus(R) Prime Pro Edition Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-28950 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-28881 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path for some Intel(R) Fortran Compiler Classic software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-26017 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path in some Intel(R) Rendering Toolkit software before version 2024.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-23312 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-8766 | Med | 0.44 | 6.7 | 0.00 | Sep 16, 2024 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235, Acronis Cyber Protect 16 (Windows) before build 39169. | |
| CVE-2024-28953 | Med | 0.44 | 6.7 | 0.00 | Aug 14, 2024 | Uncontrolled search path in some EMON software before version 11.44 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-22376 | Med | 0.44 | 6.7 | 0.00 | Aug 14, 2024 | Uncontrolled search path element in some installation software for Intel(R) Ethernet Adapter Driver Pack before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-21857 | Med | 0.44 | 6.7 | 0.00 | Aug 14, 2024 | Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-21769 | Med | 0.44 | 6.7 | 0.00 | Aug 14, 2024 | Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-21766 | Med | 0.44 | 6.7 | 0.00 | Aug 14, 2024 | Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-22379 | Med | 0.44 | 6.7 | 0.00 | May 16, 2024 | Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |