VYPR

CWE-427

Uncontrolled Search Path Element

BaseDraft

Description

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-38 · CAPEC-471

CVEs mapped to this weakness (377)

page 14 of 19
  • CVE-2025-20041MedMay 13, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) Graphics software for Intel(R) Arc™ graphics and Intel(R) Iris(R) Xe graphics before version 32.0.101.6325/32.0.101.6252 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-20015MedMay 13, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path element for some Intel(R) Ethernet Connection software before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-47800MedMay 13, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-47795MedMay 13, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-46895MedMay 13, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6083/32.0.101.5736 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-39833MedMay 13, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) QAT software before version 2.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-31073MedMay 13, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) oneAPI Level Zero software may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-47006MedFeb 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for the Intel(R) RealSense D400 Series Universal Windows Platform (UWP) Driver for Windows(R) 10 all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-42492MedFeb 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path element in some BIOS and System Firmware Update Package for Intel(R) Server M50FCP family before version R01.02.0002 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-42405MedFeb 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) Quartus(R) Prime Software before version 23.1.1 Patch 1.01std may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-39813MedFeb 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some EPCT software before version 1.42.8.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-39372MedFeb 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for the Intel(R) XTU software for Windows before version 7.14.2.14 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-39365MedFeb 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for the FPGA Support Package for the Intel(R) oneAPI DPC++/C++ Compiler software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-36291MedFeb 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) Chipset Software Installation Utility before version 10.1.19867.8574 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-36283MedFeb 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for the Intel(R) Thread Director Visualizer software before version 1.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-36280MedFeb 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) High Level Synthesis Compiler software before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-32938MedFeb 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) MPI Library for Windows software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-24852MedFeb 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path in some Intel(R) Ethernet Adapter Complete Driver Pack install before versions 29.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-21830MedFeb 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path in some Intel(R) VPL software before version 2023.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-49592MedNov 15, 2024
    risk 0.44cvss 6.7epss 0.00

    Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adversary or knowledgeable user" and the type of attack could be called…