VYPR

CWE-427

Uncontrolled Search Path Element

BaseDraft

Description

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-38 · CAPEC-471

CVEs mapped to this weakness (377)

page 15 of 19
  • CVE-2024-38387MedNov 13, 2024
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path in the Intel(R) Graphics Driver installers for versions 15.40 and 15.45 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-37024MedNov 13, 2024
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some ACAT software maintained by Intel(R) for Windows before version 3.11.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-35245MedNov 13, 2024
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path element in some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-34167MedNov 13, 2024
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-34165MedNov 13, 2024
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path in some Intel(R) oneAPI DPC++/C++ Compiler before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-34164MedNov 13, 2024
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path element in some Intel(R) MAS software before version 2.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-34028MedNov 13, 2024
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path in some Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for Windows before version 2024.1.0.142, graphics driver 31.0.101.5445 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-31407MedNov 13, 2024
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software for Intel(R) Quartus(R) Prime Pro Edition Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-28950MedNov 13, 2024
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-28881MedNov 13, 2024
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) Fortran Compiler Classic software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-26017MedNov 13, 2024
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path in some Intel(R) Rendering Toolkit software before version 2024.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-23312MedNov 13, 2024
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-8766MedSep 16, 2024
    risk 0.44cvss 6.7epss 0.00

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235, Acronis Cyber Protect 16 (Windows) before build 39169.

  • CVE-2024-28953MedAug 14, 2024
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path in some EMON software before version 11.44 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-22376MedAug 14, 2024
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path element in some installation software for Intel(R) Ethernet Adapter Driver Pack before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-21857MedAug 14, 2024
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-21769MedAug 14, 2024
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-21766MedAug 14, 2024
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-22379MedMay 16, 2024
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-21843MedMay 16, 2024
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access.