CWE-427
Uncontrolled Search Path Element
Description
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-38 · CAPEC-471
CVEs mapped to this weakness (377)
page 15 of 19| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-38387 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path in the Intel(R) Graphics Driver installers for versions 15.40 and 15.45 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-37024 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path for some ACAT software maintained by Intel(R) for Windows before version 3.11.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-35245 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path element in some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-34167 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path for the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-34165 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path in some Intel(R) oneAPI DPC++/C++ Compiler before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-34164 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path element in some Intel(R) MAS software before version 2.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-34028 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path in some Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for Windows before version 2024.1.0.142, graphics driver 31.0.101.5445 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-31407 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software for Intel(R) Quartus(R) Prime Pro Edition Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-28950 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-28881 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path for some Intel(R) Fortran Compiler Classic software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-26017 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path in some Intel(R) Rendering Toolkit software before version 2024.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-23312 | Med | 0.44 | 6.7 | 0.00 | Nov 13, 2024 | Uncontrolled search path for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-8766 | Med | 0.44 | 6.7 | 0.00 | Sep 16, 2024 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235, Acronis Cyber Protect 16 (Windows) before build 39169. | ||
| CVE-2024-28953 | Med | 0.44 | 6.7 | 0.00 | Aug 14, 2024 | Uncontrolled search path in some EMON software before version 11.44 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-22376 | Med | 0.44 | 6.7 | 0.00 | Aug 14, 2024 | Uncontrolled search path element in some installation software for Intel(R) Ethernet Adapter Driver Pack before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-21857 | Med | 0.44 | 6.7 | 0.00 | Aug 14, 2024 | Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-21769 | Med | 0.44 | 6.7 | 0.00 | Aug 14, 2024 | Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-21766 | Med | 0.44 | 6.7 | 0.00 | Aug 14, 2024 | Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-22379 | Med | 0.44 | 6.7 | 0.00 | May 16, 2024 | Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-21843 | Med | 0.44 | 6.7 | 0.00 | May 16, 2024 | Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access. |
- risk 0.44cvss 6.7epss 0.00
Uncontrolled search path in the Intel(R) Graphics Driver installers for versions 15.40 and 15.45 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Uncontrolled search path for some ACAT software maintained by Intel(R) for Windows before version 3.11.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Uncontrolled search path element in some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Uncontrolled search path for the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Uncontrolled search path in some Intel(R) oneAPI DPC++/C++ Compiler before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Uncontrolled search path element in some Intel(R) MAS software before version 2.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Uncontrolled search path in some Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for Windows before version 2024.1.0.142, graphics driver 31.0.101.5445 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software for Intel(R) Quartus(R) Prime Pro Edition Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Uncontrolled search path for some Intel(R) Fortran Compiler Classic software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Uncontrolled search path in some Intel(R) Rendering Toolkit software before version 2024.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Uncontrolled search path for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235, Acronis Cyber Protect 16 (Windows) before build 39169.
- risk 0.44cvss 6.7epss 0.00
Uncontrolled search path in some EMON software before version 11.44 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Uncontrolled search path element in some installation software for Intel(R) Ethernet Adapter Driver Pack before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.44cvss 6.7epss 0.00
Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access.