Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-31694

Summary
Assigner-vmware
Assigner Org ID-dcf2e128-44bd-42ed-91e8-88f912c1401d
Published At-18 Nov, 2022 | 00:00
Updated At-29 Apr, 2025 | 14:25
Rejected At-
Credits

InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer (when the popup triggers the loading of the library). Exploiting these type of vulnerabilities generally require that an attacker has access to a vulnerable machine to plant the malicious DLL.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:vmware
Assigner Org ID:dcf2e128-44bd-42ed-91e8-88f912c1401d
Published At:18 Nov, 2022 | 00:00
Updated At:29 Apr, 2025 | 14:25
Rejected At:
▼CVE Numbering Authority (CNA)

InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer (when the popup triggers the loading of the library). Exploiting these type of vulnerabilities generally require that an attacker has access to a vulnerable machine to plant the malicious DLL.

Affected Products
Vendor
n/a
Product
VMware InstallBuilder
Versions
Affected
  • All InstallBuilder for Qt versions prior to version 22.10.0
Problem Types
TypeCWE IDDescription
textN/AUncontrolled Search Path Element
Type: text
CWE ID: N/A
Description: Uncontrolled Search Path Element
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://blog.installbuilder.com/2022/11/installbuilder-22100-released.html
N/A
Hyperlink: https://blog.installbuilder.com/2022/11/installbuilder-22100-released.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://blog.installbuilder.com/2022/11/installbuilder-22100-released.html
x_transferred
Hyperlink: https://blog.installbuilder.com/2022/11/installbuilder-22100-released.html
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-427CWE-427 Uncontrolled Search Path Element
Type: CWE
CWE ID: CWE-427
Description: CWE-427 Uncontrolled Search Path Element
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@vmware.com
Published At:18 Nov, 2022 | 23:15
Updated At:29 Apr, 2025 | 15:15

InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer (when the popup triggers the loading of the library). Exploiting these type of vulnerabilities generally require that an attacker has access to a vulnerable machine to plant the malicious DLL.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Secondary3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CPE Matches
installbuilder
installbuilder
>>installbuilder>>Versions before 22.10.0(exclusive)
cpe:2.3:a:installbuilder:installbuilder:*:*:*:*:*:qt:*:*
Weaknesses
CWE IDTypeSource
CWE-427Primarynvd@nist.gov
CWE-427Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-427
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-427
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://blog.installbuilder.com/2022/11/installbuilder-22100-released.htmlsecurity@vmware.com
Release Notes
Vendor Advisory
https://blog.installbuilder.com/2022/11/installbuilder-22100-released.htmlaf854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
Hyperlink: https://blog.installbuilder.com/2022/11/installbuilder-22100-released.html
Source: security@vmware.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://blog.installbuilder.com/2022/11/installbuilder-22100-released.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

129Records found
CVE-2023-39254
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.54%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 12:43
Updated-31 Jan, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin.

Action-Not Available
Vendor-Dell Inc.
Product-update_package_frameworkDUP Frameworkupdate_package_framework
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-21206
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.45% / 62.67%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-12 Mar, 2025 | 01:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Installer Elevation of Privilege Vulnerability

Visual Studio Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022visual_studio_2019visual_studio_2017Microsoft Visual Studio 2022 version 17.12Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-32660
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.15% / 35.92%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool installation software before version 46 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-thunderbolt_3_controller_firmwarenuc_kit_nuc6i7kykIntel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool installation softwareintel_nuc_kit_nuc6i7kyk_thunderbolt_3_frimware_update_tool_installation_software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-31027
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-8.2||HIGH
EPSS-0.03% / 5.84%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:56
Updated-12 Sep, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpuNVIDIA GPU Display driver, vGPU driver, and Cloud gaming drivergpu_display_driver
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-31361
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.10%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 20:07
Updated-12 Feb, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AIM-T (AMD Integrated Management Technology) software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-31016
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.3||HIGH
EPSS-0.04% / 12.50%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:36
Updated-06 Sep, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpuNVIDIA GPU Display driver, vGPU driver, and Cloud gaming drivergpu_display_driver
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-31348
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.85%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:57
Updated-12 Dec, 2024 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-uprofμProf Tooluprof_tool
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-28823
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.42%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-15 Oct, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_rendering_toolkitdpc\+\+_compatibility_tooloneapi_dpc\+\+\/c\+\+_compileroneapi_data_analytics_libraryosprayoneapi_toolkit_and_component_software_installeroneapi_iot_toolkitimplicit_spmd_program_compilervtune_profiler_for_oneapiopen_image_denoiseoneapi_deep_neural_network_libraryoneapi_video_processing_libraryintegrated_performance_primitivesdistribution_for_python_programming_languagefortran_compileroneapi_threading_building_blocksinspector_for_oneapiadvisor_for_oneapicpu_runtime_for_opencl_applicationsoneapi_base_toolkitoneapi_dpc\+\+_library_\(onedpl\)mpi_libraryoneapi_hpc_toolkitoneapi_math_kernel_libraryipp_cryptographytrace_analyzer_and_collectoropen_volume_kernel_libraryospray_studioembree_ray_tracing_kernel_libraryIntel(R) oneAPI Toolkit and component software installers
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-28080
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 13.45%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 15:24
Updated-10 Jan, 2025 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Dell Inc.
Product-powerpathPowerPath Windows
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-27386
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.07%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-pathfinder_for_risc-vIntel(R) Pathfinder for RISC-V software
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-48224
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.05% / 14.81%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 00:00
Updated-18 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is installed with insecure permissions (full write access within Program Files). Standard users can replace files within this directory that get executed with elevated privileges, leading to a complete arbitrary code execution (elevation of privileges).

Action-Not Available
Vendor-gbgplcn/a
Product-acuant_acufill_sdkn/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-4894
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.3||HIGH
EPSS-0.12% / 32.00%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 20:13
Updated-03 Aug, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element.

Action-Not Available
Vendor-SamsungHP Inc.
Product-7fq92a\#ab18af51a714z8a_firmwaress256h_firmwaress272q_firmwaress278ass395a_firmwaress388kst682a_firmwaress383f_firmwaress359ess150t8af50a_firmwaress211c_firmwaress213ess395c_firmwaress365g_firmware7fr04a\#ab1ss344b_firmwaress152a_firmwaress272c_firmwaress370a_firmware7gf50a\#ab1209u7ass196fss365j_firmwarest686css042d_firmwaress150p_firmwaress108j_firmwaress204ess103a_firmwarest690css272n_firmwaresv531ass404q3b0c3a\#ab1_firmwarest695b_firmware7gf55a\#ab1_firmwaress196g_firmwaress106j_firmwaress339fss204dss210j_firmwaress076sss076d_firmwaress342d_firmwaress229fss389z_firmwaress154a_firmwaress343e_firmwaress397q_firmwaress326est679h_firmwaress370ass256kst694ass357a_firmwaress150j_firmware6hu09a_firmwaress334ess352h_firmwaress365lss389z7gf53a\#ab1_firmwaress276bss341ass268a_firmwaress075bss150lss106lss327css272d_firmwarest688jss196f_firmwaress041jss075kss287a_firmwaress256tss383h_firmware3a9x2a\#301ss389mss396c_firmware715a6a715a3ass153f_firmwaress256n_firmwaress359hss105gss256p_firmwaress355a3a9x1a\#ab1ss210c_firmwaress378d_firmwaress271lss218h_firmwaress353ass229c_firmwaress335fss216v_firmwaress042fss153kss257l_firmwaress256m_firmwaress027lss272nss108k_firmwarest688g_firmwaress255c_firmwaress058b_firmwaress336a_firmwaress271ass042b_firmware7fq87a\#ab1ss076k3a9x3a\#ab1_firmware3b0c0a\#301_firmwaress107j_firmwaresw192a_firmwarest688e_firmware8pa11a\#301_firmwaress325ass350ass395mss058a_firmware4zb93ass076e_firmwaress150q_firmwaress205p_firmware7ab26a_firmwaress273b_firmwaress397lss369a_firmware7fq89a\#ab1_firmwaress349ass216hss150k_firmwaress383v4zb89ass058g_firmware3b0c9a\#304_firmwaress044jss204f_firmwaress280ass044k_firmwaress340c_firmwaress389gss369d_firmwaress275a_firmwaress334c_firmwaress384ass229ess389pss388fss395g_firmwaress383p_firmwaress335e_firmwarest687ass076l_firmwaress395pss058gss150bss398dss352mss352k_firmwaress385ass213gss272e_firmwaress348a_firmwaress216jss216q_firmwaress049dss033j3a9x3a\#ab1ss229gst682ast694dss236ass254css229f_firmwaress334d_firmwaress388lst688css368h_firmwaress216sss076w_firmwaress386fss359fss272f_firmwaress352ess257e_firmwaress105b_firmwaress218css353c_firmwaress392css365fss218j_firmwaress368css404jss398css229hss257c_firmwaress328a_firmwaress205l_firmwaress234ass382a_firmwaress210ass105dss365mss042bss033lss149a_firmwaress359h_firmwaress323ass195ass359kss198a_firmwaress384dss229j_firmwaress108ass229css218ass229h_firmwaress383q_firmware7fq92a\#ab1_firmwaress383a_firmwaress341a_firmwaress211k_firmwaress108f_firmwaress150t_firmwaress236a_firmwaress388f_firmwaress076d3b0c6a\#312_firmwaress150g7gf48a\#ab1_firmwaress195a_firmwaress237a_firmwaress075b_firmware715a1ass349c_firmwaress230q_firmware3b0c5a\#ab1ss368ess273bss254bss216k_firmware715a2a_firmwaress365d_firmwaress044bss257jst673a_firmwaress211j_firmwaress335a_firmwaress383uss389lss230f_firmwaress027k7gf54a\#ab1_firmwaress043gss076q2zn50a_firmwaress033l_firmwaress378fss212a_firmwaress211d_firmwaress389b_firmwaress210e_firmwaress104ass229e_firmwaress108h_firmwaress211jss108gss389h_firmwaress261ass393bss369bss326e_firmwaress343fss272bss353g_firmwaress076j3a9x4a\#ab1ss204jss218hss150css378dss076v_firmwaress383nss219e_firmwarest679b_firmwaress271p_firmwaress213a_firmware3b0c1a\#304ss272l_firmwaress211nss256a_firmwaress044b_firmwarest673dss395e_firmwarest682css033bss152css274ass232ass027f_firmwaress378e_firmwaress076q_firmwaress271q_firmwaress353h_firmware8pa10a\#301ss342ess353d_firmwaress352g_firmwaress369ass404h_firmwaress397kss340css259a4zb85a_firmwaress365gss107b_firmwaress394a_firmwaress230s_firmwaress210m_firmwaress216kss107n_firmwaress043b_firmware4zb79ass365k_firmwaress256f_firmwaress352gss383g_firmwaress327dst686b_firmware715a0a_firmwaress107h_firmwaress392a3a9x8a\#ab1_firmwaress380a_firmwaress349f_firmware4zb83ass218jss377h_firmwaress027jss075j_firmwaress359z_firmwaress150dss204n_firmwaress106h7fq88a\#ab1_firmwaress369ess334f_firmwaress216qss335gss396d_firmwarest693dst690c_firmwaress043j_firmwaress205h_firmwaress076css353dss197ass333ass377bst682b_firmwaress255ass230k_firmwaress150qss398f_firmwaress396hst688a_firmwaress276ass325a_firmwaress027k_firmware4zb87a_firmwaress359e_firmwaress404hst693d_firmwaress041ess058hss256nss106g_firmwaress033h_firmwaress211f_firmwaress216f_firmwaress359f_firmwaress205zst694a_firmwaress058css043d_firmwaress257nss205u3b0c6a\#312ss343g_firmwaress106jss395qss256e_firmware7fq93a\#ab1ss388e_firmwaress352n_firmwaress334dss216lss379ass389v_firmwaress107c_firmware7fq94a\#ab1st686h_firmwaress342a_firmwaress380b_firmwaress076k_firmwarest688bss383u_firmwaress404css379b_firmwaress044d_firmwaress377gss230zss204m_firmwaress271m_firmwaress353f_firmwaress059ess335b4zb96a_firmwaress106k_firmwaress218b_firmwarest693bss150f_firmwaress075d_firmware3a9x1a\#ab1_firmware9vv52a_firmwarest679a_firmware7fq88a\#ab1ss153b_firmwaress049n_firmwaress216p_firmwaress151ass257g_firmwaress256j_firmwaress107k_firmwaress153d_firmwaress383yss257bss404z4zb85ass272m_firmwaress335ess275bss383tss386d_firmwaress152b_firmwaress383z_firmwaress205lss336ass365c_firmwaress041a_firmwaress049m_firmware4zb92ass210m4zb96ass359q_firmwaress327a_firmwaress205f_firmware7fq97a\#ab1_firmwaress343a_firmwarest673ass105h_firmwaress209a_firmwaress213g_firmwaress076s_firmwaress383zst683d_firmwaress282css211h_firmwaress041fss211b3b0c8a\#ab1ss338ass105ess209ass352m_firmwaress254e_firmwaress397b_firmwaress230g_firmwaress230est684a_firmwaress205s_firmwaress033j_firmwaress383y_firmwaress105hw7u02a_firmwaress272a_firmwaress335d_firmwaress211gss368ass384b_firmwaress335f_firmwaress044j_firmware715a1a_firmwaress256l_firmware7fq99a\#ab1_firmwaress377fst683dss150c_firmwaress216gsv899d_firmwaress285a_firmwaress282b_firmwaress058ass404gss049nss150ass044ess105g_firmwaress396css390dss205t_firmwaress351ass389hst689a_firmwaress042css284a_firmwaress339a_firmwaress211hss398e_firmwaress359lss150b_firmwaress210jss386css230m_firmwaress368c_firmwaress272g7fr00a\#ab1ss235a_firmwaress395m_firmwarest695css353j_firmwaress152d_firmwaress397css041hss257a_firmwaress229a_firmwaress218gss230gss378a_firmwaress365jss272zss349c3b0d3a\#301ss255b_firmwaress059e_firmware1vr14a_firmwaress274a_firmwaress388j_firmwaress389dss272jss352q_firmwaress283ass216j_firmwaress272b_firmwaress339ess262a_firmwaress368a_firmwaress389e_firmwarest689ass044css059a_firmwaress404g_firmwaress041f_firmware6hu08ass330ass388l_firmwaress027fss257kss059d_firmwaress335dss378c\#304ss230a_firmwaress210css368d_firmwaress107mss369e_firmwaress058h_firmwaress390hss153gss404k_firmwaress342css339dss257m_firmwarest688h_firmwaress049f_firmware3b0c4a\#301_firmwaress257zss153css383wss041d_firmwaress076j_firmwaress219a_firmwaress266ass365c8af50asv899dss377g_firmwaress257j_firmwaress219a6hu10ass395d_firmwaress075css106sss199ass395hss211kss075d8af51a_firmware7fr00a\#ab1_firmwaress042g_firmwaress108d_firmwaress271bss044fss106ess397a_firmwaress205kss326css049c_firmwaress217ass352sss216m_firmwaress359zss211lss106tss388jss398esv899css404kss042a_firmwaress359n_firmwaress389u_firmware4zb95a3b0d1a\#ab1ss353fsw116bss076lss388css219css354ass398c_firmwarest695ass211b_firmwaress343c_firmwaress059c_firmwaress340ass076pss339e_firmwaress271nss233ass395s_firmwarest695c_firmware714z9a_firmwaress395kss043e_firmwaress210k_firmwaress368hss218e_firmwaress377e_firmware7uq76ass027d_firmwaress265a_firmware3b0d1a\#ab1_firmwarest686d_firmwaress254e715a5a_firmware7zb72a_firmwaress388b_firmwaress108c3b0c4a\#301ss033a_firmwaress352l_firmwaress390bss378gss391b_firmwaress105e_firmwaress058est679ass404z_firmwaress395l_firmwaress359dss327ast686fss205k_firmwaress106e_firmware4zb88a_firmwaress254c_firmwaress281ass277a7uq76a_firmwaress391ess324a_firmwaress076b_firmwaress397bss287b_firmwaress383x_firmwaress076tss196a_firmwaress075jss404dss153bss043l_firmwaress271c_firmwaress272hss076u_firmwaress377kss389q_firmware3b0c5a\#ab1_firmwaress254f_firmwaress383n_firmwaress230d_firmwaress390ess043c_firmwaress395lss230b_firmwaress204kss230pss276a_firmwaress395h_firmware7fq86a\#ab1_firmwarest688c_firmwaress359b_firmwaress353e_firmwaress365b6hu12a_firmwaress353hss343css216b_firmwaress365b_firmwaress391dss205nss205hss256d_firmwaress391c_firmwaress058f_firmwaress340dss332a_firmwaress254d_firmwaress356a_firmwaresw176bss044e_firmwaress339c_firmwaress204l6hu11ass380ass033g_firmwaress196dss106mss271kss216u_firmwaress216nss404l_firmwaress197a_firmware7zb20a_firmwaress348css271pss384a_firmwaress027ass108b_firmwaress256z_firmwaress218bss257dss230c_firmwaress279a2zn49a_firmwaress107qss204d_firmwarest679d_firmwaress393a_firmwaress027gst690d_firmwaress108a_firmware8pa14a\#302sv531a_firmwaress106d_firmwaress075a_firmwaress387a_firmwaress049bss257qss204h_firmware7fq90a\#ab1_firmwaress329ass076uss042dss388gss076hss255a_firmwaress398b_firmwaress330css075g_firmwaress404e_firmwaress102a_firmwaress281bss106fsv901b_firmwaress076ass275c_firmwaress108j715a3a_firmwaress288a6hu08a_firmwaress042a7gf51a\#ab1ss219f_firmwaress106n_firmwaress395dss210d715a6a_firmwaress404q_firmwaress211mss216d_firmware7fq98a\#ab1ss106css033fss195b_firmwaress377jss154ass367css383xss216a_firmwaress076bss334a_firmwarest693b_firmwaress106g8pa13a\#302ss256lss264a_firmwaress205css210g_firmwaress230h_firmwarest683bss106b_firmwaress390fss326dss213h_firmwaress211l_firmwaress027l_firmwaresw176a_firmwaress404b_firmwaress076xss327c_firmwaress027h_firmware8pa12a\#302_firmwaress271jss377p7fq91a\#ab1ss059g_firmwaress369dss271tss404e7fq94a\#ab1_firmwaress043dss343b_firmwaress386bss230p_firmwaress204c_firmwaress076ess383s_firmwaress404a_firmwaress342g_firmwaress365l_firmware7fq99a\#ab1ss256ass278a_firmwaress058jss353a_firmwaress353bss027g_firmwaress049k_firmwaress150a_firmwaress339gss265ass281b_firmwaress254dss075f_firmwaress256g_firmwaress041c_firmwaress383l_firmwaress107f_firmwaress105d_firmware4zb89a_firmwaress262ass331a_firmware3b0c0a\#301ss388k_firmwaress204bss058j_firmwaress107ast690bss153l_firmwarest694b_firmwaress383kss389s_firmware7gf47a\#ab1_firmwaress106zss271g_firmwaress378hss330c_firmwaress058fss276c_firmwaress359g_firmwaress258a_firmware8pa13a\#302_firmwarest686ass150h_firmwaress383bss267bss218ess106c_firmwaress218fss152bss377lss383qss076f_firmwaress397ass107g_firmwaress043kss033kss276b_firmwaress049e_firmwaress339g_firmwaress279a_firmwaress342fst686gss272f7fr03a\#ab1ss377nss396e_firmwarest683b_firmwaress033k_firmware7gf52a\#ab1_firmwaress359mss281a_firmwaress104a_firmwaress271dss395nss076mss391css275b_firmwaress342bss379a_firmwaress218a_firmwaress344a7fr04a\#ab1_firmwaress333a_firmwaress281css076t_firmwaress150n_firmwaress151bss330bss344b3b0c8a\#ab1_firmwaress352lss106f_firmware7zb25asv899c_firmwaress059bss059fss234a_firmwaress391ass348b_firmwaress348c_firmware6hu11a_firmwaress377j_firmwaress356ass027a_firmware7gf53a\#ab14zb79a_firmwaress256css395jss352f_firmwaress232a_firmware4zb90ass210n_firmware2zn49ass256jss049ess404pss049css383e_firmwarest688gss396bw7u01a_firmwaress368g_firmwaress257h_firmwaress272qss106nss230css027j_firmwaress329a_firmwaress044mss271k_firmwaress256q7gf50a\#ab1_firmwaress237bss342gss216g_firmwaress205d_firmwaress049lss254fss213e_firmwaress033mss397j_firmwaress349fss396h_firmwaress049a7zb21a_firmwaress205m_firmwaress107fss359c7fq97a\#ab1ss397h4zb95a_firmwaress359l_firmwaress335g_firmwaress044ass210d_firmwaress395bss044m_firmwaress377k_firmwaress106bss391bss339b_firmwaress322bss387ass271h_firmwaress386ass213hss076g_firmware8af49a_firmwaress404ast693a_firmwaress049jss352bst688hss042c_firmwaress043f_firmwaress336bss196h_firmwarest694d_firmwaress271e_firmwaress075k_firmwaress219b_firmwaress257ess205c_firmwaress272s_firmware7fq90a\#ab1ss261a_firmwaress108l_firmwaress352h4zb91ass075hss367ass271fss268bss263ass210f_firmwaress219fss398a_firmware8pa12a\#302ss380bss352b_firmwaress105jss286a_firmwaress389kss383gst695dss396ess027e3a9x8a\#ab1ss076m_firmwaress353b_firmwaress213c_firmwaress256mss042jss395sss365f_firmwaress210n7fq98a\#ab1_firmwaress349ess383hss381ass326d_firmwaress198ass267a_firmware7fr03a\#ab1_firmwaress218c_firmwaress272u_firmwaresw176ass230t_firmwaress049fss386e_firmwaress216l_firmwaress230j_firmwaress391e_firmwaress151a_firmware3b0c7a\#301_firmwaress389u7fq96a\#ab1_firmwaress257mss058dss393c_firmwarest686hss076vss256k_firmwarest679hss107dss390ass352a_firmwaress230nst686e_firmware8af52ass230z_firmwaress205fss388a_firmwaress041b_firmwaress211e_firmwaress150fss389n_firmwaress257p_firmwaress205qss404m_firmwaress383t_firmwaress359jss106p_firmwaress153ass343kss366ass342c_firmwaress218f_firmwaress396fss397p_firmwaress043h714z9ass352kss389t7fq86a\#ab1ss076h_firmwaress271d_firmwaress326bss392a_firmwaress396b_firmwaress230mst684ass335ass359gss268ass339f_firmwaress257q_firmwaress398fss283a_firmwaress404lss391fss378c\#304_firmwaress386a_firmwaress105j_firmwaress395n_firmwaress389g_firmwarest688dss211m_firmwaress383j_firmwaress352e_firmwaress339bss390d_firmwaress378b_firmwaress254g_firmware7gf54a\#ab1ss396g_firmwaress211ess367a_firmware7fr05a\#ab1_firmwaress395p_firmwaress027css277a_firmwaress353css328ass043a_firmwaress397pss284b_firmwaress150m4zb86ass332ass102ass389m_firmwaress204ass033ass108hss059b_firmwaress254a_firmwaress196hss326ass106m_firmwaress258ass280a_firmwaress359c_firmwaress359bss369c4zb84a_firmwaress387bss049d_firmwaress230n_firmwaress213d8af49a4zb90a_firmwaress336b_firmwaress353jss263bss272css379bst679f_firmwaress257d_firmware714z6a_firmwaress041g_firmwaress256c_firmwaress027dss396dst679fss367d_firmware4zb82ass042f_firmwaress219bss107bsw116b_firmware7gf52a\#ab1ss204m7zb72ass388ess044l_firmware7gf49a\#ab1ss216s_firmware3a9x2a\#301_firmwaresw176c_firmwaress365e_firmwaress330b_firmwaress150kss368fss340bss326c_firmwarest683c_firmwaress395ess229ass383jss106qss386f_firmwaress352a3a9x7a\#ab1_firmwaress059f_firmwaress377d_firmwarest688d_firmwaress342dss044kss150jss216n_firmwaress404fss386dss383mss233a_firmwarest688ass397g_firmwaress389p_firmwaress049kss076n_firmwaress395tss216bss153ess196b_firmwaress271b_firmwaress397mss076c_firmwaress384d_firmwaress150l_firmwaress340d_firmwaress334ass334b_firmwaress150nss076wss389j_firmwaress195bss330a_firmwaress365ess257n_firmwaress107lss334fss213f_firmwaress033c4zb83a_firmwaress059a7zb21a4zb94a_firmwaress058bsv901bss059jss263a_firmwarest695bss230lss349dss359nss044n_firmwaress106kss235ass323a_firmwaress107nss106a_firmwaress343dss271l_firmwaress216css153c_firmwaress041e_firmwaress369b_firmwarest679gss397jss383d_firmwaress288a_firmwaress391f_firmwaress380css106dss327bss049h_firmwaress106h_firmwaress322a7fq91a\#ab1_firmwaress272kss027e_firmwaress105f_firmware4zb94ass397d_firmwaress075h_firmwarest679dss216z7fq95a\#ab1ss237b_firmwaress389ass150d_firmwaress337a_firmwaress352f4zb81a_firmwaress398d_firmwaress271css230a4zb82a_firmwaress154bst690a_firmware7zb19a_firmwaress383v_firmwaress151b_firmwaress033d_firmwaress404f_firmwaress271a_firmwaress257k_firmwaress204psw192ast688f_firmwaress367e_firmwaress340a_firmwaress354a_firmwaress389t_firmwaress211ass384est673b_firmwaress152ass339d_firmwaress043ass204e_firmwaress383c7fr01a\#ab1ss219dss388h_firmwaress106q_firmwaress272lss377dss383pss377l_firmwaress033c_firmwaress343gss268b_firmwaress213ass229d_firmwaress392b_firmwaress365m_firmwarest695a_firmwaress196c4zb81ass211pst685ass322b_firmwaress273ass368e_firmwaress271hst693c_firmware4zb93a_firmwaress213css044f_firmwaress219d_firmwaress397l_firmwaress383ew7u02ass282a_firmwaress216fss075f6hu10a_firmwaress042e_firmwaress049l_firmwaress205g_firmwaress397fss256sss210gss397f_firmware8pa14a\#302_firmwaress027c_firmware4zb91a_firmwaress368f_firmwaress352pss216mss343jss390h_firmwaress404d_firmwaress284ass335b_firmwaress230bss059j_firmwaress271gss230h7gf51a\#ab1_firmware3b0c7a\#301ss150sss205sss365a_firmwaress353kss326b_firmwaress256b_firmwaress230fss377a_firmwaress059gss216pss199a_firmwarest673c_firmware2zn50ass213bss271f_firmwarest682bss153e_firmwaress044nss076gss367f_firmwaress027b_firmware7fr02a\#ab1ss377css204k_firmwaress205q_firmwaress353gss204nss257css383c_firmwaress359pss386c_firmwaress105ass076zss389vss256fst690b_firmwaress260ass271n_firmwaress343ass205bss033e_firmwaress393b_firmwaress272k_firmwaress378css404nss396a_firmwaresw112b_firmwaress368b_firmwaress383k_firmwarest673css389qss349e_firmware7gf49a\#ab1_firmwaress216u715a0ast688b_firmwaress377c_firmwaress349bss367b_firmwaress075e_firmwaress342f_firmwaress352dss328bss388bss213b_firmwaress334cst687a_firmwaress076z_firmwaress377b_firmwaress150ess331b_firmwaress353k_firmwaress210lss075gss390css395gss339ass395css272ess271sss042j_firmwaress385a_firmwaress256dss043bss389fss041h_firmwaress211p_firmwaress386ess033n3b0d3a\#301_firmwaress196c_firmwaress398g_firmwaress367bss255bss287ass049a_firmwaress263b_firmwaress388g_firmwarest673bss324ass271j_firmwaress044a_firmwaress367c_firmwaress044h_firmwaress153jss404mss272ass211g_firmwaress383fss230tss397k_firmwaress149ass389l_firmwaress229jss378h_firmware5ue14a_firmwarest685a_firmwarest686a_firmwarest694c_firmware7zb20ass349a_firmwaress205jss108fss359p_firmwaress108c_firmwaress353ess256q_firmwaress352jss106pss205mss107l_firmwarest683ess204j_firmwaress286ass396f_firmwaress384e_firmwaress271t_firmwaress359a3a9x7a\#ab1ss365ass393css257f_firmwaress042e715a5ass256h3a9x4a\#ab1_firmwaress389jss257l7gf48a\#ab1ss254ass260a_firmwaress027hst688ess365d7ab26ass217a_firmwaress272t_firmwaress153lss352c4zb87ass058c_firmwaress043fss339cst690dst686bss383sss256s_firmwaress204b_firmwaress272dss256pss395j_firmwaress219c_firmwaress359m_firmwaress105c_firmwaress398gss231ass107d_firmwaress377m_firmwaress033dss205a_firmware7fq87a\#ab1_firmwaress282c_firmwaress033m_firmwaress282ass281c_firmwarest673d_firmwaress108kss377ess107a_firmwaress395f_firmwaress043jss367dst682c_firmwaress229bss153fss105a_firmwaress395f7fq93a\#ab1_firmwaress335hss216z_firmwaress108lss338a_firmwaress271s_firmwaress107gss334e_firmwaress398bss378k4zb88ass204p_firmwaress205u_firmwaress272ust694bss381a_firmwaress049gss277b_firmwaress256t_firmwaress107hss153h_firmwaress350a_firmwaress272tss388ass391d_firmwaress388d_firmwaress043g_firmwaress390e_firmwaress397gss229g_firmwaress049b_firmware7fq96a\#ab1ss204hst679bst684b_firmwaress196gss076p_firmwaress213fss404c_firmwaress204gss210k4zb84ast679c_firmwaress368j_firmwaress393ass397nss196ass044g_firmware715a4ass150pss348bss041bss388h6hu09ass211n_firmwaress397n_firmwaress392c_firmwaress153g_firmware7fr05a\#ab1ss215ass276css044lss322a_firmwaress389f_firmwaress154b_firmwaress218g_firmwaress389nst679css331bss041gss106z_firmware1vr14ass352p_firmwaress383w_firmwaress389c_firmwarest690ass377f_firmwaress205e8af52a_firmware2ky38a_firmwarest683ass196e4zb80a_firmwarest684bss216t_firmwaress211f715a2ass378ess384css383dss043l7zb19ass033n_firmwaress044g7fq95a\#ab1_firmwaress196d_firmwaress397e_firmwaress396gss365kst686c_firmwaress230k3b0c1a\#304_firmwaress216tss322c_firmwaress272h_firmwaress027bss153d714z7ass380c_firmwaress152c_firmware4zb80ass272pss108g_firmware714z8ass272sss255css395t_firmwaress348ass108bsw112bss272z_firmwaress106l_firmwaress389sss404bss272j_firmwaress368jss389ess257gss367ess272g_firmwaress153a_firmwaress274b_firmwaress343hss404n_firmwaress256zss395a4zb86a_firmwaress343ess378j_firmwaress396ass398ass344a_firmwaress390gss352c_firmwaress359a_firmwaress103ass257pss041css204css378jss342e_firmwaress229b_firmware714z6ass388dss335css267ass340b_firmwaress284bss343bst694css256bsw176css204fss150e_firmwaress205z_firmwaress042gss205n_firmwaress351a_firmwaress204g_firmwaress343d_firmwaress152dss343h_firmwaress033f_firmwaress349d_firmwaress390a_firmwaress349b_firmwaress216dss230dss378g_firmwaress218k_firmware209u7a_firmwaress377n_firmwaress076a_firmwaress210l_firmwaress229dss377p_firmwaress404p_firmwaress377hss352d_firmwaress106t_firmwaress397qss230jss150hss230qss327b_firmwaress108e_firmwaress231a_firmwaress216ew7u01ass043k_firmwaress342b_firmwaress272m5ue15a_firmwaress322css328b_firmwarest683e_firmwaress377mss257hss254b_firmwaress196e_firmwaress389css153k_firmwaress150m_firmwaress216e_firmwaress388c_firmwaress205g2ky38ass210a_firmwaress150s_firmwaress389bss107e_firmwaress377ass365hss359j_firmware714z7a_firmwaress342ass259a_firmwaress153j_firmware7fq89a\#ab1ss335c_firmwaress205ass266a_firmwaress378c_firmwarest683a_firmware4zb92a_firmwarest695d_firmwaress397c_firmwaress275ass397ess049j_firmwaress395k_firmware3b0c9a\#304ss204a_firmwaress368gss041j_firmwaress044hss049g_firmwaress367fss397h_firmware5ue14ass212ass049hss107ess218kss392bss378k_firmwaress334b7fr01a\#ab1_firmwaress257z_firmwaress337ass230e_firmware4zb97ass076nss210ess394ass271ess205d7fr02a\#ab1_firmware9vv52ass282bss216vss274bss404j_firmware5ue15ass327d_firmwaress390b_firmwaress033gss205tss343f_firmwaress150g_firmwaress106ass075ess384c_firmwaress277bss210fss044dst683css211dsw176b_firmwaress216ass366a_firmwarest686f_firmwaress267b_firmwaress343k_firmwaress210bss395q_firmwaress041ass042h_firmwaress335h_firmwaress107m_firmwaress108ess058e_firmwarest679g_firmwaress378f_firmwaress108dss256ess210b_firmware7gf47a\#ab1715a4a_firmwaress264ass257f3b0c3a\#ab1ss359k_firmwarest693ass049mss210h_firmwaress033est686dss271qss059dss368bss213d_firmwaress343j_firmwaress230sss285ass205b_firmwaress042hss216c_firmwaress218d_firmwaress383b_firmwaress355a_firmwarest686g_firmwaress058d_firmwarest693css357ass257ass059css107kst679ess359qss205e_firmwarest688fss383ass397m_firmwaress331ass390f_firmwaress352s_firmwaress076x_firmwaress387b_firmwaress106s_firmwaress218dss211css075a7gf55a\#ab1ss352j_firmwaress230l_firmwaress378bss386b_firmwaress219ess271mss382ass383lss043c8pa10a\#301_firmwaress365h_firmwaress273a_firmwaress369c_firmwaress390g_firmwaress287bss033b_firmwaress389d_firmwarest688j_firmwaress153hss215a_firmwaress107q_firmwaress075c_firmwaress389k_firmwaress211a_firmwaress205pss378ass359d_firmwaress326a_firmwaress256gss216h_firmwaress257b_firmwaress275css107c7zb25a_firmwaress105bst686ess390c_firmwaress272p_firmwaress397dss076f4zb97a_firmwaress033hss352nss352qss105fss105css196b8pa11a\#301ss041dss368dst679e_firmwaress205j_firmwaress254gss384b6hu12ass107jss210hss043h_firmwaress391a_firmwaress043ess389a_firmwaress204l_firmwaress237ass395b_firmwaress383m_firmwaress044c_firmwareHP and Samsung Printer software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-57964
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.01% / 2.16%
||
7 Day CHG~0.00%
Published-18 Feb, 2025 | 06:33
Updated-18 Feb, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure Loading of Dynamic Link Libraries in HVAC Energy Saving Program

Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems. This issue affects HVAC Energy Saving Program:.

Action-Not Available
Vendor-Hitachi, Ltd.
Product-HVAC Energy Saving Program
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-44744
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-2.2||LOW
EPSS-0.04% / 11.29%
||
7 Day CHG~0.00%
Published-07 Nov, 2022 | 19:00
Updated-30 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-cyber_protect_home_officeAcronis Cyber Protect Home Office
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-49391
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.47%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 09:48
Updated-18 Oct, 2024 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-cyber_filesAcronis Cyber Filescyber_files
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-47942
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7||HIGH
EPSS-0.03% / 7.27%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 12:49
Updated-13 Nov, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system.

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2024Solid Edge SE2024solid_edge_se2024
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-47195
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 5.20%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 08:40
Updated-16 Oct, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). gdb.exe in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch gdb.exe from a user-writable directory.

Action-Not Available
Vendor-Siemens AG
Product-questamodelsimModelSimQuestaquestamodelsim
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-45246
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.3||HIGH
EPSS-0.03% / 6.75%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 11:49
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element

Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element

Action-Not Available
Vendor-Diebold Nixdorfdieboldnixdorf
Product-Vynamic View prior to v5.9.5vynamic_view
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-38136
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 22.07%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 18:58
Updated-27 Jan, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler for Windows and Intel Fortran Compiler for Windows before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_dpc\+\+\/c\+\+_compilerIntel(R) oneAPI DPC++/C++ Compiler for Windows and Intel® Fortran Compiler for Windows before version 2022.2.1 for some Intel(R) oneAPI Toolkits
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-37340
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 24.83%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quickassist_technologyIntel(R) QAT drivers for Windows
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-37329
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.12% / 31.45%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-fpga_software_development_kitquartus_primeIntel(R) Quartus(R) Prime Pro and Standard Edition software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-36380
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.77%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:49
Updated-04 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_kit_nuc5ppyhnuc_kit_nuc6caysnuc_kit_wireless_adapter_driver_installernuc_kit_nuc5pgyhnuc_kit_nuc6cayhnuc_board_nuc8cchbnuc_8_rugged_kit_nuc8cchkrIntel(r) NUC Kit Wireless Adapter drivers for Windows 10
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-28172
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 6.73%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-06 Sep, 2024 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) Trace Analyzer and Collector software before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-trace_analyzer_and_collectoroneapi_hpc_toolkitIntel(R) Trace Analyzer and Collector softwaretrace_analyzer_and_collector
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-32223
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.3||HIGH
EPSS-10.41% / 92.93%
||
7 Day CHG-1.79%
Published-14 Jul, 2022 | 14:51
Updated-30 Apr, 2025 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.

Action-Not Available
Vendor-Node.js (OpenJS Foundation)Microsoft Corporation
Product-windowsnode.jsNode
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-31611
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 14.78%
||
7 Day CHG~0.00%
Published-07 Feb, 2023 | 02:22
Updated-25 Mar, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgeforce_experienceGeForce Experience
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-6132
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.3||HIGH
EPSS-0.04% / 10.55%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 17:40
Updated-04 Mar, 2025 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVEVA Edge products Uncontrolled Search Path Element

The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.

Action-Not Available
Vendor-AVEVA
Product-platform_common_servicesenterprise_data_managementmanufacturing_execution_systemsystem_platformwork_tasksbatch_managementmobile_operatorAVEVA Edgeaveva_edge
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-31467
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.9||HIGH
EPSS-0.07% / 20.65%
||
7 Day CHG~0.00%
Published-23 May, 2022 | 18:19
Updated-03 Aug, 2024 | 07:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL Hijacking Vulnerability in Quick Heal Total Security

A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load.

Action-Not Available
Vendor-quickhealn/a
Product-total_securityn/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-28714
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.3||HIGH
EPSS-0.57% / 67.53%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 16:40
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_access_policy_managerbig-ip_access_policy_manager_clientBIG-IP APMBIG-IP APM Clients
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-28766
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-3.3||LOW
EPSS-0.23% / 46.08%
||
7 Day CHG~0.00%
Published-17 Nov, 2022 | 22:36
Updated-29 Apr, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL injection in Zoom Windows Clients

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsmeetingsZoom Rooms for Conference Room for Windows (32-bit)Zoom Client for Meetings for Windows (32-bit)Zoom VDI Windows Meeting Client for Windows (32-bit)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-28339
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.43%
||
7 Day CHG~0.00%
Published-22 Feb, 2025 | 20:51
Updated-29 Jul, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro HouseCall for Home Networks version 5.3.1302 and below contains an uncontrolled search patch element vulnerability that could allow an attacker with low user privileges to create a malicious DLL that could lead to escalated privileges.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowshousecall_for_home_networksTrend Micro HouseCall for Home Networks
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-28247
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-6.7||MEDIUM
EPSS-0.31% / 53.57%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 17:42
Updated-16 Sep, 2024 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Uninstaller Hard Link Leads To Remote Code Execution

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation. Exploitation of this issue requires user interaction in that a victim must run the uninstaller with Admin privileges.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26421
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.07%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) oneAPI DPC++/C++ Compiler Runtime before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_dpc\+\+\/c\+\+_compiler_runtimeIntel(R) oneAPI DPC++/C++ Compiler Runtime
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26425
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.07%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) oneAPI Collective Communications Library (oneCCL) before version 2021.6 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_collective_communications_libraryIntel(R) oneAPI Collective Communications Library (oneCCL) for Intel(R) oneAPI Base Toolkit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26512
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.07%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) FPGA Add-on for Intel(R) oneAPI Base Toolkit before version 2022.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-fpga_add-onIntel(R) FPGA Add-on for Intel(R) oneAPI Base Toolkit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26345
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.42%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-openmpIntel(R) oneAPI Toolkit OpenMP
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26032
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.07%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) Distribution for Python programming language before version 2022.1 for Intel(R) oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-distribution_for_pythonIntel(R) Distribution for Python programming language for Intel(R) oneAPI Toolkits
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26086
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 17.42%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:48
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-gametechdev_presentmonPresentMon software maintained by Intel(R)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26028
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.77%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:49
Updated-29 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-vtune_profilerIntel(R) VTune(TM) Profiler software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26076
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.07%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Network (oneDNN) before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_deep_neural_networkIntel(R) oneAPI Deep Neural Network (oneDNN)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-25154
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.14% / 34.33%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 05:58
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability.)

Action-Not Available
Vendor-n/aSamsung
Product-t5t5_firmwaren/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-25905
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 22.07%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) oneAPI Data Analytics Library (oneDAL) before version 2021.5 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_data_analytics_libraryIntel(R) oneAPI Data Analytics Library (oneDAL) for Intel(R) oneAPI Base Toolkit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26052
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.07%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) MPI Library before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-mpi_libraryIntel(R) MPI Library for Intel(R) oneAPI HPC Toolkit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26062
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.07%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) Trace Analyzer and Collector before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-trace_analyzer_and_collectorIntel(R) Trace Analyzer and Collector for Intel(R) oneAPI HPC Toolkit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-23449
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.05% / 14.41%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 09:07
Updated-03 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path.

Action-Not Available
Vendor-Siemens AG
Product-simatic_energy_manager_prosimatic_energy_manager_basicSIMATIC Energy Manager BasicSIMATIC Energy Manager PRO
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-2313
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-8.2||HIGH
EPSS-0.04% / 9.74%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 09:25
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL high jacking in Trellix Agent

A DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL into the folder from where the Smart installer is being executed.

Action-Not Available
Vendor-Musarubra US LLC (Trellix)McAfee, LLC
Product-agentTrellix Agent (TA)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-22139
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.21% / 43.35%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:35
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-extreme_tuning_utilityIntel(R) XTU software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-23489
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 6.73%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-12 Sep, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-virtual_raid_on_cpuIntel(R) VROC softwarevroc_software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-23491
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 6.73%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-31 Aug, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_base_toolkitdistribution_for_gdbIntel(R) Distribution for GDB softwareoneapi_base_toolkitdistribution_for_gdb_software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-21162
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 27.42%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for the Intel(R) HDMI Firmware Update tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_hdmi_firmware_update_toolIntel(R) HDMI Firmware Update tool for NUC
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-47113
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.3||HIGH
EPSS-0.09% / 26.60%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 21:57
Updated-06 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL Search Order Hijacking vulnerability in BleachBit for Windows

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0.

Action-Not Available
Vendor-bleachbitbleachbitbleachbitMicrosoft Corporation
Product-windowsbleachbitbleachbitbleachbit
CWE ID-CWE-427
Uncontrolled Search Path Element
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found