Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-32498

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-20 Jul, 2022 | 20:55
Updated At-17 Sep, 2024 | 01:41
Rejected At-
Credits

Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:20 Jul, 2022 | 20:55
Updated At:17 Sep, 2024 | 01:41
Rejected At:
▼CVE Numbering Authority (CNA)

Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure.

Affected Products
Vendor
Dell Inc.Dell
Product
PowerStore
Versions
Affected
  • From unspecified before v3.0.0.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-427CWE-427: Uncontrolled Search Path Element
Type: CWE
CWE ID: CWE-427
Description: CWE-427: Uncontrolled Search Path Element
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/000201283
x_refsource_MISC
Hyperlink: https://www.dell.com/support/kbdoc/000201283
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/000201283
x_refsource_MISC
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/000201283
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:21 Jul, 2022 | 04:15
Updated At:30 Jul, 2022 | 01:24

Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
CPE Matches
Dell Inc.
dell
>>powerstore_command_line_interface>>Versions before 3.0.0.0-1732745(exclusive)
cpe:2.3:a:dell:powerstore_command_line_interface:*:*:*:*:*:linux:*:*
Weaknesses
CWE IDTypeSource
CWE-427Primarynvd@nist.gov
CWE-427Secondarysecurity_alert@emc.com
CWE ID: CWE-427
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-427
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/000201283security_alert@emc.com
Patch
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/000201283
Source: security_alert@emc.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

302Records found
CVE-2024-47476
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.51%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 09:59
Updated-03 Feb, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Dell Inc.
Product-networker_management_consoleNetWorker Management Consolenetworker_management_console
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-32449
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.01% / 0.31%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 06:50
Updated-04 Dec, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks

Action-Not Available
Vendor-Dell Inc.
Product-powerstore_1000tpowerstore_500tpowerstore_7000tpowerstore_1200tpowerstore_5200tpowerstore_3200tpowerstore_3000tpowerstore_5000tpowerstore_9200tpowerstore_9000tpowerstoret_osPowerStorepowerstoreos
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-21103
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.62%
||
7 Day CHG~0.00%
Published-17 Feb, 2025 | 13:53
Updated-06 Dec, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions prior to 19.10.0.7 contain(s) an improper neutralization of server-side vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability and run arbitrary code on the server.

Action-Not Available
Vendor-Dell Inc.
Product-networkerNetWorker Management Console
CWE ID-CWE-97
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
CVE-2021-36297
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.50%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-16 Sep, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll's,

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_home_pcsSupportAssist Client Consumer
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-28964
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.71%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 15:02
Updated-16 Aug, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file.

Action-Not Available
Vendor-Dell Inc.
Product-common_event_enablerCommon Event Enablercommon_event_enabler
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-34396
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.06% / 17.48%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 05:24
Updated-26 Mar, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_server_administratorOpenManage Server Administrator (OMSA)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-29092
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.99%
||
7 Day CHG~0.00%
Published-10 Jun, 2022 | 20:05
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist Consumer
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-24426
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.88%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 20:00
Updated-16 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_updatecommand_updateupdateDell Command Update (DCU)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2018-11072
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.08% / 22.73%
||
7 Day CHG~0.00%
Published-02 Oct, 2018 | 13:00
Updated-16 Sep, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryDell Digital Delivery
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-22450
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.4||HIGH
EPSS-0.10% / 27.45%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 07:08
Updated-31 Jan, 2025 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_centerAlienware Command Center (AWCC)alienware_command_center
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-5357
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.65%
||
7 Day CHG~0.00%
Published-28 May, 2020 | 19:20
Updated-16 Sep, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

Action-Not Available
Vendor-Dell Inc.
Product-thunderbolt_dock_tb16dock_wd19_firmwarethunderbolt_dock_tb16_firmwareprecision_dual_usb-c_thunderbolt_dock_-_tb18dcdock_wd15dock_wd19precision_dual_usb-c_thunderbolt_dock_-_tb18dc_firmwaredock_wd15_firmwareCPG BIOS
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-5316
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.12%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 17:00
Updated-17 Sep, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsDell SupportAssist Client
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-5324
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.22%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 14:50
Updated-17 Sep, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5401vostro_5391_firmwareprecision_3541inspiron_5583precision_7730_firmwareprecision_3541_firmwarelatitude_5401_firmwareprecision_7730inspiron_7380inspiron_5491_firmwarelatitude_5424_rugged_firmwarexps_15_9575_firmwareinspiron_14_5490inspiron_5590_firmwarevostro_3490_firmwareg7_17_7790_firmwareg7_17_7790latitude_7300_firmwareinspiron_5493inspiron_7490latitude_5400_firmwareprecision_7540wyse_5470inspiron_5390_firmwareg7_15_7590inspiron_3593_firmwareinspiron_5591inspiron_7391latitude_5490latitude_5590inspiron_5481inspiron_5494_firmwareinspiron_7390_firmwareinspiron_7580_firmwareinspiron_7786_firmwareinspiron_3583vostro_5581_firmwarevostro_3481latitude_5300inspiron_7786vostro_7590precision_5530_firmwareinspiron_5591_firmwareinspiron_3590_firmwareinspiron_3781g5_5587_firmwarelatitude_5501_firmwarevostro_15_7580_firmwarelatitude_7424_rugged_extreme_firmwarevostro_15_7580g7_7588_firmwareinspiron_7590_firmwareinspiron_7791_firmwarelatitude_7300precision_7740_firmwareg3_3579_firmwarevostro_3590_firmwareinspiron_5498inspiron_3780inspiron_7380_firmwarelatitude_3590_firmwarelatitude_7490_firmwareinspiron_7591_firmwarelatitude_7390_firmwarelatitude_5290latitude_5500_firmwareinspiron_3481inspiron_3780_firmwareinspiron_7490_firmwareg7_7588latitude_3400_firmwareprecision_3530latitude_5590_firmwarelatitude_5591inspiron_5590latitude_7400vostro_5481_firmwarevostro_5490inspiron_3593inspiron_5584xps_15_9570precision_7740g3_15_3590_firmwareinspiron_3481_firmwarelatitude_3390precision_5530g5_5090inspiron_5582inspiron_5498_firmwareprecision_5540vostro_5490_firmwareinspiron_3790_firmwareinspiron_3584_firmwareinspiron_5493_firmwareinspiron_7586inspiron_3480inspiron_3583_firmwareinspiron_7586_firmwarelatitude_3400inspiron_3480_firmwarelatitude_3490inspiron_3793_firmwareinspiron_7390vostro_3580_firmwareinspiron_3581_firmwarelatitude_3300_firmwarevostro_3590vostro_5390xps_15_9570_firmwarelatitude_3490_firmwarevostro_5590_firmwarevostro_3581_firmwarevostro_5581inspiron_3490latitude_7200_firmwareprecision_7530_firmwarevostro_3581xps_15_9575inspiron_3790vostro_3583_firmwarelatitude_5420_rugged_firmwarevostro_5391inspiron_5494latitude_7220_rugged_extreme_tablet_firmwarelatitude_3301g3_3779_firmwarelatitude_5300_firmwareinspiron_5594latitude_5420_ruggedprecision_3540_firmwareinspiron_5580latitude_7220_rugged_extreme_tabletinspiron_5582_firmwarelatitude_5500latitude_3500_firmwarevostro_3490g5_15_5590g5_15_5590_firmwareinspiron_5391wyse_5070_thin_clientinspiron_5598xps_13_9380inspiron_5480latitude_7220ex_rugged_extreme_tabletlatitude_7220ex_rugged_extreme_tablet_firmwareg7_15_7590_firmwareinspiron_5580_firmwarelatitude_5490_firmwarelatitude_5591_firmwarelatitude_3500inspiron_7791inspiron_3793latitude_5501latitude_7400_firmwareprecision_3540latitude_3590inspiron_3580_firmwareinspiron_3781_firmwareinspiron_5481_firmwarelatitude_3311_firmwareinspiron_7591xps_15_7590latitude_3300inspiron_5584_firmwareprecision_5540_firmwarevostro_5590vostro_3583vostro_3584_firmwarelatitude_5491_firmwareinspiron_5482vostro_3480latitude_7290inspiron_3493inspiron_5594_firmwareinspiron_14_5490_firmwareprecision_7540_firmwareinspiron_7391_firmwareinspiron_5593_firmwarewyse_5470_firmwareinspiron_5593inspiron_5491latitude_5290_firmwarelatitude_7424_rugged_extremeg5_5587inspiron_7580inspiron_5598_firmwareinspiron_3584inspiron_5482_firmwarevostro_5390_firmwareg5_5090_firmwarevostro_5481inspiron_3493_firmwarelatitude_7390precision_3530_firmwarelatitude_3311latitude_7290_firmwareprecision_7530inspiron_5583_firmwareg3_15_3590latitude_3390_firmwarelatitude_7200inspiron_5480_firmwareinspiron_3590inspiron_5391_firmwarevostro_3480_firmwareinspiron_7590vostro_3580vostro_7590_firmwarexps_15_7590_firmwarevostro_3584inspiron_3490_firmwarexps_13_9380_firmwarewyse_5070_thin_client_firmwarelatitude_3301_firmwarelatitude_7490inspiron_5390vostro_3481_firmwareinspiron_3580latitude_5491g3_3579g3_3779inspiron_7386_firmwareinspiron_3581inspiron_7386latitude_5424_ruggedlatitude_5400Dell Client Consumer and Commercial Platforms
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-33921
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.06% / 19.54%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 19:25
Updated-15 May, 2025 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.

Action-Not Available
Vendor-Dell Inc.
Product-geodriveGeoDrive
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-39254
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.43%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 12:43
Updated-31 Jan, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin.

Action-Not Available
Vendor-Dell Inc.
Product-update_package_frameworkDUP Frameworkupdate_package_framework
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2026-24502
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.01% / 0.54%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 20:43
Updated-05 Mar, 2026 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_intel_vpro_out_of_bandDell Command | Intel vPro Out of Band
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-28080
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 18.01%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 15:24
Updated-10 Jan, 2025 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Dell Inc.
Product-powerpathPowerPath Windows
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-3749
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.6||MEDIUM
EPSS-0.05% / 15.06%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 20:20
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly.

Action-Not Available
Vendor-Dell Inc.
Product-command_updateDell Command Update (DCU)
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-3726
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.14% / 33.60%
||
7 Day CHG~0.00%
Published-24 Sep, 2019 | 15:31
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. Dell Update Package (DUP) Framework file versions prior to 3.8.3.67 used in Dell Client Platforms. The vulnerability is limited to the DUP framework during the time window when a DUP is being executed by an administrator. During this time window, a locally authenticated low privilege malicious user potentially could exploit this vulnerability by tricking an administrator into running a trusted binary, causing it to load a malicious DLL and allowing the attacker to execute arbitrary code on the victim system. The vulnerability does not affect the actual binary payload that the DUP delivers.

Action-Not Available
Vendor-Dell Inc.
Product-update_package_frameworkemc_serversclient_platformsDell Client Platforms: Dell Update Packages (DUP) Framework fileDell EMC Servers: Networking and Fibre Channel Drivers: Dell Update Package (DUP) Framework fileDell EMC Servers: all other Drivers, BIOS and Firmware: Dell Update Package (DUP) Framework file
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-3750
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.6||MEDIUM
EPSS-0.05% / 15.06%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 20:20
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly.

Action-Not Available
Vendor-Dell Inc.
Product-command_updateDell Command Update (DCU)
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-18575
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.20%
||
7 Day CHG~0.00%
Published-06 Dec, 2019 | 20:40
Updated-17 Sep, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system.

Action-Not Available
Vendor-Dell Inc.
Product-command\|configureDell Command Configure (DCC)
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-37127
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.61%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 08:25
Updated-27 Aug, 2024 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege

Action-Not Available
Vendor-Dell Inc.
Product-peripheral_managerDell Peripheral Managerperipheral_manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-37130
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.10% / 27.33%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 01:34
Updated-09 Jan, 2025 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the machine. Exploitation may lead to a complete system compromise.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_server_administratorDell OpenManage Server Administratoropenmanage_server_administrator
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-12280
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.72% / 72.50%
||
7 Day CHG~0.00%
Published-25 Jun, 2019 | 20:55
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.

Action-Not Available
Vendor-pc-doctorn/aDell Inc.
Product-toolboxsupportassist_for_business_pcssupportassist_for_home_pcsn/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2026-21420
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.65%
||
7 Day CHG~0.00%
Published-23 Feb, 2026 | 14:01
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-repository_managerRepository Manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2026-22270
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.70%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 12:22
Updated-05 Mar, 2026 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an uncontrolled search path element vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, elevation of privileges, and information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS,
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-37142
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.10% / 27.61%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 08:19
Updated-08 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege

Action-Not Available
Vendor-Dell Inc.
Product-peripheral_managerDell Peripheral Managerperipheral_manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-32857
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.10% / 27.61%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 08:37
Updated-08 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege

Action-Not Available
Vendor-Dell Inc.
Product-peripheral_managerDell Peripheral Managerperipheral_manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-21545
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.99%
||
7 Day CHG~0.00%
Published-12 Apr, 2021 | 19:50
Updated-16 Sep, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user.

Action-Not Available
Vendor-Dell Inc.
Product-peripheral_managerDell Peripheral Manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-21518
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.99%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 20:10
Updated-16 Sep, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcssupportassist_client_promanageDell SupportAssist Client
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-3745
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 6.75%
||
7 Day CHG~0.00%
Published-07 Oct, 2019 | 18:21
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionendpoint_security_suite_enterpriseDell Encryption EnterpriseDell Endpoint Security Suite Enterprise
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-426
Untrusted Search Path
CVE-2022-36271
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.60% / 81.86%
||
7 Day CHG~0.00%
Published-07 Sep, 2022 | 13:46
Updated-03 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Outbyte PC Repair Installation File 1.7.112.7856 is vulnerable to Dll Hijacking. iertutil.dll is missing so an attacker can use a malicious dll with same name and can get admin privileges.

Action-Not Available
Vendor-outbyten/a
Product-pc_repairn/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-1536
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.07% / 20.14%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 16:45
Updated-07 Nov, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability

A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of another user account.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-webex_meetings_onlinewebex_teamswebex_meetings_serverwebex_meetings_desktopwebex_network_recording_playerCisco Webex Teams
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-32168
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.80%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 09:00
Updated-21 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
notepad-plus-plus - DLL Hijacking

Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.

Action-Not Available
Vendor-notepad-plus-plusnotepad-plus-plus
Product-notepad\+\+notepad-plus-plus
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-7193
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.08% / 22.68%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 09:31
Updated-20 Nov, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mp3tag DLL tak_deco_lib.dll uncontrolled search path

A vulnerability has been found in Mp3tag up to 3.26d and classified as problematic. This vulnerability affects unknown code in the library tak_deco_lib.dll of the component DLL Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.26e is able to address this issue. It is recommended to upgrade the affected component. VDB-272614 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product.

Action-Not Available
Vendor-mp3tagn/a
Product-mp3tagMp3tag
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-30696
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.81%
||
7 Day CHG~0.00%
Published-16 May, 2022 | 17:20
Updated-17 Sep, 2024 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation due to a DLL hijacking vulnerability

Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-snap_deployAcronis Snap Deploy
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-7834
Matching Score-4
Assigner-cirosec GmbH
ShareView Details
Matching Score-4
Assigner-cirosec GmbH
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.43%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 12:35
Updated-05 Sep, 2024 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation in Overwolf

A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with SYSTEM privileges by placing a malicious .dll file in the respective location.

Action-Not Available
Vendor-overwolfOverwolfoverwolf
Product-overwolfOverwolfoverwolf
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-29580
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-8.9||HIGH
EPSS-0.17% / 37.17%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 14:31
Updated-18 Apr, 2025 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path Traversal in Android Google Search App

There exists a path traversal vulnerability in the Android Google Search app. This is caused by the incorrect usage of uri.getLastPathSegment. A symbolic encoded string can bypass the path logic to get access to unintended directories. An attacker can manipulate paths that could lead to code execution on the device. We recommend upgrading beyond version 13.41

Action-Not Available
Vendor-Google LLC
Product-google_searchAndroid Google Search App
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-27843
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 18.02%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-kiesKies
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-28687
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-1.04% / 77.59%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16257.

Action-Not Available
Vendor-AVEVA
Product-aveva_edgeEdge
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-28339
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.3||HIGH
EPSS-0.07% / 21.36%
||
7 Day CHG~0.00%
Published-22 Feb, 2025 | 20:51
Updated-29 Jul, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro HouseCall for Home Networks version 5.3.1302 and below contains an uncontrolled search patch element vulnerability that could allow an attacker with low user privileges to create a malicious DLL that could lead to escalated privileges.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowshousecall_for_home_networksTrend Micro HouseCall for Home Networks
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-27842
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 18.02%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smart_switch_pcSmart Switch PC
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-28792
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 17.59%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 19:43
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-gear_iconx_pc_managerGear IconX PC Manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-28714
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.3||HIGH
EPSS-0.36% / 58.44%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 16:40
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_access_policy_managerbig-ip_access_policy_manager_clientBIG-IP APMBIG-IP APM Clients
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-28686
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-1.04% / 77.59%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17114.

Action-Not Available
Vendor-AVEVA
Product-aveva_edgeEdge
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-28128
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.32%
||
7 Day CHG~0.00%
Published-31 Mar, 2022 | 07:21
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-hibaraHiBARA SoftwareMicrosoft Corporation
Product-windowsattachecaseAttacheCase
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-28688
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-1.04% / 77.59%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17201.

Action-Not Available
Vendor-AVEVA
Product-aveva_edgeEdge
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-28394
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 24.80%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 23:25
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x).

Action-Not Available
Vendor-Trend Micro Incorporated
Product-password_managerTrend Micro Password Manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26337
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.60%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 21:55
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-password_managerTrend Micro Password Manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-5509
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-5.01% / 89.79%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 17:51
Updated-09 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability

Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BIP files. The issue results from loading a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22738.

Action-Not Available
Vendor-luxionLuxionluxion
Product-keyshot_viewerkeyshotkeyshot_network_renderingKeyShotkeyshot
CWE ID-CWE-427
Uncontrolled Search Path Element
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 6
  • 7
  • Next
Details not found