Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-23577

Summary
Assigner-intel
Assigner Org ID-6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At-11 Aug, 2023 | 02:37
Updated At-10 Oct, 2024 | 15:35
Rejected At-
Credits

Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:intel
Assigner Org ID:6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At:11 Aug, 2023 | 02:37
Updated At:10 Oct, 2024 | 15:35
Rejected At:
▼CVE Numbering Authority (CNA)

Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected Products
Vendor
n/a
Product
ITE Tech consumer infrared drivers for Intel(R) NUC
Default Status
unaffected
Versions
Affected
  • before version 5.5.2.1
Problem Types
TypeCWE IDDescription
N/AN/Aescalation of privilege
CWECWE-427Uncontrolled search path element
Type: N/A
CWE ID: N/A
Description: escalation of privilege
Type: CWE
CWE ID: CWE-427
Description: Uncontrolled search path element
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html
N/A
Hyperlink: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html
x_transferred
Hyperlink: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Intel Corporationite_tech_consumer_infared_drivers_for_intel_nuc
Product
ite_tech_consumer_infared_drivers_for_intel_nuc
CPEs
  • cpe:2.3:a:ite_tech_consumer_infared_drivers_for_intel_nuc:ite_tech_consumer_infared_drivers_for_intel_nuc:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 5.5.2.1 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@intel.com
Published At:11 Aug, 2023 | 03:15
Updated At:07 Nov, 2023 | 04:07

Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Intel Corporation
intel
>>ite_tech_consumer_infrared_driver>>Versions before 5.5.2.1(exclusive)
cpe:2.3:a:intel:ite_tech_consumer_infrared_driver:*:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_11_enthusiast_kit_nuc11phki7c>>-
cpe:2.3:h:intel:nuc_11_enthusiast_kit_nuc11phki7c:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_11_enthusiast_mini_pc_nuc11phki7caa>>-
cpe:2.3:h:intel:nuc_11_enthusiast_mini_pc_nuc11phki7caa:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-427Primarynvd@nist.gov
CWE-427Secondarysecure@intel.com
CWE ID: CWE-427
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-427
Type: Secondary
Source: secure@intel.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.htmlsecure@intel.com
Patch
Vendor Advisory
Hyperlink: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html
Source: secure@intel.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

379Records found
CVE-2019-3745
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.60%
||
7 Day CHG~0.00%
Published-07 Oct, 2019 | 18:21
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionendpoint_security_suite_enterpriseDell Encryption EnterpriseDell Endpoint Security Suite Enterprise
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-3613
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 8.79%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 11:12
Updated-16 Sep, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL search order hijacking in MA

DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder.

Action-Not Available
Vendor-McAfee, LLC
Product-agentMcAfee Agent (MA)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-1855
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.3||HIGH
EPSS-0.70% / 71.00%
||
7 Day CHG~0.00%
Published-04 Jul, 2019 | 19:50
Updated-20 Nov, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Jabber for Windows DLL Preloading Vulnerability

A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the Jabber application launches. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user's account.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-jabberCisco Jabber for Windows
CWE ID-CWE-264
Not Available
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-32780
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.3||HIGH
EPSS-0.03% / 5.47%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 16:32
Updated-15 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BleachBit for Windows Has DLL Untrusted Path Vulnerability

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0.

Action-Not Available
Vendor-bleachbit
Product-bleachbit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-34606
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.3||HIGH
EPSS-0.06% / 17.77%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 14:25
Updated-16 Sep, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XINJE XD/E Series PLC Program Tool DLL Hijacking

A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. Local access is required to successfully exploit this vulnerability. This means the potential attacker must have access to the system and sufficient file-write privileges. If exploited, the attacker could place a malicious DLL file on the system, that when running XINJE XD/E Series PLC Program Tool will allow the attacker to execute arbitrary code with the privileges of another user's account.

Action-Not Available
Vendor-xinjeXINJE
Product-xd\/e_series_plc_program_toolXD/E Series PLC Program Tool
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-30167
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.3||HIGH
EPSS-0.01% / 1.81%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 16:42
Updated-04 Jun, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%\jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).

Action-Not Available
Vendor-jupyter
Product-jupyter_core
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-29802
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.13% / 33.22%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:24
Updated-10 Jul, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Elevation of Privilege Vulnerability

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2022 version 17.12
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-29803
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.13% / 33.22%
||
7 Day CHG~0.00%
Published-12 Apr, 2025 | 01:32
Updated-10 Jul, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_tools_for_applications_2019_sdksql_server_management_studiovisual_studio_tools_for_applications_2019visual_studio_tools_for_applications_2022visual_studio_tools_for_applications_2022_sdkSQL Server Management Studio 20.2VSTA 2019 SDKVisual Studio Tools for Applications (VSTA)VSTA 2022 SDK
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-44744
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-2.2||LOW
EPSS-0.04% / 11.23%
||
7 Day CHG~0.00%
Published-07 Nov, 2022 | 19:00
Updated-30 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-cyber_protect_home_officeAcronis Cyber Protect Home Office
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-27717
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 1.34%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:59
Updated-13 Aug, 2025 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access

Action-Not Available
Vendor-n/a
Product-Intel(R) Graphics Driver software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-26631
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.21% / 43.49%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-03 Jul, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code Elevation of Privilege Vulnerability

Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-4894
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.3||HIGH
EPSS-0.12% / 32.01%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 20:13
Updated-03 Aug, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element.

Action-Not Available
Vendor-SamsungHP Inc.
Product-7fq92a\#ab18af51a714z8a_firmwaress256h_firmwaress272q_firmwaress278ass395a_firmwaress388kst682a_firmwaress383f_firmwaress359ess150t8af50a_firmwaress211c_firmwaress213ess395c_firmwaress365g_firmware7fr04a\#ab1ss344b_firmwaress152a_firmwaress272c_firmwaress370a_firmware7gf50a\#ab1209u7ass196fss365j_firmwarest686css042d_firmwaress150p_firmwaress108j_firmwaress204ess103a_firmwarest690css272n_firmwaresv531ass404q3b0c3a\#ab1_firmwarest695b_firmware7gf55a\#ab1_firmwaress196g_firmwaress106j_firmwaress339fss204dss210j_firmwaress076sss076d_firmwaress342d_firmwaress229fss389z_firmwaress154a_firmwaress343e_firmwaress397q_firmwaress326est679h_firmwaress370ass256kst694ass357a_firmwaress150j_firmware6hu09a_firmwaress334ess352h_firmwaress365lss389z7gf53a\#ab1_firmwaress276bss341ass268a_firmwaress075bss150lss106lss327css272d_firmwarest688jss196f_firmwaress041jss075kss287a_firmwaress256tss383h_firmware3a9x2a\#301ss389mss396c_firmware715a6a715a3ass153f_firmwaress256n_firmwaress359hss105gss256p_firmwaress355a3a9x1a\#ab1ss210c_firmwaress378d_firmwaress271lss218h_firmwaress353ass229c_firmwaress335fss216v_firmwaress042fss153kss257l_firmwaress256m_firmwaress027lss272nss108k_firmwarest688g_firmwaress255c_firmwaress058b_firmwaress336a_firmwaress271ass042b_firmware7fq87a\#ab1ss076k3a9x3a\#ab1_firmware3b0c0a\#301_firmwaress107j_firmwaresw192a_firmwarest688e_firmware8pa11a\#301_firmwaress325ass350ass395mss058a_firmware4zb93ass076e_firmwaress150q_firmwaress205p_firmware7ab26a_firmwaress273b_firmwaress397lss369a_firmware7fq89a\#ab1_firmwaress349ass216hss150k_firmwaress383v4zb89ass058g_firmware3b0c9a\#304_firmwaress044jss204f_firmwaress280ass044k_firmwaress340c_firmwaress389gss369d_firmwaress275a_firmwaress334c_firmwaress384ass229ess389pss388fss395g_firmwaress383p_firmwaress335e_firmwarest687ass076l_firmwaress395pss058gss150bss398dss352mss352k_firmwaress385ass213gss272e_firmwaress348a_firmwaress216jss216q_firmwaress049dss033j3a9x3a\#ab1ss229gst682ast694dss236ass254css229f_firmwaress334d_firmwaress388lst688css368h_firmwaress216sss076w_firmwaress386fss359fss272f_firmwaress352ess257e_firmwaress105b_firmwaress218css353c_firmwaress392css365fss218j_firmwaress368css404jss398css229hss257c_firmwaress328a_firmwaress205l_firmwaress234ass382a_firmwaress210ass105dss365mss042bss033lss149a_firmwaress359h_firmwaress323ass195ass359kss198a_firmwaress384dss229j_firmwaress108ass229css218ass229h_firmwaress383q_firmware7fq92a\#ab1_firmwaress383a_firmwaress341a_firmwaress211k_firmwaress108f_firmwaress150t_firmwaress236a_firmwaress388f_firmwaress076d3b0c6a\#312_firmwaress150g7gf48a\#ab1_firmwaress195a_firmwaress237a_firmwaress075b_firmware715a1ass349c_firmwaress230q_firmware3b0c5a\#ab1ss368ess273bss254bss216k_firmware715a2a_firmwaress365d_firmwaress044bss257jst673a_firmwaress211j_firmwaress335a_firmwaress383uss389lss230f_firmwaress027k7gf54a\#ab1_firmwaress043gss076q2zn50a_firmwaress033l_firmwaress378fss212a_firmwaress211d_firmwaress389b_firmwaress210e_firmwaress104ass229e_firmwaress108h_firmwaress211jss108gss389h_firmwaress261ass393bss369bss326e_firmwaress343fss272bss353g_firmwaress076j3a9x4a\#ab1ss204jss218hss150css378dss076v_firmwaress383nss219e_firmwarest679b_firmwaress271p_firmwaress213a_firmware3b0c1a\#304ss272l_firmwaress211nss256a_firmwaress044b_firmwarest673dss395e_firmwarest682css033bss152css274ass232ass027f_firmwaress378e_firmwaress076q_firmwaress271q_firmwaress353h_firmware8pa10a\#301ss342ess353d_firmwaress352g_firmwaress369ass404h_firmwaress397kss340css259a4zb85a_firmwaress365gss107b_firmwaress394a_firmwaress230s_firmwaress210m_firmwaress216kss107n_firmwaress043b_firmware4zb79ass365k_firmwaress256f_firmwaress352gss383g_firmwaress327dst686b_firmware715a0a_firmwaress107h_firmwaress392a3a9x8a\#ab1_firmwaress380a_firmwaress349f_firmware4zb83ass218jss377h_firmwaress027jss075j_firmwaress359z_firmwaress150dss204n_firmwaress106h7fq88a\#ab1_firmwaress369ess334f_firmwaress216qss335gss396d_firmwarest693dst690c_firmwaress043j_firmwaress205h_firmwaress076css353dss197ass333ass377bst682b_firmwaress255ass230k_firmwaress150qss398f_firmwaress396hst688a_firmwaress276ass325a_firmwaress027k_firmware4zb87a_firmwaress359e_firmwaress404hst693d_firmwaress041ess058hss256nss106g_firmwaress033h_firmwaress211f_firmwaress216f_firmwaress359f_firmwaress205zst694a_firmwaress058css043d_firmwaress257nss205u3b0c6a\#312ss343g_firmwaress106jss395qss256e_firmware7fq93a\#ab1ss388e_firmwaress352n_firmwaress334dss216lss379ass389v_firmwaress107c_firmware7fq94a\#ab1st686h_firmwaress342a_firmwaress380b_firmwaress076k_firmwarest688bss383u_firmwaress404css379b_firmwaress044d_firmwaress377gss230zss204m_firmwaress271m_firmwaress353f_firmwaress059ess335b4zb96a_firmwaress106k_firmwaress218b_firmwarest693bss150f_firmwaress075d_firmware3a9x1a\#ab1_firmware9vv52a_firmwarest679a_firmware7fq88a\#ab1ss153b_firmwaress049n_firmwaress216p_firmwaress151ass257g_firmwaress256j_firmwaress107k_firmwaress153d_firmwaress383yss257bss404z4zb85ass272m_firmwaress335ess275bss383tss386d_firmwaress152b_firmwaress383z_firmwaress205lss336ass365c_firmwaress041a_firmwaress049m_firmware4zb92ass210m4zb96ass359q_firmwaress327a_firmwaress205f_firmware7fq97a\#ab1_firmwaress343a_firmwarest673ass105h_firmwaress209a_firmwaress213g_firmwaress076s_firmwaress383zst683d_firmwaress282css211h_firmwaress041fss211b3b0c8a\#ab1ss338ass105ess209ass352m_firmwaress254e_firmwaress397b_firmwaress230g_firmwaress230est684a_firmwaress205s_firmwaress033j_firmwaress383y_firmwaress105hw7u02a_firmwaress272a_firmwaress335d_firmwaress211gss368ass384b_firmwaress335f_firmwaress044j_firmware715a1a_firmwaress256l_firmware7fq99a\#ab1_firmwaress377fst683dss150c_firmwaress216gsv899d_firmwaress285a_firmwaress282b_firmwaress058ass404gss049nss150ass044ess105g_firmwaress396css390dss205t_firmwaress351ass389hst689a_firmwaress042css284a_firmwaress339a_firmwaress211hss398e_firmwaress359lss150b_firmwaress210jss386css230m_firmwaress368c_firmwaress272g7fr00a\#ab1ss235a_firmwaress395m_firmwarest695css353j_firmwaress152d_firmwaress397css041hss257a_firmwaress229a_firmwaress218gss230gss378a_firmwaress365jss272zss349c3b0d3a\#301ss255b_firmwaress059e_firmware1vr14a_firmwaress274a_firmwaress388j_firmwaress389dss272jss352q_firmwaress283ass216j_firmwaress272b_firmwaress339ess262a_firmwaress368a_firmwaress389e_firmwarest689ass044css059a_firmwaress404g_firmwaress041f_firmware6hu08ass330ass388l_firmwaress027fss257kss059d_firmwaress335dss378c\#304ss230a_firmwaress210css368d_firmwaress107mss369e_firmwaress058h_firmwaress390hss153gss404k_firmwaress342css339dss257m_firmwarest688h_firmwaress049f_firmware3b0c4a\#301_firmwaress257zss153css383wss041d_firmwaress076j_firmwaress219a_firmwaress266ass365c8af50asv899dss377g_firmwaress257j_firmwaress219a6hu10ass395d_firmwaress075css106sss199ass395hss211kss075d8af51a_firmware7fr00a\#ab1_firmwaress042g_firmwaress108d_firmwaress271bss044fss106ess397a_firmwaress205kss326css049c_firmwaress217ass352sss216m_firmwaress359zss211lss106tss388jss398esv899css404kss042a_firmwaress359n_firmwaress389u_firmware4zb95a3b0d1a\#ab1ss353fsw116bss076lss388css219css354ass398c_firmwarest695ass211b_firmwaress343c_firmwaress059c_firmwaress340ass076pss339e_firmwaress271nss233ass395s_firmwarest695c_firmware714z9a_firmwaress395kss043e_firmwaress210k_firmwaress368hss218e_firmwaress377e_firmware7uq76ass027d_firmwaress265a_firmware3b0d1a\#ab1_firmwarest686d_firmwaress254e715a5a_firmware7zb72a_firmwaress388b_firmwaress108c3b0c4a\#301ss033a_firmwaress352l_firmwaress390bss378gss391b_firmwaress105e_firmwaress058est679ass404z_firmwaress395l_firmwaress359dss327ast686fss205k_firmwaress106e_firmware4zb88a_firmwaress254c_firmwaress281ass277a7uq76a_firmwaress391ess324a_firmwaress076b_firmwaress397bss287b_firmwaress383x_firmwaress076tss196a_firmwaress075jss404dss153bss043l_firmwaress271c_firmwaress272hss076u_firmwaress377kss389q_firmware3b0c5a\#ab1_firmwaress254f_firmwaress383n_firmwaress230d_firmwaress390ess043c_firmwaress395lss230b_firmwaress204kss230pss276a_firmwaress395h_firmware7fq86a\#ab1_firmwarest688c_firmwaress359b_firmwaress353e_firmwaress365b6hu12a_firmwaress353hss343css216b_firmwaress365b_firmwaress391dss205nss205hss256d_firmwaress391c_firmwaress058f_firmwaress340dss332a_firmwaress254d_firmwaress356a_firmwaresw176bss044e_firmwaress339c_firmwaress204l6hu11ass380ass033g_firmwaress196dss106mss271kss216u_firmwaress216nss404l_firmwaress197a_firmware7zb20a_firmwaress348css271pss384a_firmwaress027ass108b_firmwaress256z_firmwaress218bss257dss230c_firmwaress279a2zn49a_firmwaress107qss204d_firmwarest679d_firmwaress393a_firmwaress027gst690d_firmwaress108a_firmware8pa14a\#302sv531a_firmwaress106d_firmwaress075a_firmwaress387a_firmwaress049bss257qss204h_firmware7fq90a\#ab1_firmwaress329ass076uss042dss388gss076hss255a_firmwaress398b_firmwaress330css075g_firmwaress404e_firmwaress102a_firmwaress281bss106fsv901b_firmwaress076ass275c_firmwaress108j715a3a_firmwaress288a6hu08a_firmwaress042a7gf51a\#ab1ss219f_firmwaress106n_firmwaress395dss210d715a6a_firmwaress404q_firmwaress211mss216d_firmware7fq98a\#ab1ss106css033fss195b_firmwaress377jss154ass367css383xss216a_firmwaress076bss334a_firmwarest693b_firmwaress106g8pa13a\#302ss256lss264a_firmwaress205css210g_firmwaress230h_firmwarest683bss106b_firmwaress390fss326dss213h_firmwaress211l_firmwaress027l_firmwaresw176a_firmwaress404b_firmwaress076xss327c_firmwaress027h_firmware8pa12a\#302_firmwaress271jss377p7fq91a\#ab1ss059g_firmwaress369dss271tss404e7fq94a\#ab1_firmwaress043dss343b_firmwaress386bss230p_firmwaress204c_firmwaress076ess383s_firmwaress404a_firmwaress342g_firmwaress365l_firmware7fq99a\#ab1ss256ass278a_firmwaress058jss353a_firmwaress353bss027g_firmwaress049k_firmwaress150a_firmwaress339gss265ass281b_firmwaress254dss075f_firmwaress256g_firmwaress041c_firmwaress383l_firmwaress107f_firmwaress105d_firmware4zb89a_firmwaress262ass331a_firmware3b0c0a\#301ss388k_firmwaress204bss058j_firmwaress107ast690bss153l_firmwarest694b_firmwaress383kss389s_firmware7gf47a\#ab1_firmwaress106zss271g_firmwaress378hss330c_firmwaress058fss276c_firmwaress359g_firmwaress258a_firmware8pa13a\#302_firmwarest686ass150h_firmwaress383bss267bss218ess106c_firmwaress218fss152bss377lss383qss076f_firmwaress397ass107g_firmwaress043kss033kss276b_firmwaress049e_firmwaress339g_firmwaress279a_firmwaress342fst686gss272f7fr03a\#ab1ss377nss396e_firmwarest683b_firmwaress033k_firmware7gf52a\#ab1_firmwaress359mss281a_firmwaress104a_firmwaress271dss395nss076mss391css275b_firmwaress342bss379a_firmwaress218a_firmwaress344a7fr04a\#ab1_firmwaress333a_firmwaress281css076t_firmwaress150n_firmwaress151bss330bss344b3b0c8a\#ab1_firmwaress352lss106f_firmware7zb25asv899c_firmwaress059bss059fss234a_firmwaress391ass348b_firmwaress348c_firmware6hu11a_firmwaress377j_firmwaress356ass027a_firmware7gf53a\#ab14zb79a_firmwaress256css395jss352f_firmwaress232a_firmware4zb90ass210n_firmware2zn49ass256jss049ess404pss049css383e_firmwarest688gss396bw7u01a_firmwaress368g_firmwaress257h_firmwaress272qss106nss230css027j_firmwaress329a_firmwaress044mss271k_firmwaress256q7gf50a\#ab1_firmwaress237bss342gss216g_firmwaress205d_firmwaress049lss254fss213e_firmwaress033mss397j_firmwaress349fss396h_firmwaress049a7zb21a_firmwaress205m_firmwaress107fss359c7fq97a\#ab1ss397h4zb95a_firmwaress359l_firmwaress335g_firmwaress044ass210d_firmwaress395bss044m_firmwaress377k_firmwaress106bss391bss339b_firmwaress322bss387ass271h_firmwaress386ass213hss076g_firmware8af49a_firmwaress404ast693a_firmwaress049jss352bst688hss042c_firmwaress043f_firmwaress336bss196h_firmwarest694d_firmwaress271e_firmwaress075k_firmwaress219b_firmwaress257ess205c_firmwaress272s_firmware7fq90a\#ab1ss261a_firmwaress108l_firmwaress352h4zb91ass075hss367ass271fss268bss263ass210f_firmwaress219fss398a_firmware8pa12a\#302ss380bss352b_firmwaress105jss286a_firmwaress389kss383gst695dss396ess027e3a9x8a\#ab1ss076m_firmwaress353b_firmwaress213c_firmwaress256mss042jss395sss365f_firmwaress210n7fq98a\#ab1_firmwaress349ess383hss381ass326d_firmwaress198ass267a_firmware7fr03a\#ab1_firmwaress218c_firmwaress272u_firmwaresw176ass230t_firmwaress049fss386e_firmwaress216l_firmwaress230j_firmwaress391e_firmwaress151a_firmware3b0c7a\#301_firmwaress389u7fq96a\#ab1_firmwaress257mss058dss393c_firmwarest686hss076vss256k_firmwarest679hss107dss390ass352a_firmwaress230nst686e_firmware8af52ass230z_firmwaress205fss388a_firmwaress041b_firmwaress211e_firmwaress150fss389n_firmwaress257p_firmwaress205qss404m_firmwaress383t_firmwaress359jss106p_firmwaress153ass343kss366ass342c_firmwaress218f_firmwaress396fss397p_firmwaress043h714z9ass352kss389t7fq86a\#ab1ss076h_firmwaress271d_firmwaress326bss392a_firmwaress396b_firmwaress230mst684ass335ass359gss268ass339f_firmwaress257q_firmwaress398fss283a_firmwaress404lss391fss378c\#304_firmwaress386a_firmwaress105j_firmwaress395n_firmwaress389g_firmwarest688dss211m_firmwaress383j_firmwaress352e_firmwaress339bss390d_firmwaress378b_firmwaress254g_firmware7gf54a\#ab1ss396g_firmwaress211ess367a_firmware7fr05a\#ab1_firmwaress395p_firmwaress027css277a_firmwaress353css328ass043a_firmwaress397pss284b_firmwaress150m4zb86ass332ass102ass389m_firmwaress204ass033ass108hss059b_firmwaress254a_firmwaress196hss326ass106m_firmwaress258ass280a_firmwaress359c_firmwaress359bss369c4zb84a_firmwaress387bss049d_firmwaress230n_firmwaress213d8af49a4zb90a_firmwaress336b_firmwaress353jss263bss272css379bst679f_firmwaress257d_firmware714z6a_firmwaress041g_firmwaress256c_firmwaress027dss396dst679fss367d_firmware4zb82ass042f_firmwaress219bss107bsw116b_firmware7gf52a\#ab1ss204m7zb72ass388ess044l_firmware7gf49a\#ab1ss216s_firmware3a9x2a\#301_firmwaresw176c_firmwaress365e_firmwaress330b_firmwaress150kss368fss340bss326c_firmwarest683c_firmwaress395ess229ass383jss106qss386f_firmwaress352a3a9x7a\#ab1_firmwaress059f_firmwaress377d_firmwarest688d_firmwaress342dss044kss150jss216n_firmwaress404fss386dss383mss233a_firmwarest688ass397g_firmwaress389p_firmwaress049kss076n_firmwaress395tss216bss153ess196b_firmwaress271b_firmwaress397mss076c_firmwaress384d_firmwaress150l_firmwaress340d_firmwaress334ass334b_firmwaress150nss076wss389j_firmwaress195bss330a_firmwaress365ess257n_firmwaress107lss334fss213f_firmwaress033c4zb83a_firmwaress059a7zb21a4zb94a_firmwaress058bsv901bss059jss263a_firmwarest695bss230lss349dss359nss044n_firmwaress106kss235ass323a_firmwaress107nss106a_firmwaress343dss271l_firmwaress216css153c_firmwaress041e_firmwaress369b_firmwarest679gss397jss383d_firmwaress288a_firmwaress391f_firmwaress380css106dss327bss049h_firmwaress106h_firmwaress322a7fq91a\#ab1_firmwaress272kss027e_firmwaress105f_firmware4zb94ass397d_firmwaress075h_firmwarest679dss216z7fq95a\#ab1ss237b_firmwaress389ass150d_firmwaress337a_firmwaress352f4zb81a_firmwaress398d_firmwaress271css230a4zb82a_firmwaress154bst690a_firmware7zb19a_firmwaress383v_firmwaress151b_firmwaress033d_firmwaress404f_firmwaress271a_firmwaress257k_firmwaress204psw192ast688f_firmwaress367e_firmwaress340a_firmwaress354a_firmwaress389t_firmwaress211ass384est673b_firmwaress152ass339d_firmwaress043ass204e_firmwaress383c7fr01a\#ab1ss219dss388h_firmwaress106q_firmwaress272lss377dss383pss377l_firmwaress033c_firmwaress343gss268b_firmwaress213ass229d_firmwaress392b_firmwaress365m_firmwarest695a_firmwaress196c4zb81ass211pst685ass322b_firmwaress273ass368e_firmwaress271hst693c_firmware4zb93a_firmwaress213css044f_firmwaress219d_firmwaress397l_firmwaress383ew7u02ass282a_firmwaress216fss075f6hu10a_firmwaress042e_firmwaress049l_firmwaress205g_firmwaress397fss256sss210gss397f_firmware8pa14a\#302_firmwaress027c_firmware4zb91a_firmwaress368f_firmwaress352pss216mss343jss390h_firmwaress404d_firmwaress284ass335b_firmwaress230bss059j_firmwaress271gss230h7gf51a\#ab1_firmware3b0c7a\#301ss150sss205sss365a_firmwaress353kss326b_firmwaress256b_firmwaress230fss377a_firmwaress059gss216pss199a_firmwarest673c_firmware2zn50ass213bss271f_firmwarest682bss153e_firmwaress044nss076gss367f_firmwaress027b_firmware7fr02a\#ab1ss377css204k_firmwaress205q_firmwaress353gss204nss257css383c_firmwaress359pss386c_firmwaress105ass076zss389vss256fst690b_firmwaress260ass271n_firmwaress343ass205bss033e_firmwaress393b_firmwaress272k_firmwaress378css404nss396a_firmwaresw112b_firmwaress368b_firmwaress383k_firmwarest673css389qss349e_firmware7gf49a\#ab1_firmwaress216u715a0ast688b_firmwaress377c_firmwaress349bss367b_firmwaress075e_firmwaress342f_firmwaress352dss328bss388bss213b_firmwaress334cst687a_firmwaress076z_firmwaress377b_firmwaress150ess331b_firmwaress353k_firmwaress210lss075gss390css395gss339ass395css272ess271sss042j_firmwaress385a_firmwaress256dss043bss389fss041h_firmwaress211p_firmwaress386ess033n3b0d3a\#301_firmwaress196c_firmwaress398g_firmwaress367bss255bss287ass049a_firmwaress263b_firmwaress388g_firmwarest673bss324ass271j_firmwaress044a_firmwaress367c_firmwaress044h_firmwaress153jss404mss272ass211g_firmwaress383fss230tss397k_firmwaress149ass389l_firmwaress229jss378h_firmware5ue14a_firmwarest685a_firmwarest686a_firmwarest694c_firmware7zb20ass349a_firmwaress205jss108fss359p_firmwaress108c_firmwaress353ess256q_firmwaress352jss106pss205mss107l_firmwarest683ess204j_firmwaress286ass396f_firmwaress384e_firmwaress271t_firmwaress359a3a9x7a\#ab1ss365ass393css257f_firmwaress042e715a5ass256h3a9x4a\#ab1_firmwaress389jss257l7gf48a\#ab1ss254ass260a_firmwaress027hst688ess365d7ab26ass217a_firmwaress272t_firmwaress153lss352c4zb87ass058c_firmwaress043fss339cst690dst686bss383sss256s_firmwaress204b_firmwaress272dss256pss395j_firmwaress219c_firmwaress359m_firmwaress105c_firmwaress398gss231ass107d_firmwaress377m_firmwaress033dss205a_firmware7fq87a\#ab1_firmwaress282c_firmwaress033m_firmwaress282ass281c_firmwarest673d_firmwaress108kss377ess107a_firmwaress395f_firmwaress043jss367dst682c_firmwaress229bss153fss105a_firmwaress395f7fq93a\#ab1_firmwaress335hss216z_firmwaress108lss338a_firmwaress271s_firmwaress107gss334e_firmwaress398bss378k4zb88ass204p_firmwaress205u_firmwaress272ust694bss381a_firmwaress049gss277b_firmwaress256t_firmwaress107hss153h_firmwaress350a_firmwaress272tss388ass391d_firmwaress388d_firmwaress043g_firmwaress390e_firmwaress397gss229g_firmwaress049b_firmware7fq96a\#ab1ss204hst679bst684b_firmwaress196gss076p_firmwaress213fss404c_firmwaress204gss210k4zb84ast679c_firmwaress368j_firmwaress393ass397nss196ass044g_firmware715a4ass150pss348bss041bss388h6hu09ass211n_firmwaress397n_firmwaress392c_firmwaress153g_firmware7fr05a\#ab1ss215ass276css044lss322a_firmwaress389f_firmwaress154b_firmwaress218g_firmwaress389nst679css331bss041gss106z_firmware1vr14ass352p_firmwaress383w_firmwaress389c_firmwarest690ass377f_firmwaress205e8af52a_firmware2ky38a_firmwarest683ass196e4zb80a_firmwarest684bss216t_firmwaress211f715a2ass378ess384css383dss043l7zb19ass033n_firmwaress044g7fq95a\#ab1_firmwaress196d_firmwaress397e_firmwaress396gss365kst686c_firmwaress230k3b0c1a\#304_firmwaress216tss322c_firmwaress272h_firmwaress027bss153d714z7ass380c_firmwaress152c_firmware4zb80ass272pss108g_firmware714z8ass272sss255css395t_firmwaress348ass108bsw112bss272z_firmwaress106l_firmwaress389sss404bss272j_firmwaress368jss389ess257gss367ess272g_firmwaress153a_firmwaress274b_firmwaress343hss404n_firmwaress256zss395a4zb86a_firmwaress343ess378j_firmwaress396ass398ass344a_firmwaress390gss352c_firmwaress359a_firmwaress103ass257pss041css204css378jss342e_firmwaress229b_firmware714z6ass388dss335css267ass340b_firmwaress284bss343bst694css256bsw176css204fss150e_firmwaress205z_firmwaress042gss205n_firmwaress351a_firmwaress204g_firmwaress343d_firmwaress152dss343h_firmwaress033f_firmwaress349d_firmwaress390a_firmwaress349b_firmwaress216dss230dss378g_firmwaress218k_firmware209u7a_firmwaress377n_firmwaress076a_firmwaress210l_firmwaress229dss377p_firmwaress404p_firmwaress377hss352d_firmwaress106t_firmwaress397qss230jss150hss230qss327b_firmwaress108e_firmwaress231a_firmwaress216ew7u01ass043k_firmwaress342b_firmwaress272m5ue15a_firmwaress322css328b_firmwarest683e_firmwaress377mss257hss254b_firmwaress196e_firmwaress389css153k_firmwaress150m_firmwaress216e_firmwaress388c_firmwaress205g2ky38ass210a_firmwaress150s_firmwaress389bss107e_firmwaress377ass365hss359j_firmware714z7a_firmwaress342ass259a_firmwaress153j_firmware7fq89a\#ab1ss335c_firmwaress205ass266a_firmwaress378c_firmwarest683a_firmware4zb92a_firmwarest695d_firmwaress397c_firmwaress275ass397ess049j_firmwaress395k_firmware3b0c9a\#304ss204a_firmwaress368gss041j_firmwaress044hss049g_firmwaress367fss397h_firmware5ue14ass212ass049hss107ess218kss392bss378k_firmwaress334b7fr01a\#ab1_firmwaress257z_firmwaress337ass230e_firmware4zb97ass076nss210ess394ass271ess205d7fr02a\#ab1_firmware9vv52ass282bss216vss274bss404j_firmware5ue15ass327d_firmwaress390b_firmwaress033gss205tss343f_firmwaress150g_firmwaress106ass075ess384c_firmwaress277bss210fss044dst683css211dsw176b_firmwaress216ass366a_firmwarest686f_firmwaress267b_firmwaress343k_firmwaress210bss395q_firmwaress041ass042h_firmwaress335h_firmwaress107m_firmwaress108ess058e_firmwarest679g_firmwaress378f_firmwaress108dss256ess210b_firmware7gf47a\#ab1715a4a_firmwaress264ass257f3b0c3a\#ab1ss359k_firmwarest693ass049mss210h_firmwaress033est686dss271qss059dss368bss213d_firmwaress343j_firmwaress230sss285ass205b_firmwaress042hss216c_firmwaress218d_firmwaress383b_firmwaress355a_firmwarest686g_firmwaress058d_firmwarest693css357ass257ass059css107kst679ess359qss205e_firmwarest688fss383ass397m_firmwaress331ass390f_firmwaress352s_firmwaress076x_firmwaress387b_firmwaress106s_firmwaress218dss211css075a7gf55a\#ab1ss352j_firmwaress230l_firmwaress378bss386b_firmwaress219ess271mss382ass383lss043c8pa10a\#301_firmwaress365h_firmwaress273a_firmwaress369c_firmwaress390g_firmwaress287bss033b_firmwaress389d_firmwarest688j_firmwaress153hss215a_firmwaress107q_firmwaress075c_firmwaress389k_firmwaress211a_firmwaress205pss378ass359d_firmwaress326a_firmwaress256gss216h_firmwaress257b_firmwaress275css107c7zb25a_firmwaress105bst686ess390c_firmwaress272p_firmwaress397dss076f4zb97a_firmwaress033hss352nss352qss105fss105css196b8pa11a\#301ss041dss368dst679e_firmwaress205j_firmwaress254gss384b6hu12ass107jss210hss043h_firmwaress391a_firmwaress043ess389a_firmwaress204l_firmwaress237ass395b_firmwaress383m_firmwaress044c_firmwareHP and Samsung Printer software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-40746
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.08% / 23.46%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 17:53
Updated-24 Apr, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-i_access_client_solutionswindowsi
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-2630
Matching Score-4
Assigner-National Instruments
ShareView Details
Matching Score-4
Assigner-National Instruments
CVSS Score-7||HIGH
EPSS-0.03% / 6.54%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 18:50
Updated-18 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL Hijacking Vulnerability in NI LabVIEW

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Action-Not Available
Vendor-niNI
Product-labviewLabVIEW
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-2629
Matching Score-4
Assigner-National Instruments
ShareView Details
Matching Score-4
Assigner-National Instruments
CVSS Score-7||HIGH
EPSS-0.03% / 6.54%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 18:45
Updated-18 Aug, 2025 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL Hijacking Vulnerability in NI LabVIEW When Loading NI Error Reporting

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Action-Not Available
Vendor-niNI
Product-labviewLabVIEW
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-26404
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 1.34%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:59
Updated-13 Aug, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) DSA software before version 25.2.15.9 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) DSA software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-24998
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.24% / 47.23%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-01 Jul, 2025 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Elevation of Privilege Vulnerability

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022visual_studio_2017visual_studio_2019Microsoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2022 version 17.12Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Visual Studio 2022 version 17.13
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-25003
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.24% / 47.23%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-01 Jul, 2025 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Elevation of Privilege Vulnerability

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022visual_studio_2019Microsoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2022 version 17.12Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2022 version 17.13
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-28636
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.3||HIGH
EPSS-1.29% / 78.85%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 18:09
Updated-16 Sep, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader Unquoted Search Path Vulnerability

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker with access to the victim's C:/ folder could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-acrobat_dcacrobat_reader_dcAcrobat Reader
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-24923
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 1.34%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:59
Updated-15 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) AI for Enterprise Retrieval-augmented Generation software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) AI for Enterprise Retrieval-augmented Generation software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-24039
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.28% / 50.80%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-02 Jul, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code Elevation of Privilege Vulnerability

Visual Studio Code Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-22838
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 1.34%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-13 Aug, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) RealSense(TM) Dynamic Calibrator software before version 2.14.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) RealSense(TM) Dynamic Calibrator software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-20108
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.56%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 21:02
Updated-15 May, 2025 | 04:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element for some Intel(R) Network Adapter Driver installers for Windows 11 before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Network Adapter Driver installers for Windows 11
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-21099
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.56%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 21:02
Updated-15 May, 2025 | 04:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Graphics software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-20079
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.56%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 21:02
Updated-16 May, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) Advisor software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Advisor software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-20015
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.56%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 21:01
Updated-16 May, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element for some Intel(R) Ethernet Connection software before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Ethernet Connection software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-20048
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 1.34%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-14 Aug, 2025 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for the Intel(R) Trace Analyzer and Collector software all verions may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Trace Analyzer and Collector software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-21206
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.45% / 62.67%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-12 Mar, 2025 | 01:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Installer Elevation of Privilege Vulnerability

Visual Studio Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022visual_studio_2019visual_studio_2017Microsoft Visual Studio 2022 version 17.12Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-20017
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 1.34%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:57
Updated-13 Aug, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) oneAPI Toolkit and component software installers may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) oneAPI Toolkit and component software installers
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-20043
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.56%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 21:01
Updated-16 May, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) RealSense™ SDK software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-21093
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 1.34%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-13 Aug, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element for some Intel(R) Driver &amp; Support Assistant Tool software before version 24.6.49.8 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Driver &amp; Support Assistant Tool software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-20092
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 1.34%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-13 Aug, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Clock Jitter Tool software before version 6.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Clock Jitter Tool software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-20041
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.56%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 21:01
Updated-14 May, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) Graphics software for Intel(R) Arc™ graphics and Intel(R) Iris(R) Xe graphics before version 32.0.101.6325/32.0.101.6252 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Graphics software for Intel(R) Arc™ graphics and Intel(R) Iris(R) Xe graphics
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-20627
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 1.34%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-13 Aug, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) oneAPI DPC++/C++ Compiler software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-1729
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 2.05%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 19:17
Updated-17 Jul, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-TrackPoint Quick Menu
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-53977
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 2.14%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 10:28
Updated-11 Feb, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). An example setup script contained in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch the script from a user-writable directory.

Action-Not Available
Vendor-Siemens AG
Product-ModelSimQuesta
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-49391
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.45%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 09:48
Updated-18 Oct, 2024 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-cyber_filesAcronis Cyber Filescyber_files
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-49592
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.48%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 00:00
Updated-27 Nov, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adversary or knowledgeable user" and the type of attack could be called "DLL-squatting." The issue only affects execution of this installer, and does not leave McAfee Total Protection in a vulnerable state after installation is completed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-n/atotal_protection
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-47942
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7||HIGH
EPSS-0.03% / 7.22%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 12:49
Updated-13 Nov, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system.

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2024Solid Edge SE2024solid_edge_se2024
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-47800
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.56%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 21:03
Updated-15 May, 2025 | 04:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Graphics Driver software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-47195
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 5.17%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 08:40
Updated-16 Oct, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). gdb.exe in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch gdb.exe from a user-writable directory.

Action-Not Available
Vendor-Siemens AG
Product-questamodelsimModelSimQuestaquestamodelsim
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-47194
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 5.17%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 08:40
Updated-16 Oct, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vish2.exe in affected applications allows a specific DLL file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vish2.exe from a user-writable directory.

Action-Not Available
Vendor-Siemens AG
Product-questamodelsimModelSimQuestaquestamodelsim
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-46895
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.56%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 21:03
Updated-15 May, 2025 | 04:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) Arc™ &amp; Iris(R) Xe graphics software before version 32.0.101.6083/32.0.101.5736 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Arc™ &amp; Iris(R) Xe graphics software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-45246
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.3||HIGH
EPSS-0.03% / 6.72%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 11:49
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element

Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element

Action-Not Available
Vendor-Diebold Nixdorfdieboldnixdorf
Product-Vynamic View prior to v5.9.5vynamic_view
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-42405
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.50%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 21:19
Updated-18 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) Quartus(R) Prime Software before version 23.1.1 Patch 1.01std may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Quartus(R) Prime Software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-42492
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.50%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 21:18
Updated-13 Feb, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in some BIOS and System Firmware Update Package for Intel(R) Server M50FCP family before version R01.02.0002 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-BIOS and System Firmware Update Package for Intel(R) Server M50FCP family
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-39365
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.50%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 21:19
Updated-18 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for the FPGA Support Package for the Intel(R) oneAPI DPC++/C++ Compiler software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) oneAPI DPC++/C++ Compiler software for Windows
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-19954
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.14% / 34.07%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 14:07
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.

Action-Not Available
Vendor-signaln/aMicrosoft Corporation
Product-signal-desktopwindowsn/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-39813
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.50%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 21:19
Updated-18 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some EPCT software before version 1.42.8.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-EPCT software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-39372
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.50%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 21:19
Updated-18 Feb, 2025 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for the Intel(R) XTU software for Windows before version 7.14.2.14 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) XTU software for Windows
CWE ID-CWE-427
Uncontrolled Search Path Element
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • Next
Details not found