Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-28140

Summary
Assigner-Qualys
Assigner Org ID-8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda
Published At-18 Apr, 2023 | 15:47
Updated At-26 Feb, 2025 | 19:23
Rejected At-
Credits

Executable Hijacking

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library (DLL) via a local attack vector instead of the DLL that the application was expecting, when processes are running with escalated privileges. This vulnerability is bounded only to the time of uninstallation and can only be exploited locally. At the time of this disclosure, versions before 4.0 are classified as End of Life.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Qualys
Assigner Org ID:8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda
Published At:18 Apr, 2023 | 15:47
Updated At:26 Feb, 2025 | 19:23
Rejected At:
â–¼CVE Numbering Authority (CNA)
Executable Hijacking

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library (DLL) via a local attack vector instead of the DLL that the application was expecting, when processes are running with escalated privileges. This vulnerability is bounded only to the time of uninstallation and can only be exploited locally. At the time of this disclosure, versions before 4.0 are classified as End of Life.

Affected Products
Vendor
Qualys
Product
Cloud Agent
Platforms
  • Windows
Default Status
unaffected
Versions
Affected
  • From 3.1.3.34 before 4.5.3.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-427CWE-427 Uncontrolled Search Path Element
Type: CWE
CWE ID: CWE-427
Description: CWE-427 Uncontrolled Search Path Element
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-471CAPEC-471 Search Order Hijacking
CAPEC-234CAPEC-234 Hijacking a privileged process
CAPEC ID: CAPEC-471
Description: CAPEC-471 Search Order Hijacking
CAPEC ID: CAPEC-234
Description: CAPEC-234 Hijacking a privileged process
Solutions

Upgrade to v4.5.3.1 of Qualys Cloud Agent for Windows.

Configurations
Workarounds
Exploits

Proof of Concept

Credits
reporter
Lockheed Martin Red Team
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualys.com/security-advisories/
vendor-advisory
Hyperlink: https://www.qualys.com/security-advisories/
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.qualys.com/security-advisories/
vendor-advisory
x_transferred
Hyperlink: https://www.qualys.com/security-advisories/
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:bugreport@qualys.com
Published At:18 Apr, 2023 | 16:15
Updated At:28 Apr, 2023 | 13:52

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library (DLL) via a local attack vector instead of the DLL that the application was expecting, when processes are running with escalated privileges. This vulnerability is bounded only to the time of uninstallation and can only be exploited locally. At the time of this disclosure, versions before 4.0 are classified as End of Life.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.0HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CPE Matches
qualys
qualys
>>cloud_agent>>Versions from 3.1.3.34(inclusive) to 4.5.3.1(exclusive)
cpe:2.3:a:qualys:cloud_agent:*:*:*:*:*:windows:*:*
Weaknesses
CWE IDTypeSource
CWE-427Primarynvd@nist.gov
CWE-427Secondarybugreport@qualys.com
CWE ID: CWE-427
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-427
Type: Secondary
Source: bugreport@qualys.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.qualys.com/security-advisories/bugreport@qualys.com
Vendor Advisory
Hyperlink: https://www.qualys.com/security-advisories/
Source: bugreport@qualys.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

224Records found
CVE-2023-28142
Matching Score-8
Assigner-Qualys, Inc.
ShareView Details
Matching Score-8
Assigner-Qualys, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.13% / 3.01%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 15:51
Updated-03 Mar, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Race Condition

A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on that asset to run arbitrary commands. At the time of this disclosure, versions before 4.0 are classified as End of Life.

Action-Not Available
Vendor-qualysQualys
Product-cloud_agentCloud Agent
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-28143
Matching Score-8
Assigner-Qualys, Inc.
ShareView Details
Matching Score-8
Assigner-Qualys, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.17% / 7.05%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 15:54
Updated-05 Feb, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation

Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX (macOS 10.15 and older) versions. Attackers may exploit incorrect file permissions to give them ROOT command execution privileges on the host. During the install of the PKG, a step in the process involves extracting the package and copying files to several directories. Attackers may gain writable access to files during the install of PKG when extraction of the package and copying files to several directories, enabling a local escalation of privilege.

Action-Not Available
Vendor-qualysQualysApple Inc.
Product-cloud_agentmac_os_xCloud Agent
CWE ID-CWE-426
Untrusted Search Path
CVE-2023-28141
Matching Score-8
Assigner-Qualys, Inc.
ShareView Details
Matching Score-8
Assigner-Qualys, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 7.99%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 15:50
Updated-03 Mar, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NTFS Junction

An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or otherwise on unauthorized files, allowing for the potential modification or deletion of sensitive files limited only to that specific directory/file object. This vulnerability is bounded to the time of installation/uninstallation and can only be exploited locally. At the time of this disclosure, versions before 4.0 are classified as End of Life.

Action-Not Available
Vendor-qualysQualys
Product-cloud_agentCloud Agent
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-48223
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 1.84%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 00:00
Updated-18 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory.

Action-Not Available
Vendor-gbgplcn/a
Product-acuant_acufill_sdkn/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-22379
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.17% / 7.00%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) Inspector softwareinspectorhpc_toolkit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-43456
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.15% / 4.54%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:36
Updated-10 Oct, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) RST software before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-rapid_storage_technologyIntel(R) RST softwareintel_rst_software
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-22451
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 1.02%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 15:16
Updated-23 Jun, 2026 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution.

Action-Not Available
Vendor-Dell Inc.
Product-peripheral_managerPeripheral Manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-23312
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 7.17%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 21:08
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aintel_binary_configuration_tool_software_for_windows
Product-Intel(R) Binary Configuration Tool software for Windowsintel_binary_configuration_tool_software_for_windows
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-20015
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 2.88%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 21:01
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element for some Intel(R) Ethernet Connection software before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Ethernet Connection software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-20108
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 2.93%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 21:02
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element for some Intel(R) Network Adapter Driver installers for Windows 11 before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Network Adapter Driver installers for Windows 11
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-22447
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 0.96%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 14:10
Updated-17 Jun, 2026 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious dll., leading to arbitrary code execution.

Action-Not Available
Vendor-Dell Inc.
Product-peripheral_managerPeripheral Manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-43474
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.17% / 6.47%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-27 Jan, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPGAs Pro Edition may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-dsp_builderquartus_primeDSP Builder software installer for Intel(R) FPGAs Pro Edition
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-41998
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.17% / 6.47%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-27 Jan, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-data_center_managerIntel(R) DCM software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-41693
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.17% / 6.47%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-27 Jan, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quartus_primeIntel(R) Quartus(R) Prime Pro edition software
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-41314
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.17% / 6.21%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Network Adapter installer software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ethernet_network_controller_e810-cam1ethernet_network_adapter_e810-cqda1_for_ocp_3.0ethernet_network_adapter_e810-xxvda2_for_ocpethernet_network_adapter_e810-cqda1ethernet_network_controller_e810administrative_tools_for_intel_network_adaptersethernet_network_adapter_e810-cqda1_for_ocpethernet_controller_e810ethernet_network_adapter_e810-cqda2non-volatile_memory_update_utilityethernet_network_controller_e810-xxvam2ethernet_network_adapter_e810-xxvda2ethernet_network_adapter_e810-xxvda4ethernet_network_controller_e810-cam2ethernet_network_adapter_e810-xxvda2_for_ocp_3.0ethernet_network_adapter_e810-cqda2_for_ocp_3.0Intel(R) Network Adapter installer software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-40746
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.34% / 25.45%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 17:53
Updated-24 Apr, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-i_access_client_solutionswindowsi
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21772
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.19% / 8.91%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-27 Aug, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_base_toolkitadvisorIntel(R) Advisor softwareoneapi_base_toolkitadvisor
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21831
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.19% / 8.65%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-27 Aug, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Processor Diagnostic Tool software before version 4.1.9.41 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-processor_diagnostic_toolIntel(R) Processor Diagnostic Tool softwareprocessor_diagnostic_tool
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21769
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 4.91%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) Ethernet Connection I219-LM install softwareethernet_complete_driver_pack
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-32938
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 8.41%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 21:19
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) MPI Library for Windows software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) MPI Library for Windows software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21857
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 4.83%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) oneAPI Compiler softwareoneapi_compiler_software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21862
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 8.02%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-28 Jan, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quartus_primeIntel(R) Quartus(R) Prime Standard Edition Design softwarequartus_prime_standard_edition_design_software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21837
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 8.02%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-28 Jan, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quartus_primeIntel(R) Quartus(R) Prime Lite Edition Design softwarequartus_prime_lite_edition_design_softwareprime_pro_edition_designquartus_prime_standard_edition_software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21784
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 4.54%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-27 Aug, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) IPP Cryptography software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-integrated_performance_primitives_cryptographyoneapi_base_toolkitIntel(R) IPP Cryptography softwareipp_cryptography
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21814
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 8.02%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-28 Jan, 2025 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-chipset_device_softwareIntel(R) Chipset Device Softwarechipset_device_software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21841
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.17% / 7.00%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) Distribution for GDB software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) Distribution for GDB softwaregdb_software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21861
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 7.50%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-23 Jan, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-graphics_performance_analyzers_frameworkIntel(R) GPA Framework softwaregraphics_performance_analyzer
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-13669
Matching Score-4
Assigner-04c0172e-9735-4a9d-a92a-fe01fa863447
ShareView Details
Matching Score-4
Assigner-04c0172e-9735-4a9d-a92a-fe01fa863447
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 0.92%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 02:30
Updated-12 Jan, 2026 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
High Level Synthesis Compiler Security Advisory

Uncontrolled Search Path Element vulnerability in Altera High Level Synthesis Compiler on Windows allows Search Order Hijacking.This issue affects High Level Synthesis Compiler: from 19.1 through 24.3.

Action-Not Available
Vendor-AlteraIntel CorporationMicrosoft Corporation
Product-windowshigh_level_synthesis_compilerHigh Level Synthesis Compiler
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21788
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.19% / 8.90%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-23 Jan, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) GPA software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-graphics_performance_analyzersIntel(R) GPA softwaregraphics_performance_analyzer
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21830
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 8.41%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 21:18
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) VPL software before version 2023.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) VPL software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21843
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.17% / 7.00%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) Computing Improvement Program softwarecomputing_improvement_program
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21818
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.17% / 7.00%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) PCM softwarepcm
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21766
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 4.83%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) oneAPI Math Kernel Library softwareoneapi_math_kernel_library
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-34028
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 7.17%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 21:09
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for Windows before version 2024.1.0.142, graphics driver 31.0.101.5445 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for Windowsgraphics_offline_compiler_for_opencl_code_software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-38136
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.19% / 9.26%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 18:58
Updated-27 Jan, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler for Windows and Intel Fortran Compiler for Windows before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_dpc\+\+\/c\+\+_compilerIntel(R) oneAPI DPC++/C++ Compiler for Windows and Intel® Fortran Compiler for Windows before version 2022.2.1 for some Intel(R) oneAPI Toolkits
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-37329
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 7.83%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-fpga_software_development_kitquartus_primeIntel(R) Quartus(R) Prime Pro and Standard Edition software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-36398
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.17% / 6.47%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-battery_life_diagnostic_toolIntel(R) Battery Life Diagnostic Tool software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-37340
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 7.98%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quickassist_technologyIntel(R) QAT drivers for Windows
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-28247
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-6.7||MEDIUM
EPSS-0.45% / 36.07%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 17:42
Updated-27 May, 2026 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Uninstaller Hard Link Leads To Remote Code Execution

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation. Exploitation of this issue requires user interaction in that a victim must run the uninstaller with Admin privileges.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-27638
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.16% / 5.21%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:48
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-advanced_link_analyzerIntel(R) Advanced Link Analyzer Pro and Standard edition
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-27187
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.16% / 5.55%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:48
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quartus_primeIntel(R) Quartus Prime Standard edition software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26345
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 7.59%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-openmpIntel(R) oneAPI Toolkit OpenMP
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26512
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 7.83%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) FPGA Add-on for Intel(R) oneAPI Base Toolkit before version 2022.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-fpga_add-onIntel(R) FPGA Add-on for Intel(R) oneAPI Base Toolkit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26421
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 7.83%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) oneAPI DPC++/C++ Compiler Runtime before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_dpc\+\+\/c\+\+_compiler_runtimeIntel(R) oneAPI DPC++/C++ Compiler Runtime
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26425
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 7.83%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) oneAPI Collective Communications Library (oneCCL) before version 2021.6 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_collective_communications_libraryIntel(R) oneAPI Collective Communications Library (oneCCL) for Intel(R) oneAPI Base Toolkit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26076
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.23% / 13.98%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Network (oneDNN) before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_deep_neural_networkIntel(R) oneAPI Deep Neural Network (oneDNN)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26062
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 7.83%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) Trace Analyzer and Collector before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-trace_analyzer_and_collectorIntel(R) Trace Analyzer and Collector for Intel(R) oneAPI HPC Toolkit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-25905
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.17% / 6.69%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) oneAPI Data Analytics Library (oneDAL) before version 2021.5 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_data_analytics_libraryIntel(R) oneAPI Data Analytics Library (oneDAL) for Intel(R) oneAPI Base Toolkit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26052
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 7.07%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) MPI Library before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-mpi_libraryIntel(R) MPI Library for Intel(R) oneAPI HPC Toolkit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26028
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.17% / 6.49%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:49
Updated-29 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-vtune_profilerIntel(R) VTune(TM) Profiler software
CWE ID-CWE-427
Uncontrolled Search Path Element
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found