Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-21830

Summary
Assigner-intel
Assigner Org ID-6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At-12 Feb, 2025 | 21:18
Updated At-13 Feb, 2025 | 20:20
Rejected At-
Credits

Uncontrolled search path in some Intel(R) VPL software before version 2023.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:intel
Assigner Org ID:6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At:12 Feb, 2025 | 21:18
Updated At:13 Feb, 2025 | 20:20
Rejected At:
▼CVE Numbering Authority (CNA)

Uncontrolled search path in some Intel(R) VPL software before version 2023.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected Products
Vendor
n/a
Product
Intel(R) VPL software
Default Status
unaffected
Versions
Affected
  • before version 2023.4.0
Problem Types
TypeCWE IDDescription
N/AN/AEscalation of Privilege
CWECWE-427Uncontrolled Search Path Element
Type: N/A
CWE ID: N/A
Description: Escalation of Privilege
Type: CWE
CWE ID: CWE-427
Description: Uncontrolled Search Path Element
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
4.05.4MEDIUM
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01044.html
N/A
Hyperlink: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01044.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@intel.com
Published At:12 Feb, 2025 | 22:15
Updated At:12 Feb, 2025 | 22:15

Uncontrolled search path in some Intel(R) VPL software before version 2023.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.4MEDIUM
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-427Primarysecure@intel.com
CWE ID: CWE-427
Type: Primary
Source: secure@intel.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01044.htmlsecure@intel.com
N/A
Hyperlink: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01044.html
Source: secure@intel.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

202Records found
CVE-2024-21766
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 7.55%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-14 Aug, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) oneAPI Math Kernel Library softwareoneapi_math_kernel_library
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21814
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.16% / 37.07%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-28 Jan, 2025 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-chipset_device_softwareIntel(R) Chipset Device Softwarechipset_device_software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21857
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 13.86%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-14 Aug, 2024 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) oneAPI Compiler softwareoneapi_compiler_software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21837
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.21% / 43.22%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-28 Jan, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quartus_primeIntel(R) Quartus(R) Prime Lite Edition Design softwarequartus_prime_lite_edition_design_softwareprime_pro_edition_designquartus_prime_standard_edition_software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21841
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 23.33%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-01 Aug, 2024 | 22:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) Distribution for GDB software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) Distribution for GDB softwaregdb_software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21777
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.98%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-28 Jan, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition Design software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quartus_primeIntel(R) Quartus(R) Prime Pro Edition Design softwarequartus_prime_pro
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21788
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 24.28%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-23 Jan, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) GPA software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-graphics_performance_analyzersIntel(R) GPA softwaregraphics_performance_analyzer
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21861
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.15% / 36.09%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-23 Jan, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-graphics_performance_analyzers_frameworkIntel(R) GPA Framework softwaregraphics_performance_analyzer
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21774
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 24.06%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-01 Aug, 2024 | 22:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Processor Identification Utility software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21772
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.09% / 25.08%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-27 Aug, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_base_toolkitadvisorIntel(R) Advisor softwareoneapi_base_toolkitadvisor
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-49158
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.89%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 18:42
Updated-09 Sep, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-apex_oneTrend Micro Apex One as a ServiceTrend Micro Apex One
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-23355
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.83%
||
7 Day CHG-0.01%
Published-01 Oct, 2025 | 21:19
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and denial of service.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-nsight_graphicswindowsNsight Graphics
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-48223
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.88%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 00:00
Updated-18 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory.

Action-Not Available
Vendor-gbgplcn/a
Product-acuant_acufill_sdkn/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-20627
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 2.14%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) oneAPI DPC++/C++ Compiler software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-20079
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 5.37%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 21:02
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) Advisor software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_base_toolkitadvisorIntel(R) Advisor software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-20106
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 0.26%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 16:25
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some software installer for some VTune(TM) Profiler software and Intel(R) oneAPI Base Toolkits before version 2025.0. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Action-Not Available
Vendor-n/a
Product-VTune(TM) Profiler software and Intel(R) oneAPI Base Toolkits
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-14596
Matching Score-4
Assigner-04c0172e-9735-4a9d-a92a-fe01fa863447
ShareView Details
Matching Score-4
Assigner-04c0172e-9735-4a9d-a92a-fe01fa863447
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 2.67%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 21:06
Updated-12 Jan, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quartus Prime Pro Edition Installer Advisory

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1.

Action-Not Available
Vendor-AlteraIntel CorporationMicrosoft Corporation
Product-quartus_primewindowsQuartus Prime Pro
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-13668
Matching Score-4
Assigner-04c0172e-9735-4a9d-a92a-fe01fa863447
ShareView Details
Matching Score-4
Assigner-04c0172e-9735-4a9d-a92a-fe01fa863447
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 4.19%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 22:02
Updated-12 Jan, 2026 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quartus Prime Pro Edition Advisory

A potential security vulnerability in Quartus® Prime Pro Edition Design Software may allow escalation of privilege.

Action-Not Available
Vendor-AlteraIntel CorporationMicrosoft Corporation
Product-quartus_primewindowsQuartus Prime Pro
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-13664
Matching Score-4
Assigner-04c0172e-9735-4a9d-a92a-fe01fa863447
ShareView Details
Matching Score-4
Assigner-04c0172e-9735-4a9d-a92a-fe01fa863447
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 4.19%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 20:55
Updated-12 Jan, 2026 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quartus Prime Standard Security Advisory

A potential security vulnerability in Quartus® Prime Standard Edition Design Software may allow escalation of privilege.

Action-Not Available
Vendor-AlteraIntel CorporationMicrosoft Corporation
Product-quartus_primewindowsQuartus Prime Standard
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-47800
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 5.37%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 21:03
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Graphics Driver software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-4936
Matching Score-4
Assigner-Synaptics, Inc.
ShareView Details
Matching Score-4
Assigner-Synaptics, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.38%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 17:00
Updated-17 Dec, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Synaptics-DisplayLink-privilege escalation vulnerability via a dynamic library sideloading

It is possible to sideload a compromised DLL during the installation at elevated privilege.

Action-Not Available
Vendor-synapticsSynaptics
Product-displaylinkDisplayLink USB Graphics Software for Windows
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-20017
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 2.14%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:57
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) oneAPI Toolkit and component software installers may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) oneAPI Toolkit and component software installers
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-49114
Matching Score-4
Assigner-SEC Consult Vulnerability Lab
ShareView Details
Matching Score-4
Assigner-SEC Consult Vulnerability Lab
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 17.13%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 12:19
Updated-25 Apr, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation via DLL Hijacking

A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met.

Action-Not Available
Vendor-hexagonQognifyqognify
Product-qognify_vms_client_viewerVMS Client Viewervms_client_viewer
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-41628
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 22.87%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windows_10_1511windows_10_1809windows_10_1803windows_10_21h1windows_10_21h2windows_10_1709windows_10_1507windows_10_2004nuc_p14e_laptop_elementwindows_10_1903windows_10_1909windows_10_22h2windows_10_20h2windows_10_1703windows_10_1607Intel(R) NUC P14E Laptop Element software for Windows 10
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-41314
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.47%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Network Adapter installer software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ethernet_network_controller_e810-cam1ethernet_network_adapter_e810-cqda1_for_ocp_3.0ethernet_network_adapter_e810-xxvda2_for_ocpethernet_network_adapter_e810-cqda1ethernet_network_controller_e810administrative_tools_for_intel_network_adaptersethernet_network_adapter_e810-cqda1_for_ocpethernet_controller_e810ethernet_network_adapter_e810-cqda2non-volatile_memory_update_utilityethernet_network_controller_e810-xxvam2ethernet_network_adapter_e810-xxvda2ethernet_network_adapter_e810-xxvda4ethernet_network_controller_e810-cam2ethernet_network_adapter_e810-xxvda2_for_ocp_3.0ethernet_network_adapter_e810-cqda2_for_ocp_3.0Intel(R) Network Adapter installer software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-41998
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 28.52%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-27 Jan, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-data_center_managerIntel(R) DCM software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-41693
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 22.87%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-27 Jan, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quartus_primeIntel(R) Quartus(R) Prime Pro edition software
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-41982
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 22.87%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-vtune_profilerIntel(R) VTune(TM) Profiler software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-40746
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.19% / 40.56%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 17:53
Updated-24 Apr, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-i_access_client_solutionswindowsi
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-45743
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.17% / 38.57%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-28 Jan, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) DSA software uninstallers before version 23.4.39.10 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-driver_\&_support_assistantIntel(R) DSA software uninstallersdsa_software_uninstallers
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21831
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.15% / 36.09%
||
7 Day CHG-0.50%
Published-16 May, 2024 | 20:47
Updated-27 Aug, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Processor Diagnostic Tool software before version 4.1.9.41 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-processor_diagnostic_toolIntel(R) Processor Diagnostic Tool softwareprocessor_diagnostic_tool
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-21862
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.21% / 43.22%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-28 Jan, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quartus_primeIntel(R) Quartus(R) Prime Standard Edition Design softwarequartus_prime_standard_edition_design_software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-41091
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.14% / 34.73%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-24 Oct, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) MPI Library Software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-mpi_libraryIntel(R) MPI Library Software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-39932
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 28.64%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-24 Oct, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow a privillaged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-system_usage_report_for_gameplayIntel(R) SUR for Gameplay Softwaresystem_usage_report
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-39929
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.60%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-06 Sep, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Libva software maintained by Intel(R) before version 2.20.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Libva software maintained by Intel(R)libva
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-40155
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.42%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-02 Aug, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) CST softwarecontext_sensing_technology
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-39254
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.28%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 12:43
Updated-31 Jan, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin.

Action-Not Available
Vendor-Dell Inc.
Product-update_package_frameworkDUP Frameworkupdate_package_framework
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-38566
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.14% / 34.73%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-24 Oct, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) ISPC software before version 1.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-implicit_spmd_program_compilerIntel(R) ISPC softwareispc
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-37340
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.47%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quickassist_technologyIntel(R) QAT drivers for Windows
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-37329
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.21% / 42.58%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-fpga_software_development_kitquartus_primeIntel(R) Quartus(R) Prime Pro and Standard Edition software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-38136
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.55%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 18:58
Updated-27 Jan, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler for Windows and Intel Fortran Compiler for Windows before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_dpc\+\+\/c\+\+_compilerIntel(R) oneAPI DPC++/C++ Compiler for Windows and Intel® Fortran Compiler for Windows before version 2022.2.1 for some Intel(R) oneAPI Toolkits
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-38101
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 22.87%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-24 Jan, 2025 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-iflashvnuc_board_nuc8cchbnuc_8_rugged_kit_nuc8cchkrIntel(R) NUC Chaco Canyon BIOS update software
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-36398
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.15% / 35.73%
||
7 Day CHG+0.02%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-battery_life_diagnostic_toolIntel(R) Battery Life Diagnostic Tool software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-36380
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.47%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:49
Updated-04 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_kit_nuc5ppyhnuc_kit_nuc6caysnuc_kit_wireless_adapter_driver_installernuc_kit_nuc5pgyhnuc_kit_nuc6cayhnuc_board_nuc8cchbnuc_8_rugged_kit_nuc8cchkrIntel(r) NUC Kit Wireless Adapter drivers for Windows 10
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-34755
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 23.29%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 19:50
Updated-03 Mar, 2025 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-427 - Uncontrolled Search Path Element vulnerability exists that could allow an attacker with a local privileged account to place a specially crafted file on the target machine, which may give the attacker the ability to execute arbitrary code during the installation process initiated by a valid user. Affected Products: Easergy Builder Installer (1.7.23 and prior)

Action-Not Available
Vendor-Schneider Electric SE
Product-easergy_builder_installerEasergy Builder Installer
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-34848
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 22.87%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_pro_software_suiteIntel(R) NUC Pro Software Suite
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-32576
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 22.87%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-24 Jan, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the Intel(R) Unite(R) Plugin SDK before version 4.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-uniteIntel(R) Unite(R) Plugin SDK
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-30548
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.47%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:48
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-glorpIntel(R) Glorp software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-55955
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.20%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 16:19
Updated-09 Sep, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-deep_security_agentwindowsTrend Micro Deep Security
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-28247
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-6.7||MEDIUM
EPSS-0.31% / 53.84%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 17:42
Updated-16 Sep, 2024 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Uninstaller Hard Link Leads To Remote Code Execution

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation. Exploitation of this issue requires user interaction in that a victim must run the uninstaller with Admin privileges.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-427
Uncontrolled Search Path Element
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found