CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,172 vulnerabilities with CWE-427
CVE-2022-47636 HIGH
OutSystems Service Studio 11 11.53.30 - Uncontrolled Search Path Element via .oml File Handling
CVSS 7.8
CVE-2022-43703 HIGH
ARM Development Studio 5.0.0-5.29.3 - Uncontrolled Search Path Element
CVSS 7.8
CVE-2022-43474 MEDIUM
Intel(R) FPGAs Pro Edition <22.4 - Privilege Escalation
CVSS 6.7
CVE-2022-41998 MEDIUM
Intel Data Center Manager < 5.1 - Authenticated Privilege Escalation via Uncontrolled Search Path
CVSS 6.7
CVE-2022-41982 MEDIUM
Intel VTune Profiler < 2023.0 - Authenticated Privilege Escalation via Uncontrolled Search Path
CVSS 6.7
CVE-2022-41693 MEDIUM
Intel(R) Quartus(R) Prime Pro <22.3 - Privilege Escalation
CVSS 6.7
CVE-2022-41628 MEDIUM
Intel(R) NUC P14E Laptop Element <1.1.44 - Privilege Escalation
CVSS 6.7
CVE-2022-38101 MEDIUM
Intel(R) NUC Chaco Canyon BIOS <iFlashV Windows 5.13.00.2105 - Priv...
CVSS 6.7
CVE-2022-34848 MEDIUM
Intel NUC Pro Software Suite < 2.0.0.3 - Authenticated Privilege Escalation via Unquoted Search Path
CVSS 6.7
CVE-2022-32576 MEDIUM
Intel Unite < 4.2 - Authenticated Privilege Escalation via Uncontrolled Search Path
CVSS 6.7
CVE-2022-27180 MEDIUM
Intel MacCPUID < 3.2 - Authenticated Privilege Escalation via Uncontrolled Search Path
CVSS 4.2
CVE-2022-21162 MEDIUM
Intel NUC HDMI Firmware Update Tool < 1.79.1.1 - Authenticated Privilege Escalation via Uncontrolled Search Path
CVSS 6.7
CVE-2022-34755 MEDIUM
Easergy Builder Installer < 1.7.23 - Uncontrolled Search Path Element
CVSS 6.3
CVE-2022-48224 HIGH
Acuant AcuFill SDK < 10.22.02.03 - Uncontrolled Search Path Element via Insecure Directory Permissions
CVSS 7.3
CVE-2022-48223 MEDIUM
Acuant AcuFill SDK < 10.22.02.03 - DLL Hijacking via Insecure Certutil.exe Call
CVSS 6.7
CVE-2022-48222 HIGH
Acuant AcuFill SDK < 10.22.02.03 - Privilege Escalation via Certutil Command Injection
CVSS 7.8
CVE-2022-48225 HIGH
Acuant AcuFill SDK < 10.22.02.03 - DLL Hijacking via Gemalto Document Reader Installation
CVSS 7.3
CVE-2022-28688 HIGH
AVEVA Edge 2020 SP2 Patch 4201.2111.1802.0000 - RCE
CVSS 7.8
CVE-2022-28687 HIGH
AVEVA Edge 2020 SP2 Patch 4201.2111.1802.0000 - RCE
CVSS 7.8
CVE-2022-28686 HIGH
AVEVA Edge 2020 SP2 Patch 4201.2111.1802.0000 - RCE
CVSS 7.8
CVE-2022-38745 HIGH
Apache OpenOffice <4.1.14 - Code Injection
CVSS 7.8
CVE-2022-48422 HIGH
ONLYOFFICE Docs < 7.3.0 - Privilege Escalation via Trojan Horse libgcc_s.so.1
CVSS 7.8
CVE-2022-4313 HIGH
Nessus < 10.4.2 - Authenticated Remote Code Execution via Scan Variable Manipulation
CVSS 8.8
CVE-2022-32972 HIGH
Infoblox BloxOne Endpoint <2.2.7 - Code Injection
CVSS 7.8
CVE-2022-41314 MEDIUM
Intel(R) Network Adapter - Privilege Escalation
CVSS 6.7
Details
Vulnerabilities 1,172
Links
MITRE CWE Entry Search this CWE With Exploits