| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the program. |
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK
installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. |
| A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1.22 can lead to a local user gaining system level privileges, if the installer is run as SYSTEM. |
| Uncontrolled search path in some software installer for some VTune(TM) Profiler software and Intel(R) oneAPI Base Toolkits before version 2025.0. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |
| Uncontrolled search path in some Intel(R) oneAPI DPC++/C++ Compiler before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL. |
| Uncontrolled Search Path Element vulnerability in Yandex Disk on MacOS allows Search Order Hijacking.This issue affects Disk: before 3.2.45.3275. |
| A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. |
| A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. |
| Uncontrolled search path for some Intel(R) RealSense(TM) Dynamic Calibrator software before version 2.14.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Installer of
Panasonic
AutoDownloader
version 1.2.8
contains an issue with the DLL search path, which may lead to loading
a crafted DLL file in the same directory. |
| Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. |
| Uncontrolled search path for the Intel(R) System Support Utility before version 4.1.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a high complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires passive user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |
| Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK
installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. |
| Uncontrolled search path for the Intel(R) RealSense D400 Series Universal Windows Platform (UWP) Driver for Windows(R) 10 all versions may allow an authenticated user to potentially enable escalation of privilege via local access. |
| SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execute commands as being part of SAP Product Lifecycle Costing Client Application. On a successful attack, it can cause a low impact to confidentiality but no impact to the integrity and availability of the application. |
| Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Uncontrolled search path for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Uncontrolled search path for some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. |