3 matches found
CVE-2022-4991 Tychon is vulnerable to privilege escalation due to OPENSSLDIR location
Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an...
Zabbix Agent Binaries Path Abuse Scanner
This scanner performs automated static analysis of Zabbix Agent binaries to detect hardcoded OpenSSL configuration paths that may enable provider or engine abuse. It identifies embedded OPENSSLDIR, ENGINESDIR, and MODULESDIR values, extracts OpenSSL version information, and checks for dynamic...
The vulnerability in the Splunk Web interface of the Splunk Enterprise operating system’s operational analysis platform allows a perpetrator to execute arbitrary code and gain increased privileges.
The vulnerability in the Splunk Web interface of the Splunk Enterprise operating system’s operational analysis platform is related to an incorrect initialization of resources when processing the OPENSSLDIR value. Exploiting this vulnerability allows an attacker to execute arbitrary code and gain...