CVE-2022-4991

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an...

CVE-2022-4991

The CVE-2022-4991 issue affects Tychon on Windows where an OpenSSL OPENSSLDIR subdirectory can be controlled by an unprivileged user. A privileged service in Tychon uses this OpenSSL component, and a user who can place a crafted openssl.cnf at a specific path may execute arbitrary code with SYSTE...

PT-2026-45443

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an...

Tychon security vulnerabilities

Tychon is a terminal security analysis and management platform developed by the American company Tychon. There is a security vulnerability in Tychon, which stems from the OPENSSLDIR variable in the OpenSSL component potentially being controlled by non-privileged users. This vulnerability could...

PT-2024-15524 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: Rapid7 Minerva Armor versions prior to 4.5.5 Description: The issue is a privilege escalation vulnerability that allows an authenticated attacker to elevate privileges and execute arbitrary code with SYSTEM privilege. This is caused by the...

Splunk 代码问题漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze data and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

PT-2023-4799 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.2.12 Splunk Enterprise versions prior to 9.0.6 Splunk Enterprise versions prior to 9.1.1 Description: The issue is related to the incorrect initialization of a resource when handling the OPENSSLDIR value ...

CVE-2022-0166

A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary cod...

CVE-2020-10143

Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate...

EulerOS Virtualization 3.0.2.2 : openssl (EulerOS-SA-2020-1444)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for...

BSA-2019-842

Security Advisory ID : BSA-2019-842 Component : OpenSSL Revision : 1.0: Initial OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is...