CVE-2023-40596

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-665
View all →

Vulnerability Description

In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.

Related Vulnerabilities

CVE-2001-1471

HIGH
CVSS:8.8(High)

prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $...

CWE-6652001

CVE-2008-3637

HIGH
CVSS:8.8(High)

The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code...

CWE-6652008

CVE-2018-10484

HIGH
CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the tar...

CWE-6652018

CVE-2018-14282

HIGH
CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the targ...

CWE-6652018

CVE-2019-20063

HIGH
CVSS:8.8(High)

hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json.

CWE-6652019

CVE-2021-44169

HIGH
CVSS:8.8(High)

A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative p...

CWE-6652021