Amazon Linux 2 : openssl-snapsafe (ALASOPENSSL-SNAPSAFE-2023-001)

The version of openssl-snapsafe installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2OPENSSL-SNAPSAFE-2023-001 advisory. A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script...

EulerOS Virtualization 2.10.1 : openssl (EulerOS-SA-2022-2895)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script...

EulerOS 2.0 SP3 : openssl (EulerOS-SA-2022-2629)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating...

Huawei EulerOS: Security Advisory for compat-openssl (EulerOS-SA-2022-2548)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2022-2432)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properl...

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2022-2419)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properl...

EulerOS 2.0 SP9 : openssl (EulerOS-SA-2022-2300)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properl...

Huawei EulerOS: Security Advisory for compat-openssl (EulerOS-SA-2022-2215)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : compat-openssl (EulerOS-SA-2022-2215)

According to the versions of the compat-openssl package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not...

Amazon Linux 2 : openssl (ALAS-2022-1831)

The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1831 advisory. A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed...

Amazon Linux 2 : openssl11 (ALAS-2022-1832)

The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1832 advisory. A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passe...

Amazon Linux AMI : openssl (ALAS-2022-1626)

The version of openssl installed on the remote host is prior to 1.0.2k-16.159. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1626 advisory. A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly pass...

Ubuntu 16.04 ESM : OpenSSL vulnerability (USN-5488-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5488-2 advisory. USN-5488-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for Ubuntu 16.04 ESM. Tenable has extracted the preceding description...

SUSE SLES12 Security Update : openssl (SUSE-SU-2022:2180-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2180-1 advisory. - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not...

SUSE SLES15 Security Update : openssl (SUSE-SU-2022:2179-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2179-1 advisory. - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not...

Vulnerability fixed in OpenSSL

A vulnerability has been fixed in OpenSSL. The vulnerability is located in the cvrehash script and is caused by the fact that shell meta-characters being insufficiently removed from user input. removed. On some operating systems, the vulnerable script is is executed automatically. On such systems...

CVE-2022-2068

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

Command injection

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

CVE-2022-2068

The Connected documents corroborate CVE-2022-2068 as a real OpenSSL issue: c_rehash can pass certificate filenames to shell commands, enabling local command execution. Fixed in OpenSSL 3.0.4 (affecting 3.0.0–3.0.3), in OpenSSL 1.1.1p (affecting 1.1.1–1.1.1o), and in OpenSSL 1.0.2zf (affecting 1.0...

CVE-2022-2068

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...