SUSE SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2022:2321-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2321-1 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by so...

SUSE SLES15 Security Update : openssl (SUSE-SU-2022:2309-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2309-1 advisory. - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script do...

SUSE SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2022:2197-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2197-1 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by so...

Slackware Linux 14.2 openssl Multiple Vulnerabilities (SSA:2022-179-03)

The version of openssl installed on the remote host is prior to 1.0.2u. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-179-03 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distribut...

SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2022:2182-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2182-1 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by so...

SUSE SLES12 Security Update : openssl (SUSE-SU-2022:2180-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2180-1 advisory. - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not...

SUSE SLES15 Security Update : openssl (SUSE-SU-2022:2179-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2179-1 advisory. - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not...

FreeBSD : OpenSSL -- Command injection vulnerability (4eeb93bf-f204-11ec-8fbd-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4eeb93bf-f204-11ec-8fbd-d4c9ef517024 advisory. - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances...

CVE-2022-2068

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

CVE-2022-2068

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

CVE-2022-2068

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

CVE-2022-2068

The Connected documents corroborate CVE-2022-2068 as a real OpenSSL issue: c_rehash can pass certificate filenames to shell commands, enabling local command execution. Fixed in OpenSSL 3.0.4 (affecting 3.0.0–3.0.3), in OpenSSL 1.1.1p (affecting 1.1.1–1.1.1o), and in OpenSSL 1.0.2zf (affecting 1.0...

OpenSSL 1.1.1 < 1.1.1p Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.1.1p. It is, therefore, affected by a vulnerability as referenced in the 1.1.1p advisory. - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not...

Vulnerability in OpenSSL - The c_rehash script allows command injection

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

CVE-2022-2068

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : OpenSSL vulnerability (USN-5488-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5488-1 advisory. Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the crehash script. A local attacker could possibly use this issue to...

Denial Of Service (DoS)

busybox is vulnerable denial of service. The vulnerability exists due to a pointer free in Busybox's hush applet when processing a crafted shell command...

Open redirect

Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially...

CVE-2017-14476

In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Solaris, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

GHSA-97GM-MCV6-CPHM Shell command injection in Liferay Portal

Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template...