Astra Linux - уязвимость в openssl

The crehash script does not properly sanitize shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner that it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the...

Astra Linux - уязвимость в openssl

In addition to the crehash shell command injection identified in CVE-2022-1292, further instances where the crehash script fails to properly sanitize shell metacharacters to prevent command injection were discovered during code reviews. When CVE-2022-1292 was fixed, it wasn’t recognized that ther...

JLSEC-2026-229 In addition to the c_rehash shell command injection identified in CVE-2022-1292, further...

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

MiracleLinux 9 : openssl-3.0.1-41.el9 (AXSA:2022-3964:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3964:07 advisory. openssl: crehash script allows command injection CVE-2022-1292 openssl: Signer certificate verification returns inaccurate response when using...

MiracleLinux 8 : openssl-1.1.1k-7.el8 (AXSA:2022-3703:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3703:05 advisory. openssl: crehash script allows command injection CVE-2022-1292 openssl: the crehash script allows command injection CVE-2022-2068 openssl: AES OCB...

Linux Distros Unpatched Vulnerability : CVE-2022-2068

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell...

TencentOS Server 2: openssl (TSSA-2025:0549)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0549 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

Linux Distros Unpatched Vulnerability : CVE-2022-1292

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manne...

Alibaba Cloud Linux 3 : 0148: openssl (ALINUX3-SA-2022:0148)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0148 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-1292: The crehash script does not...

Siemens SIMATIC and RUGGEDCOM Devices Linux Kernel Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CVE-2022-2068)

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

Azure Linux 3.0 Security Update: edk2 / hvloader / openssl (CVE-2022-1292)

The version of edk2 / hvloader / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1292 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command...

K000148607: OpenSSL vulnerability CVE-2022-1292

Security Advisory Description The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary comman...

RHEL 8 : Satellite 6.12.5.2 Async Security Update (Important) (RHSA-2023:5979)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5979 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

RHEL 7 / 8 : Satellite 6.11.5.6 async (RHSA-2023:5980)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5980 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessit...

openssl: the c_rehash script allows command injection

A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically...

openssl: c_rehash script allows command injection

A flaw was found in OpenSSL. The crehash script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileg...

Ubuntu 22.04 LTS : Node.js vulnerabilities (USN-6457-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6457-1 advisory. Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted...

openssl: the c_rehash script allows command injection

A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically...

Important: Red Hat Security Advisory: Red Hat Satellite Client security and bug fix update

An update for foremanyggworker, puppet-agent, qpid-proton, and yggdrasil is now available for Satellite Client 6 for RHEL 6, Satellite Client 6 for RHEL 7, Satellite Client 6 for RHEL 8, and Satellite Client 6 for RHEL 9. Red Hat Product Security has rated this update as having a security impact ...

openssl: c_rehash script allows command injection

A flaw was found in OpenSSL. The crehash script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileg...