JLSEC-2026-229 In addition to the c_rehash shell command injection identified in CVE-2022-1292, further...

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

Alibaba Cloud Linux 3 : 0148: openssl (ALINUX3-SA-2022:0148)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0148 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-1292: The crehash script does not...

Siemens SIMATIC and RUGGEDCOM Devices Linux Kernel Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CVE-2022-2068)

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

Azure Linux 3.0 Security Update: edk2 / hvloader / openssl (CVE-2022-1292)

The version of edk2 / hvloader / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1292 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command...

K000148607: OpenSSL vulnerability CVE-2022-1292

Security Advisory Description The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary comman...

RHEL 8 : Satellite 6.12.5.2 Async Security Update (Important) (RHSA-2023:5979)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5979 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

RHEL 7 / 8 : Satellite 6.11.5.6 async (RHSA-2023:5980)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5980 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessit...

Ubuntu 22.04 LTS : Node.js vulnerabilities (USN-6457-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6457-1 advisory. Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.1 release and security update

An update is now available for Red Hat JBoss Web Server 5.7.1 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

openssl: the c_rehash script allows command injection

A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically...

NewStart CGSL MAIN 6.02 : openssl Vulnerability (NS-SA-2022-0100)

The remote NewStart CGSL host, running version MAIN 6.02, has openssl packages installed that are affected by a vulnerability: - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where ...

EulerOS 2.0 SP3 : openssl (EulerOS-SA-2022-2629)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating...

EulerOS Virtualization 2.9.0 : openssl (EulerOS-SA-2022-2396)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by...

OESA-2022-1951 linux-sgx security update

IntelR Software Guard Extensions IntelR SGX is an Intel technology for application developers seeking to protect select code and data from disclosure or modification. Security Fixes: The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is...

Amazon Linux 2022 : openssl1.1 (ALAS2022-2022-105)

The version of openssl1.1 installed on the remote host is prior to 1.1.1l-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-105 advisory. The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed b...

(CVE-2022-1292) - The c_rehash script allows command injection. (BSA-2022-1846)

Security Advisory ID: BSA-2022-1846 Component: OpenSSL Revision: 2.0 The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an...

Medium: openssl11

Issue Overview: A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it ...

openssl security update

1:1.1.1k-7 - Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 - Update expired certificates used in the testsuite Resolves: rhbz2100554 - Fix CVE-2022-1292: openssl: crehash script allows command injection Resolves: rhbz2090371 - Fix CVE-2022-2068: the...

Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: crehash script allows command injection CVE-2022-1292 openssl: the crehash script allows command...

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2022-2143)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating...