10 matches found
CVE-2025-68118
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.0, a vulnerability exists in FreeRDP’s certificate handling code on Windows platforms. The function freerdpcertificatedatahash uses the Microsoft-specific snprintf function to format certificate cache filenames...
openssl: the c_rehash script allows command injection
A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically...
Amazon Linux AMI : openssl (ALAS-2022-1626)
The version of openssl installed on the remote host is prior to 1.0.2k-16.159. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1626 advisory. A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly pass...
openssl: the c_rehash script allows command injection
A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically...
OESA-2022-1737 openssl security update
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not...
Ubuntu 16.04 ESM : OpenSSL vulnerability (USN-5488-2)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5488-2 advisory. USN-5488-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for Ubuntu 16.04 ESM. Tenable has extracted the preceding description...
AZL-9967 CVE-2022-2068 affecting package openssl for versions less than 1.1.1k-17
In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...
Vulnerability in OpenSSL - The c_rehash script allows command injection
In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...
openssl: NULL pointer dereference in X509_issuer_and_serial_hash()
The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field which might occur if the...
SUSE-SU-2017:2968-1 Security update for openssl1
This update for openssl1 fixes the following issues: Security issues fixed: - CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read bsc1056058 - adjust DEFAULTSUSE to meet 1.0.2 and current state bsc1027908 - out of bounds read+crash in DESfcrypt bsc1065363 - DEFAULTSUSE cipher list ...