Lucene search
K

165 matches found

Rosalinux
Rosalinux
added 2025/02/24 12:28 p.m.14 views

Advisory ROSA-SA-2025-2715

Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1.1k-12.0.1 CVE-ID: CVE-2022-1292 BDU-ID: 2022-03181 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the OpenSSL library's crehash script implementation is related to failure to take measures to neutralize shell...

10CVSS8.1AI score0.95764EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.9 views

Azure Linux 3.0 Security Update: edk2 / hvloader / openssl (CVE-2022-1292)

The version of edk2 / hvloader / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1292 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command...

10CVSS7.2AI score0.83223EPSS
Exploits5References2
Oracle linux
Oracle linux
added 2024/11/22 12:0 a.m.55 views

edk2 security update

Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...

7.5CVSS7.4AI score0.95764EPSS
Exploits28
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.12 views

Fedora 37 : openssl1.1 (2022-412d83c1f9)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-412d83c1f9 advisory. Automatic update for openssl1.1-1.1.1o-1.fc37. Changelog Mon Jun 13 2022 Clemens Lang - 1:1.1.1o-1 - Upgrade to 1.1.1o Resolves: CVE-2022-1292 Related:...

10CVSS6.7AI score0.83223EPSS
Exploits5References2
OpenVAS
OpenVAS
added 2024/09/18 12:0 a.m.22 views

Ubuntu: Security Advisory (USN-7018-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.7AI score0.95764EPSS
Exploits6References2
CBLMariner
CBLMariner
added 2024/06/21 9:32 a.m.26 views

CVE-2022-1292 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

CVE-2022-1292 affecting package edk2 for versions less than 20240223gitedc6681206c1-1. A patched version of the package is available...

10CVSS10AI score0.83223EPSS
Exploits5
CBLMariner
CBLMariner
added 2024/06/21 9:32 a.m.21 views

CVE-2022-1292 affecting package hvloader for versions less than 1.0.1-2

CVE-2022-1292 affecting package hvloader for versions less than 1.0.1-2. An upgraded version of the package is available that resolves this issue...

10CVSS7.2AI score0.83223EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.56 views

RHEL 8 : Satellite 6.14 (RHSA-2023:6818)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6818 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring...

10CVSS8AI score0.99999EPSS
Exploits30References321
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.91 views

RHEL 6 / 7 / 8 / 9 : Red Hat Satellite Client (RHSA-2023:5982)

The remote Redhat Enterprise Linux 6 / 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5982 advisory. Security Fixes: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 HTTP/2...

10CVSS7.5AI score0.99999EPSS
Exploits25References16
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.50 views

RHEL 7 / 8 : Satellite 6.11.5.6 async (RHSA-2023:5980)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5980 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessit...

10CVSS7.8AI score0.99999EPSS
Exploits25References20
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.21 views

openSUSE: Security Advisory for openssl (SUSE-SU-2022:2251-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.4AI score0.95764EPSS
Exploits6References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/05 6:51 p.m.75 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data has migrated to a new base image for the Operators used by our Speech Services. The following vulnerabilities...

10CVSS9.5AI score0.99999EPSS
Exploits25Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/12/27 12:0 a.m.46 views

NewStart CGSL MAIN 6.02 : openssl Multiple Vulnerabilities (NS-SA-2023-0074)

The remote NewStart CGSL host, running version MAIN 6.02, has openssl packages installed that are affected by multiple vulnerabilities: - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell...

10CVSS7.4AI score0.95764EPSS
Exploits6References5
Oracle linux
Oracle linux
added 2023/12/07 12:0 a.m.61 views

edk2 security update

20230821 - Create new 20230821 release for OL7 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450...

10CVSS7.9AI score0.95764EPSS
Exploits18
Oracle linux
Oracle linux
added 2023/12/07 12:0 a.m.61 views

edk2 security update

20230821 - Create new 20230821 release for OL9 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450...

10CVSS7.9AI score0.95764EPSS
Exploits18
RedHat Linux
RedHat Linux
added 2023/11/08 2:26 p.m.9 views

openssl: the c_rehash script allows command injection

A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically...

10CVSS7AI score0.95764EPSS
Exploits6References5
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.55 views

Rocky Linux 8 : openssl (RLSA-2022:5818)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5818 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems ...

10CVSS7.4AI score0.95764EPSS
Exploits6References8
OpenVAS
OpenVAS
added 2023/10/31 12:0 a.m.31 views

Ubuntu: Security Advisory (USN-6457-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.8AI score0.95764EPSS
Exploits8References2
Ubuntu
Ubuntu
added 2023/10/30 10:6 a.m.102 views

USN-6457-1: Node.js vulnerabilities

Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. CVE-2022-0778 Elison Niven discovered that Node.js...

10CVSS7AI score0.95764EPSS
Exploits8
RedHat Linux
RedHat Linux
added 2023/10/20 10:28 p.m.5 views

openssl: the c_rehash script allows command injection

A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically...

10CVSS7AI score0.95764EPSS
Exploits6References5
Rows per page
Query Builder