K000148607: OpenSSL vulnerability CVE-2022-1292

Security Advisory Description The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary comman...

K00053434: OPENSSL_LH_flush() function vulnerability CVE-2022-1473

Security Advisory Description The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or...

SUSE CVE-2022-1473

The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-1281)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Vulnerability (NS-SA-2022-0079)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by a vulnerability: - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a...

Amazon Linux 2022 : openssl1.1 (ALAS2022-2022-105)

The version of openssl1.1 installed on the remote host is prior to 1.1.1l-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-105 advisory. The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed b...

Amazon Linux 2 : openssl11 (ALAS-2022-1815)

The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1815 advisory. The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by...

EulerOS 2.0 SP9 : openssl (EulerOS-SA-2022-2007)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating...

SUSE SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2022:2321-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2321-1 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by so...

Medium: openssl

Issue Overview: The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the...

Slackware Linux 14.2 openssl Multiple Vulnerabilities (SSA:2022-179-03)

The version of openssl installed on the remote host is prior to 1.0.2u. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-179-03 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distribut...

EulerOS 2.0 SP8 : compat-openssl10 (EulerOS-SA-2022-1924)

According to the versions of the compat-openssl10 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2022-1943)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : openssl (EulerOS-SA-2022-1943)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating...

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2022:2068-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2068-1 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some...

Exploit for OS Command Injection in Siemens Brownfield_Connectivity_Gateway

PoC exploit for CVE-2022-1292, an OpenSSL crehash vulnerability...

Debian DSA-5139-1 : openssl - security update

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5139 advisory. Elison Niven discovered that the crehash script included in OpenSSL did not sanitise shell meta characters which could result in the execution of arbitrary commands...

GHSA-G323-FR93-4J3C Resource leakage when decoding certificates and keys

The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will...

Resource leakage when decoding certificates and keys

The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will...

Slackware Linux 14.2 / 15.0 / current openssl Vulnerability (SSA:2022-124-02)

The version of openssl installed on the remote host is prior to 1.0.2u / 1.1.1o. It is, therefore, affected by a vulnerability as referenced in the SSA:2022-124-02 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distribut...