8 matches found
JLSEC-2026-229 In addition to the c_rehash shell command injection identified in CVE-2022-1292, further...
In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...
TencentOS Server 2: openssl (TSSA-2025:0549)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0549 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...
CLSA-2024-1719925589 openssl: Fix of 2 CVEs
CVE-2022-1292: crehash: Do not use shell to invoke openssl to prevent command injection - CVE-2022-2068: crehash: Fix file operations to prevent command injection - Update expired smime certificates - Add testing using old certificates sha1 to have both types of certificates sha1, sha256 checked...
OESA-2022-1737 openssl security update
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not...
AZL-9967 CVE-2022-2068 affecting package openssl for versions less than 1.1.1k-17
In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...
UBUNTU-CVE-2022-2068
In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...
OESA-2022-1673 openssl security update
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operati...
ALPINE-CVE-2022-1292
The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the...