SUSE SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2022:2321-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2321-1 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by so...

SUSE SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2022:2197-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2197-1 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by so...

Slackware Linux 14.2 openssl Multiple Vulnerabilities (SSA:2022-179-03)

The version of openssl installed on the remote host is prior to 1.0.2u. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-179-03 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distribut...

SUSE SLES12 Security Update : openssl (SUSE-SU-2022:2180-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2180-1 advisory. - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not...

SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2022:2182-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2182-1 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by so...

SUSE SLES15 Security Update : openssl (SUSE-SU-2022:2179-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2179-1 advisory. - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not...

FreeBSD : OpenSSL -- Command injection vulnerability (4eeb93bf-f204-11ec-8fbd-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4eeb93bf-f204-11ec-8fbd-d4c9ef517024 advisory. - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances...

CVE-2022-2068

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

CVE-2022-2068

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

CVE-2022-2068

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

CVE-2022-2068

The Connected documents corroborate CVE-2022-2068 as a real OpenSSL issue: c_rehash can pass certificate filenames to shell commands, enabling local command execution. Fixed in OpenSSL 3.0.4 (affecting 3.0.0–3.0.3), in OpenSSL 1.1.1p (affecting 1.1.1–1.1.1o), and in OpenSSL 1.0.2zf (affecting 1.0...

CVE-2022-2068

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

OpenSSL 1.1.1 < 1.1.1p Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.1.1p. It is, therefore, affected by a vulnerability as referenced in the 1.1.1p advisory. - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : OpenSSL vulnerability (USN-5488-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5488-1 advisory. Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the crehash script. A local attacker could possibly use this issue to...

CVE-2017-14476

In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Solaris, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

GHSA-97GM-MCV6-CPHM Shell command injection in Liferay Portal

Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template...

Shell command injection in gitea

Gitea before 1.16.7 does not escape the shell out for git fetch remote allowing for shell command injection...

GHSA-P5F9-C9J9-G8QX Shell command injection in gitea

Gitea before 1.16.7 does not escape the shell out for git fetch remote allowing for shell command injection...

NewStart CGSL CORE 5.05 / MAIN 5.05 : sssd Vulnerability (NS-SA-2022-0044)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has sssd packages installed that are affected by a vulnerability: - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire subcommands. This flaw allows...

NewStart CGSL CORE 5.04 / MAIN 5.04 : sssd Vulnerability (NS-SA-2022-0013)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has sssd packages installed that are affected by a vulnerability: - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire subcommands. This flaw allows...