6 matches found
openssl: the c_rehash script allows command injection
A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically...
OESA-2022-1898 intel-sgx-ssl security update
The Intel® Software Guard Extensions SSL Intel® SGX SSL cryptographic library is intended to provide cryptographic services for Intel® Software Guard Extensions SGX enclave applications. The Intel® SGX SSL cryptographic library is based on the underlying OpenSSL Open Source project, providing a...
CLSA-2022-1657814965 Fix CVE(s): CVE-2022-1473, CVE-2022-1292, CVE-2022-2068
SECURITY REGRESSION: Invalid fix for CVE-2022-1473 - debian/patches/CVE-2022-1473.patch: removing unnecessary patch since this version is actually not affected SECURITY UPDATE: crehash script allows command injection - debian/patches/CVE-2022-1292.patch: switch to upstream patch, and apply it...
CLSA-2022-1654011190 Fix CVE(s): CVE-2022-1473, CVE-2022-1292
SECURITY UPDATE: Improper Neutralization - debian/patches/CVE-2022-1292.patch: restrict using shell to invoke openssl due to possible privilege escalation - debian/patches/CVE-2022-1473.patch: fix bug OPENSSLLHflush memory releasing leading to DoS - CVE-2022-1292 - CVE-2022-1473...
Exploit for OS Command Injection in Siemens Brownfield_Connectivity_Gateway
CVE-2022-1292 bash chack...
CVE-2022-1292
creationtimestamp| type| source ---|---|--- 2022-05-03 20:33:53+00:00| seen| https://t.me/cibsecurity/41824 2022-05-24 09:55:00+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/2279 2022-05-25 13:13:47+00:00| published-proof-of-concept|...