Lucene search
K

4773 matches found

CVE
CVE
added 2015/03/18 4:0 p.m.111 views

CVE-2014-8169

CVE-2014-8169 affects the autofs (automounter) component: when a program map uses interpreted languages, it can cause the interpreter to inherit the calling user’s USER and HOME environment variables, enabling local privilege escalation. The issue has been addressed across multiple distributions:...

4.4CVSS6.3AI score0.00335EPSS
Exploits0References7Affected Software4
Cvelist
Cvelist
added 2015/03/18 4:0 p.m.20 views

CVE-2014-8169

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home...

6.1AI score0.00335EPSS
Exploits0References7
OSV
OSV
added 2015/03/18 12:0 a.m.4 views

UBUNTU-CVE-2014-8169

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home...

4.4CVSS5.8AI score0.00335EPSS
Exploits0References3
OSV
OSV
added 2015/02/27 12:0 a.m.27 views

DLA-160-1 sudo - security update

Bulletin has no description...

6.6CVSS4.4AI score0.0047EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2015/01/26 12:0 a.m.27 views

openSUSE Security Update : dbus-1 (openSUSE-SU-2015:0111-1)

This update fixes the following security issues : - CVE-2014-8148 : - Do not allow calls to UpdateActivationEnvironment from uids other than the uid of the dbus-daemon. If a system service installs unsafe security policy rules that allow arbitrary method calls such as CVE-2014-8148 then this...

7.2CVSS7AI score0.04514EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2015/01/19 12:0 a.m.28 views

Oracle Solaris Third-Party Patch Update : libdbus (cve_2012_3524_permissions_privileges)

The remote Solaris system is missing necessary patches to address security updates : - libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS...

6.9CVSS7.5AI score0.04514EPSS
Exploits4References3
Packet Storm
Packet Storm
added 2015/01/09 12:0 a.m.23 views

Ntpdc 4.2.6p3 Buffer Overflow

from os import system, environ from struct import pack import sys ntpdc 4.2.6p3 bof @dronesec tested on x86 Ubuntu 12.04.5 LTS IMAGEBASE = 0x80000000 LDINITIALOFFSET = 8900 LDTAILOFFSET = 1400 sploit = "\x41" 485 junk sploit += pack"&1" % sploit...

1.3AI score
Exploits0
Saint
Saint
added 2014/11/20 12:0 a.m.117 views

ShellShock DHCP Server

Added: 11/20/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background Bash is vulnerable to command injection using environment variables. When an application takes user input and uses setenv a malicious actor is able to execute commands on the target in the security context of the running...

10CVSS10AI score0.99999EPSS
Exploits130
Saint
Saint
added 2014/11/20 12:0 a.m.119 views

ShellShock DHCP Server

Added: 11/20/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background Bash is vulnerable to command injection using environment variables. When an application takes user input and uses setenv a malicious actor is able to execute commands on the target in the security context of the running...

10CVSS10AI score0.99999EPSS
Exploits130
Saint
Saint
added 2014/11/20 12:0 a.m.130 views

ShellShock DHCP Server

Added: 11/20/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background Bash is vulnerable to command injection using environment variables. When an application takes user input and uses setenv a malicious actor is able to execute commands on the target in the security context of the running...

10CVSS10AI score0.99999EPSS
Exploits130
RedHat Linux
RedHat Linux
added 2014/11/17 6:11 p.m.82 views

Important: Red Hat Security Advisory: bash Shift_JIS security update

Updated bash ShiftJIS packages that fix one security issue are now available for Red Hat Enterprise Linux 5.9 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

10CVSS7.2AI score0.99999EPSS
Exploits141References3
RedHat Linux
RedHat Linux
added 2014/11/17 6:11 p.m.5 views

bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271)

It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell...

10CVSS7.4AI score0.99999EPSS
Exploits139References6
Tenable Nessus
Tenable Nessus
added 2014/11/08 12:0 a.m.64 views

RHEL 4 / 5 / 6 : bash (RHSA-2014:1311)

Updated September 30, 2014 This advisory has been updated with information on restarting system services after applying this update. No changes have been made to the original packages. Updated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life...

10CVSS7.9AI score0.99999EPSS
Exploits141References8
Saint
Saint
added 2014/11/05 12:0 a.m.164 views

Bash Environment Variable Handling Shell Command Injection Via CUPS

Added: 11/05/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. CUPS is printing software for UNIX-like systems that allows a computer to act as a print server. Problem The Bash shell executes command...

10CVSS10AI score0.99999EPSS
Exploits130
Tenable Nessus
Tenable Nessus
added 2014/10/31 12:0 a.m.151 views

Cisco UCS Director Code Injection (CSCur02877) (Shellshock)

According to its self-reported version, the remote host is running a version of Cisco UCS Director that could be affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing of trailing strings after function definitions in the values of environmen...

10CVSS7.9AI score0.99999EPSS
Exploits156References8
Exploit DB
Exploit DB
added 2014/10/29 12:0 a.m.58 views

CUPS Filter - Bash Environment Variable Code Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'CUPS Filter Bash Environment Variable Code Injection', 'Description' = %q This module exploits a post-auth code injection in special...

10CVSS7AI score0.99621EPSS
Exploits31
Packet Storm
Packet Storm
added 2014/10/28 12:0 a.m.183 views

CUPS Filter Bash Environment Variable Code Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'CUPS Filter Bash Environment Variable Code Injection', 'Description' = %q This module exploits a post-auth code injection in special...

10CVSS1.3AI score0.99999EPSS
Exploits147
Tenable Nessus
Tenable Nessus
added 2014/10/17 12:0 a.m.41 views

Oracle Linux 6 : openssh (ELSA-2014-1552)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1552 advisory. - prevent a server from skipping SSHFP lookup 1081338 CVE-2014-2653 - ignore environment variables with embedded '=' or '\0' characters CVE-2014-2532...

6.5CVSS6.7AI score0.04751EPSS
Exploits2References3
Oracle linux
Oracle linux
added 2014/10/15 12:0 a.m.50 views

java-1.7.0-openjdk security and bug fix update

1:1.7.0.71-2.5.3.1.0.1.el511 - Add oracle-enterprise.patch - Fix DISTRONAME to 'Enterprise Linux' 1:1.7.0.71-2.5.3.1 - Bump to 2.5.3 with security updates. - Remove obsolete patches which are now included upstream. - Disable LCMS via environment variables rather than maintaining a patch. -...

6.8CVSS2.3AI score0.04102EPSS
Exploits0
Oracle linux
Oracle linux
added 2014/10/15 12:0 a.m.96 views

openssh security, bug fix, and enhancement update

5.3p1-104 - ignore SIGXFSZ in postauth monitor child 1133906 5.3p1-103 - don't try to generate DSA keys in the init script in FIPS mode 1118735 5.3p1-102 - ignore SIGPIPE in ssh-keyscan 1108836 5.3p1-101 - ssh-add: fix fatal exit when removing card 1042519 5.3p1-100 - fix race in backported...

5.8CVSS0.9AI score0.04751EPSS
Exploits2
Rows per page
Query Builder