Lucene search
K

4775 matches found

Vulnrichment
Vulnrichment
added 2014/09/24 6:0 p.m.16 views

CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

8.3AI score0.99999EPSS
Exploits130References170
Cvelist
Cvelist
added 2014/09/24 6:0 p.m.58 views

CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

8.6AI score0.99999EPSS
Exploits130References170
Debian CVE
Debian CVE
added 2014/09/24 6:0 p.m.216 views

CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

10CVSS9.6AI score0.99999EPSS
Exploits130
Debian
Debian
added 2014/09/24 3:22 p.m.60 views

[SECURITY] [email protected]

Package : bash Version : 4.1-3+deb6u1 CVE ID : CVE-2014-6271 Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash...

9.8CVSS3.5AI score0.99999EPSS
Exploits130
Debian
Debian
added 2014/09/24 3:22 p.m.55 views

[SECURITY] [email protected]

Package : bash Version : 4.1-3+deb6u1 CVE ID : CVE-2014-6271 Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash...

10CVSS3.5AI score0.99999EPSS
Exploits130
RedHat Linux
RedHat Linux
added 2014/09/24 3:11 p.m.5 views

bash: specially-crafted environment variables can be used to inject shell commands

A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment...

10CVSS7.5AI score0.99999EPSS
Exploits130References8
RedHat Linux
RedHat Linux
added 2014/09/24 3:11 p.m.103 views

Critical: Red Hat Security Advisory: bash security update

Updated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.5AI score0.99999EPSS
Exploits130References3
RedHat Linux
RedHat Linux
added 2014/09/24 2:18 p.m.4 views

bash: specially-crafted environment variables can be used to inject shell commands

A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment...

10CVSS7.5AI score0.99999EPSS
Exploits130References8
RedHat Linux
RedHat Linux
added 2014/09/24 2:18 p.m.3 views

bash: specially-crafted environment variables can be used to inject shell commands

A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment...

10CVSS7.5AI score0.99999EPSS
Exploits130References8
RedHat Linux
RedHat Linux
added 2014/09/24 2:18 p.m.75 views

Critical: Red Hat Security Advisory: bash Shift_JIS security update

Updated bash ShiftJIS packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.5AI score0.99999EPSS
Exploits130References3
Debian
Debian
added 2014/09/24 2:6 p.m.53 views

[SECURITY] [DSA 3032-1] bash security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3032-1 [email protected] http://www.debian.org/security/ Florian Weimer September 24, 2014 http://www.debian.org/security/faq -...

10CVSS10AI score0.99999EPSS
Exploits130
Positive Technologies
Positive Technologies
added 2014/09/24 12:0 a.m.11 views

PT-2014-1176

Name of the Vulnerable Software and Affected Versions bash versions 1.14 through 4.2 p52 GNU Bash affected versions not specified Description The issue is related to the way shell functions are passed through environment variables, allowing an attacker to inject commands into a Bash shell. This c...

10CVSS9.2AI score0.99999EPSS
Exploits157References176
Amazon
Amazon
added 2014/09/24 12:0 a.m.107 views

Important: bash

Issue Overview: GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vecto...

10CVSS9.6AI score0.99999EPSS
Exploits141
OSV
OSV
added 2014/09/24 12:0 a.m.16 views

DLA-59-1 bash - security update

Bulletin has no description...

10CVSS9.8AI score0.99999EPSS
Exploits130
OSV
OSV
added 2014/09/24 12:0 a.m.62 views

DSA-3032-1 bash - security update

Bulletin has no description...

10CVSS10AI score0.99999EPSS
Exploits130
Amazon
Amazon
added 2014/09/24 12:0 a.m.79 views

Critical: bash

Issue Overview: This ALAS is superceded by ALAS-2014-419 https://alas.aws.amazon.com/ALAS-2014-419.html". A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell...

10CVSS9.4AI score0.99999EPSS
Exploits130
OSV
OSV
added 2014/09/24 12:0 a.m.2 views

UBUNTU-CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

9.8CVSS7.7AI score0.99999EPSS
Exploits130References4
Tenable Nessus
Tenable Nessus
added 2014/09/09 12:0 a.m.27 views

Ubuntu 10.04 LTS : eglibc regression (USN-2306-3)

USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This update fixes the problem. We apologize for the inconvenience. Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the...

7.5CVSS7.2AI score0.04154EPSS
Exploits5References5
Ubuntu
Ubuntu
added 2014/09/08 11:26 a.m.75 views

USN-2306-3: GNU C Library regression

USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Maksymilian Arciemowicz discovered that the GNU C Library...

7.2AI score0.04154EPSS
Exploits5References1
Tenable Nessus
Tenable Nessus
added 2014/09/05 12:0 a.m.41 views

IBM WebSphere Portal 8.0.0.x Unified Task List Portlet Multiple Vulnerabilities (PI18909)

The version of IBM WebSphere Portal on the remote host is affected by multiple vulnerabilities in the Unified Task List UTL portlet : - An unspecified open redirect vulnerability exists that allows a remote attacker to perform a phishing attack by enticing a user to click a malicious URL...

7.5CVSS6.1AI score0.02072EPSS
Exploits0References6
Rows per page
Query Builder