Lucene search
K

110 matches found

Tenable Nessus
Tenable Nessus
added 2018/04/26 12:0 a.m.42 views

SUSE SLED12 / SLES12 Security Update : zsh (SUSE-SU-2018:1072-1)

This update for zsh fixes the following issues : - CVE-2014-10070: environment variable injection could lead to local privilege escalation bnc1082885 - CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. bnc1082977 - CVE-2014-10072: buffer overflow In utils.c when scanning...

9.8CVSS7.1AI score0.03173EPSS
Exploits0References29
OpenVAS
OpenVAS
added 2016/07/27 12:0 a.m.39 views

TYPO3 Environment Variable Injection Vulnerability (Jul 2016)

TYPO3 is prone to an environment variable injection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3";...

8.1CVSS8.4AI score0.50427EPSS
Exploits0References2
Typo3
Typo3
added 2016/07/19 12:0 a.m.643 views

Environment Variable Injection

It has been discovered, that PHP exposes the risk of Environment Variable Injection and TYPO3 is vulnerable through third party library guzzlehttp/guzzle Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerability Type: Environment Variable Injection Affected Versions: Versions 8.0.0 to...

5.1CVSS0.6AI score0.50427EPSS
Exploits0Affected Software1
OSV
OSV
added 2015/12/21 7:6 p.m.6 views

SUSE-SU-2015:2337-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes the following issues: - CVE-2015-7519: rubygem-passenger was not filtering the environment like apache is doing, allowing injection of environment variables bsc956281...

4.3CVSS4.4AI score0.02364EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/10/06 12:0 a.m.59 views

GLSA-201409-09 : Bash: Code Injection (Shellshock)

The remote host is affected by the vulnerability described in GLSA-201409-09 Bash: Code Injection Stephane Chazelas reported that Bash incorrectly handles function definitions, allowing attackers to inject arbitrary code. Impact : A remote attacker could exploit this vulnerability to execute...

10CVSS8.9AI score0.99999EPSS
Exploits131References2
RedHat Linux
RedHat Linux
added 2014/10/02 6:40 p.m.7 views

bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271)

It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell...

10CVSS7.4AI score0.99999EPSS
Exploits140References6
OSV
OSV
added 2014/09/28 12:17 p.m.14 views

MGASA-2014-0393 Updated bash packages fix CVE-2014-7169

Updated bash packages fix security vulnerability: It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or...

10CVSS10AI score0.9994EPSS
Exploits17References3
Mageia
Mageia
added 2014/09/28 12:17 p.m.77 views

Updated bash packages fix CVE-2014-7169

Updated bash packages fix security vulnerability: It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or...

10CVSS9.9AI score0.9994EPSS
Exploits17References2
RedHat Linux
RedHat Linux
added 2014/09/26 1:46 a.m.7 views

bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271)

It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell...

10CVSS7.4AI score0.99999EPSS
Exploits140References6
Saint
Saint
added 2014/09/26 12:0 a.m.196 views

Bash environment variable code injection over HTTP

Added: 09/26/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Problem The Bash shell executes commands injected after function definitions contained in environment variables. This could be used by a...

10CVSS10AI score0.99999EPSS
Exploits131
Rows per page
Query Builder