Lucene search
+L

167 matches found

ivanti
ivanti
added 2023/02/14 7:22 a.m.26 views

JSA10648 - 2014-09 Out of Cycle Security Bulletin: Multiple Products: Shell Command Injection Vulnerability in Bash

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Bash or the Bourne again shell has vulnerabilities in the way it handles environment variables when it is invoked. Under some scenarios, network based remote attackers can inject shell...

10CVSS8.1AI score0.99999EPSS
Exploits141
bdu_fstec
bdu_fstec
added 2022/11/11 12:0 a.m.6 views

The vulnerability of the valid_parameter_transform function in the Bash operating system of Red Hat Enterprise Linux allows a hacker to execute arbitrary code.

The vulnerability of the validparametertransform function in the Bash library of the Red Hat Enterprise Linux operating system is related to operations that go beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

5.5CVSS7.5AI score0.00356EPSS
Exploits1References2Affected Software1
cloudfoundry
cloudfoundry
added 2022/05/23 12:0 a.m.33 views

USN-5380-1: Bash vulnerability | Cloud Foundry

Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Bash did not properly drop privileges when the binary had the setuid bit enabled. An attacker could possibly use this issue to escalate privileges. Update...

7.8CVSS7.9AI score0.02608EPSS
Exploits5Affected Software3
nessus
nessus
added 2022/04/20 12:0 a.m.58 views

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Bash vulnerability (USN-5380-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5380-1 advisory. It was discovered that Bash did not properly drop privileges when the binary had the setuid bit enabled. An attacker could possibly use th...

7.8CVSS7AI score0.02608EPSS
Exploits5References2
nessus
nessus
added 2022/04/11 12:0 a.m.58 views

F5 Networks BIG-IP : Bash vulnerability (K05122252)

A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LCCTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the 'echo -e' built-in function, ma...

7.8CVSS7.6AI score0.0051EPSS
Exploits0References2
veracode
veracode
added 2021/05/20 3:27 p.m.66 views

Privilege Escalation

bash is vulnerable to privilege escalation. The way privileges are dropped when started with an effective user ID not equal to the real user ID. If the setuid permission is set and the owner of the bash program is a non-root user, a local attacker is able to abuse the vulnerability to escalate...

7.8CVSS3.6AI score0.02608EPSS
Exploits5References12Affected Software3
redhat
redhat
added 2020/09/22 11:42 a.m.5 views

bash: BASH_CMD is writable in restricted bash shells

rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the permissions of the shell...

7.8CVSS7.5AI score0.00415EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2019/11/28 12:27 a.m.4 views

CVE-2019-18276

An issue was discovered in disableprivmode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems th...

7.7AI score0.02608EPSS
Exploits5References7
ubuntu
ubuntu
added 2019/11/11 12:21 p.m.179 views

USN-4180-1: Bash vulnerability

It was discovered that Bash incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

7.8CVSS7.2AI score0.0051EPSS
Exploits0
cloudfoundry
cloudfoundry
added 2019/08/29 12:0 a.m.45 views

USN-4058-1: Bash vulnerability | Cloud Foundry

Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command. CVEs contained in this USN include: CVE-2019-99...

7.8CVSS7.9AI score0.00415EPSS
Exploits0
ubuntu
ubuntu
added 2019/08/05 2:40 p.m.124 views

USN-4058-2: Bash vulnerability

USN-4058-1 fixed a vulnerability in bash. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and...

7.8CVSS7AI score0.00415EPSS
Exploits0
osv
osv
added 2019/08/05 2:40 p.m.2 views

USN-4058-2 bash vulnerability

USN-4058-1 fixed a vulnerability in bash. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and...

7.8CVSS6.7AI score0.00415EPSS
Exploits0References2
nessus
nessus
added 2019/07/16 12:0 a.m.32 views

Ubuntu 16.04 LTS : Bash vulnerability (USN-4058-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4058-1 advisory. It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command...

7.8CVSS7.1AI score0.00415EPSS
Exploits0References2
osv
osv
added 2019/07/15 2:31 p.m.3 views

USN-4058-1 bash vulnerability

It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command...

7.8CVSS6.7AI score0.00415EPSS
Exploits0References2
osv
osv
added 2019/07/05 5:46 p.m.17 views

SUSE-SU-2019:0838-2 Security update for bash

This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASHCMDS allowing the user to execute any command with the permissions of the shell bsc1130324...

7.8CVSS7.9AI score0.00415EPSS
Exploits0References3
osv
osv
added 2019/06/18 6:15 p.m.3 views

DEBIAN-CVE-2012-6711

A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LCCTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, ma...

7.8CVSS8.3AI score0.0051EPSS
Exploits0References1
veracode
veracode
added 2019/05/02 5:51 a.m.25 views

Privilege Escalation

Bash is vulnerable to privilege escalation. This allows to local authenticated user to inject arbitrary commands via crafted SHELLOPTS and PS4 environment variables leading to data modification and disclosure of information...

8.4CVSS7.7AI score0.00576EPSS
Exploits0References18Affected Software1
veracode
veracode
added 2019/05/02 5:11 a.m.25 views

Arbitrary Code Execution

bash is vulnerable to arbitrary code execution. The vulnerability exists in the readtokenword function where deeply nested for loops can cause arbitrary code execution...

10CVSS7.4AI score0.9994EPSS
Exploits20References128Affected Software1
veracode
veracode
added 2019/01/15 9:16 a.m.22 views

Arbitrary Code Execution

bash is vulnerable to arbitrary code execution. A flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances...

7.5CVSS8.4AI score0.06019EPSS
Exploits0References19Affected Software3
veracode
veracode
added 2019/01/15 9:2 a.m.62 views

Arbitrary File Overwrite

bash is vulnerable to arbitrary file overwrite attacks. The vulnerability exists as GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have...

9.8CVSS9.6AI score0.99999EPSS
Exploits142References163Affected Software1
Rows per page
Query Builder