Lucene search
K

167 matches found

Veracode
Veracode
added 2019/01/15 9:1 a.m.42 views

Remote Code Execution (RCE)

bash is vulnerable to remote code execution RCE attacks. The vulnerability exists as GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrate...

9.8CVSS9.7AI score0.99999EPSS
Exploits140References172Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:38 a.m.39 views

Security Bulletin: A vulnerability in bash affects IBM Flex System Manager (FSM) (CVE-2016-9401)

Summary A vulnerability has been discovered in bash that is embedded in FSM. This bulletin addresses that issue. Vulnerability Details CVEID: CVE-2016-9401 DESCRIPTION: GNU Bash could allow a local attacker to bypass security restrictions, caused by a use-after-free error. An attacker could explo...

5.5CVSS1.3AI score0.00421EPSS
Exploits0Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2018/03/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2014-6277

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access, and untrusted-pointer read and write operations via a crafted...

10CVSS7.1AI score0.64326EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
added 2018/03/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2014-7187

Off-by-one error in the readtokenword function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have unspecified other impact via deeply nested for loops, aka the "wordlineno" issue...

10CVSS6.8AI score0.58462EPSS
Exploits12References1
Tenable Nessus
Tenable Nessus
added 2017/12/28 12:0 a.m.35 views

F5 Networks BIG-IP : Bash vulnerability (K73705133)

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. CVE-2016-7543 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution K7370513...

8.4CVSS6.8AI score0.00576EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2017/08/28 3:0 p.m.35 views

CVE-2016-0634

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine...

7.5CVSS7.1AI score0.06019EPSS
Exploits0
OSV
OSV
added 2017/05/18 10:24 a.m.2 views

SUSE-SU-2017:1337-1 Security update for bash

This update for bash fixed several issues This security issue was fixed: - CVE-2016-9401: popd in bash might allowed local users to bypass the restricted shell and cause a use-after-free via a crafted address bsc1010845. This non-security issue was fixed: - Fix when HISTSIZE=0 and chattr +a...

6.2CVSS6.2AI score0.00421EPSS
Exploits0References5
Cvelist
Cvelist
added 2017/03/27 3:0 p.m.34 views

CVE-2017-5932

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...

6.1AI score0.00425EPSS
Exploits2References4
Debian CVE
Debian CVE
added 2017/03/27 3:0 p.m.39 views

CVE-2017-5932

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...

7.8CVSS7.5AI score0.00425EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2017/03/21 8:42 a.m.6 views

bash: Arbitrary code execution via malicious hostname

An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances...

7.5CVSS7.6AI score0.06019EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/03/21 8:42 a.m.6 views

bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution

An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances...

8.4CVSS7.4AI score0.00576EPSS
Exploits0References4
OSV
OSV
added 2017/01/23 9:59 p.m.2 views

ALPINE-CVE-2016-9401

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address...

5.5CVSS6.6AI score0.00421EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2017/01/23 9:0 p.m.2 views

CVE-2016-9401

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address...

5.5AI score0.00421EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2017/01/23 9:0 p.m.38 views

CVE-2016-9401

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address...

6.2CVSS6.3AI score0.00421EPSS
Exploits0
Prion
Prion
added 2017/01/19 8:59 p.m.18 views

Design/Logic Flaw

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables...

7.2CVSS7.5AI score0.00576EPSS
Exploits0References11Affected Software2
ATTACKERKB
ATTACKERKB
added 2017/01/19 8:59 p.m.0 views

CVE-2016-7543

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables...

8.4CVSS5.9AI score0.00576EPSS
Exploits0References15
OSV
OSV
added 2017/01/19 8:59 p.m.8 views

CVE-2016-7543

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables...

8.4CVSS8.5AI score
Exploits0References11
Debian CVE
Debian CVE
added 2017/01/19 8:0 p.m.33 views

CVE-2016-7543

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables...

8.4CVSS6.8AI score0.00576EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/12/13 12:0 a.m.41 views

GLSA-201612-39 : Bash: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201612-39 Bash: Arbitrary code execution A vulnerability was found in the way Bash expands $HOSTNAME. Injecting malicious code into $HOSTNAME could cause it to run each time Bash expands \h in the prompt string. Impact : A remote...

7.5CVSS6.9AI score0.06019EPSS
Exploits0References2
CNVD
CNVD
added 2016/09/19 12:0 a.m.2 views

GNU Bash Local Code Execution Vulnerability

GNU Bash is a shell command language interpreter written by American software developer Brian J. Fox for the GNU Project, which runs on Unix-like operating systems the default shell for Linux systems and is capable of reading from, and executing commands from, a standard input device or file, as...

7.5CVSS7.9AI score0.06019EPSS
Exploits0References1
Rows per page
Query Builder