K00866128: Bash vulnerability CVE-2019-9924

Security Advisory Description rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the permissions of the shell. CVE-2019-9924 Impact There is no impact; F5 products are not affected by this vulnerability. Securi...

K73705133: Bash vulnerability CVE-2016-7543

Security Advisory Description Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. CVE-2016-7543 Impact BIG-IP, F5 iWorkflow, BIG-IQ, and Enterprise Manager Impact is minimal for BIG-IP, iWorkflow, BIG-IQ, and...

K21435974: TMUI XSS vulnerability CVE-2021-23037

Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2021-23037 Impact An attacker may exploit this...

K75136237: Privilege escalation vulnerability CVE-2015-7393

Security Advisory Description dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0...

Exploit for Command Injection in Aztech Wmb250Ac_Firmware

CVE-2022-45600 | CVE URL: | https://vulners.com/cve...

Security Bulletin: Vulnerabilities in Bash affect IBM FlashSystem 840 and V840 (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Bash vulnerabilities were disclosed in September 2014. These vulnerabilities have been referred to as “Bash Bug” or “Shellshock”. Bash is used by IBM FlashSystem 840 and V840 products. Vulnerability Details The following vulnerabilities are only exploitable by users who already have...

Security Bulletin: Vulnerabilities in GNU Bash affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in GNU Bash to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible. An exploit of these vulnerabilities CVE-2016-0634, CVE-2016-7543, CVE-2016-9401 could make the system susceptible to an attack which could allow an attacker to execute arbitrary co...

FortiWeb - Command injection in CLI backup functionality

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiWeb may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters...

SUSE CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...

SUSE CVE-2005-2968

Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash...

SUSE CVE-2008-5374

bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb.? temporary file, related to the 1 aliasconv.sh, 2 aliasconv.bash, and 3 cshtobash scripts...

SUSE CVE-2012-3410

Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix...

SUSE CVE-2012-6711

A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LCCTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, ma...

SUSE CVE-2013-1362

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor NRPE before 2.14 might allow remote attackers to execute arbitrary shell commands via "$" shell metacharacters, which are processed by bash...

SUSE CVE-2014-6277

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access, and untrusted-pointer read and write operations via a crafted...

SUSE CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

SUSE CVE-2014-6278

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...

SUSE CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

SUSE CVE-2014-7186

The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have unspecified other impact via crafted use of here documents, aka the "redirstack" issue...

SUSE CVE-2014-7187

Off-by-one error in the readtokenword function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have unspecified other impact via deeply nested for loops, aka the "wordlineno" issue...