Security Bulletin: Vulnerability in restricted bash environment (CVE-2024-56477) affects Power HMC.

Summary The restricted bash environment is enabled in Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-56477 DESCRIPTION: IBM Hardware Management Console - Power could allow an authenticated user to traverse directories on the syste...

Linux Distros Unpatched Vulnerability : CVE-2022-25328

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bashcompletion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of...

Linux Distros Unpatched Vulnerability : CVE-2014-6271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute...

Linux Distros Unpatched Vulnerability : CVE-2012-6711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LCCTYPE environment variable, ar...

Linux Distros Unpatched Vulnerability : CVE-2019-18276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in disableprivmode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real...

Linux Distros Unpatched Vulnerability : CVE-2014-7169

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows...

Linux Distros Unpatched Vulnerability : CVE-2014-7187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Off-by-one error in the readtokenword function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service out-of-bounds...

Linux Distros Unpatched Vulnerability : CVE-2016-7543

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. CVE-2016-7543 Note th...

Linux Distros Unpatched Vulnerability : CVE-2014-7186

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service out-of-bounds array access and...

Security update for grafana

This update for grafana fixes the following issues: grafana was updated from version 10.4.13 to 10.4.15: Security issues fixed: CVE-2024-45339: Fixed vulnerability when creating log files bsc1236559 CVE-2024-11741: Fixed the Grafana Alerting VictorOps integration bsc1236734 CVE-2025-21613: Remove...

Security update for grafana

This update for grafana fixes the following issues: grafana was updated from version 10.4.13 to 10.4.15: Security issues fixed: CVE-2024-45339: Fixed vulnerability when creating log files bsc1236559 CVE-2024-11741: Fixed the Grafana Alerting VictorOps integration bsc1236734 CVE-2025-21613: Remove...

Imperva Protects Against the Exploited CVEs in the Cleo Data Theft Attacks

The Clop ransomware group has once again demonstrated its ability to exploit vulnerabilities to compromise sensitive systems. As Cleo—a managed file transfer provider for businesses—grapples with the aftermath of Clop’s targeted attack on their systems, the spotlight turns to CVE-2024-50623 and...

CVE-2024-54681

Multiple bash files were present in the application's private directory. Bash files can be used on their own, by an attacker that has already full access to the mobile platform to compromise the translations for the application...

CVE-2024-54681 Ossur Mobile Logic Application Command Injection

Multiple bash files were present in the application's private directory. Bash files can be used on their own, by an attacker that has already full access to the mobile platform to compromise the translations for the application...

CVE-2024-54681 Ossur Mobile Logic Application Command Injection

Multiple bash files were present in the application's private directory. Bash files can be used on their own, by an attacker that has already full access to the mobile platform to compromise the translations for the application...

CVE-2024-54681

CVE-2024-54681 affects Ossur Mobile Logic Application. Connected sources confirm the root cause is the presence of multiple bash files in the application’s private directory, which an attacker with full access on the mobile platform can use to compromise translations. Public mentions (e.g., Red H...

CVE-2024-13502 A command injection in the NTC2218, NTC2250, NTC2299 modems' web interfaces allows to exeucte arbitrary shell commands.

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM allows Local Code Inclusion.This issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19. The commitmulticast pa...

CVE-2024-13502

CVE-2024-13502 affects Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM. The issue is an OS command injection caused by improper neutralization: the commit_multicast web interface page passes untrusted input to an eval in a bash script, enabling arbitrary shell commands (Local Code...

Ossur Mobile Logic Application 命令注入漏洞

Ossur Mobile Logic Application is an intelligent application for bionic prosthetics from Ossur. A command injection vulnerability exists in Ossur Mobile Logic Application versions prior to 1.5.5, which stems from the presence of multiple bash files in the application's private directory, which ca...

CVE-2022-3715 affecting package bash 4.4.23-1

CVE-2022-3715 affecting package bash 4.4.23-1. This CVE either no longer is or was never applicable...