Fedora 36 : bash (2022-4ff296fe8e)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-4ff296fe8e advisory. Add a null check in parameterbracetransform function Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Fedora 35 : bash (2022-5b644a935b)

The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-5b644a935b advisory. Add a null check in parameterbracetransform function Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Amazon Linux 2022 : git (ALAS2022-2022-236)

The version of git installed on the remote host is prior to 2.37.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-236 advisory. - Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on...

Exploit for Incorrect Default Permissions in Askey Rtf3505Vw-N1_Firmware

Privilege-escalation-ASKEY-Router-RTF3505VW-N1 CVE-2022-47040...

Amazon Linux 2 : util-linux (ALAS-2022-1878)

The version of util-linux installed on the remote host is prior to 2.30.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1878 advisory. A command injection flaw was found in the way util-linux implements umount autocompletion in Bash. An attacker with the ability...

Medium: util-linux

Issue Overview: A command injection flaw was found in the way util-linux implements umount autocompletion in Bash. An attacker with the ability to mount a filesystem with custom mount points may execute arbitrary commands on behalf of the user who triggers the umount autocompletion. CVE-2018-7738...

Heap Buffer Overflow

bash is vulnerable to a heap buffer overflow. The vulnerability exists in validparametertransform function of subst.c which allows an attacker to crash the system through potentially exploit heap corruption via a malicious HTML page...

Ian Dunn: Double evaluation in .bash_prompt of dotfiles allows a malicious repository to execute arbitrary commands

Summary Due to the improper usage of the PS1 environment variable in .bashprompt of dotfiles, a malicious repository can execute arbitrary commands when changed the current directory to it. Description The PS1 environment variable of bash supports command substitutions. For example, setting PS1 t...

OESA-2022-2100 bash security update

Bash is the GNU Project's shell. Bash is the Bourne Again SHell. Bash is an sh-compatible shell that incorporates useful features from the Korn shell ksh and C shell csh. It is intended to conform to the IEEE POSIX P1003.2/ISO 9945.2 Shell and Tools standard. It offers functional improvements ove...

Exploit for Improper Input Validation in Imagemagick

Container Escape Exploit This is a container escape exploit t...

Arbitrary Code Execution

apacheairflow is vulnerable to arbitrary code execution. The vulnerability exists in example DAGs of examplebashoperator.py which allows an attacker to execute arbitrary commands via the manually provided runid parameter...

Code injection

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to...

CVE-2022-44794

CVE-2022-44794 affects Object First Ootbi BETA, versions 1.0.7.712 through 1.0.13.1610. The root cause is an input validation flaw in the hostname-setting command within the management protocol, allowing a remote attacker with credentials to pass arbitrary data to Bash, enabling arbitrary code ex...

PT-2022-27314 · Unknown · Object First Ootbi Beta

Name of the Vulnerable Software and Affected Versions: Object First Ootbi BETA versions 1.0.7.712 through 1.0.13.1610 Description: An issue was discovered in the management protocol, allowing a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname...

CVE-2022-44794

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to...

Object First 安全漏洞

Object First is a Veeam best-of-breed storage solution from Object First. A security vulnerability exists in Object First version 1.0.7.712, which stems from the command to set the hostname not validating the input parameters, resulting in arbitrary data that can be directed to the Bash...

Azure CLI Code Injection CVE-2022-39327 hits 9.8/10 CVSS score

The most recent Azure CLI Code Injection vulnerability is a rare and dangerous case. It’s not often that the most popular cloud platform client is vulnerable to such critical issues as code injection. Regardless overall high risk of injections by OWASP Top 10 and OWASP API Security Top 10, code...

CVE-2022-3715

A flaw was found in the bash package, where a heap-buffer overflow can occur in validparametertransform. This issue may lead to memory problems...

Bash 缓冲区错误漏洞

Bash is an American shell command language interpreter written for the GNU Project and running on Unix-like operating systems by the individual developer Brian J. Fox. It is capable of reading and executing commands from standard input devices or files. A buffer error vulnerability exists in Bash...

PT-2022-5389 · Bash +6 · Bash +6

Name of the Vulnerable Software and Affected Versions: bash affected versions not specified Description: The issue is related to a heap-buffer overflow in the valid parameter transform function of the bash package, which can lead to memory problems. This can potentially allow a remote attacker to...