Lucene search
K

42 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:29 a.m.3 views

SUSE CVE-2014-2532

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character...

4.9CVSS7AI score0.04751EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.2 views

SUSE CVE-2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...

7CVSS7.3AI score0.01385EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/12/07 11:6 a.m.5 views

ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

7.8CVSS6AI score0.01385EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/06 4:56 p.m.5 views

ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

7.8CVSS6AI score0.01385EPSS
Exploits0References4
OSV
OSV
added 2020/04/02 5:15 p.m.3 views

DEBIAN-CVE-2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...

7.8CVSS7.5AI score0.01385EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2020/04/01 2:8 p.m.23 views

CVE-2019-14868

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

7.8CVSS6.8AI score0.01385EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/02/05 12:15 p.m.5 views

ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

7.8CVSS6AI score0.01385EPSS
Exploits0References4
Broadcom
Broadcom
added 2017/05/02 12:0 a.m.19 views

BSA-2017-253

Security Advisory ID : BSA-2017-253 Component : OpenSSH Revision : 2.0: Interim sshdinOpenSSHbefore 6.6 does not properly support wildcards onAcceptEnvlines insshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard...

5.8CVSS5.5AI score0.04751EPSS
Exploits1
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.31 views

Amazon Linux: Security Advisory (ALAS-2014-369)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS5.9AI score0.04751EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2015/03/30 12:0 a.m.34 views

Mandriva Linux Security Advisory : openssh (MDVSA-2015:095)

Updated openssh packages fix security vulnerabilities : sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character CVE-2014-2532...

6.5CVSS6.6AI score0.04751EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2014/10/13 9:21 p.m.6 views

openssh: AcceptEnv environment restriction bypass flaw

It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions...

5.8CVSS6.5AI score0.04751EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2014/10/12 12:0 a.m.35 views

Amazon Linux AMI : openssh (ALAS-2014-369)

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. The verifyhostkey function in sshconnect.c in the client in OpenSSH...

6.5CVSS6.5AI score0.04751EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2014/10/11 12:0 a.m.140 views

Ubuntu 14.04 LTS : Bash vulnerabilities (USN-2380-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2380-1 advisory. Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable...

10CVSS7.8AI score0.99621EPSS
Exploits36References3
OpenVAS
OpenVAS
added 2014/10/01 12:0 a.m.44 views

Ubuntu: Security Advisory (USN-2364-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS10AI score0.64336EPSS
Exploits14References2
OpenVAS
OpenVAS
added 2014/10/01 12:0 a.m.31 views

Ubuntu: Security Advisory (USN-2363-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.5AI score0.9994EPSS
Exploits17References4
Tenable Nessus
Tenable Nessus
added 2014/09/29 12:0 a.m.52 views

Ubuntu 14.04 LTS : Bash vulnerabilities (USN-2364-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2364-1 advisory. Florian Weimer and Todd Sabin discovered that the Bash parser incorrectly handled memory. An attacker could possibly use this issue to bypass certain...

10CVSS7.8AI score0.64336EPSS
Exploits14References3
OSV
OSV
added 2014/09/27 9:5 a.m.3 views

USN-2364-1 bash vulnerabilities

Florian Weimer and Todd Sabin discovered that the Bash parser incorrectly handled memory. An attacker could possibly use this issue to bypass certain environment restrictions and execute arbitrary code. CVE-2014-7186, CVE-2014-7187 In addition, this update introduces a hardening measure which add...

10CVSS7AI score0.64336EPSS
Exploits14References3
OSV
OSV
added 2014/09/26 2:13 a.m.3 views

USN-2363-2 bash vulnerability

USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS package. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tavis Ormandy discovered that the security fix for...

10CVSS7.4AI score0.9994EPSS
Exploits17References2
Ubuntu
Ubuntu
added 2014/09/26 2:13 a.m.115 views

USN-2363-2: Bash vulnerability

USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS package. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tavis Ormandy discovered that the security fix for...

10CVSS8.5AI score0.9994EPSS
Exploits17
Tenable Nessus
Tenable Nessus
added 2014/09/26 12:0 a.m.47 views

Ubuntu 14.04 LTS : Bash vulnerability (USN-2363-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2363-2 advisory. USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS package. This upda...

10CVSS8.5AI score0.9994EPSS
Exploits17References2
Rows per page
Query Builder