Lucene search

Studio Onsite Security Vulnerabilities - CVSS Score 9 - 10

cve

CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cg...

9.8CVSS

9.9AI Score

0.974EPSS

2014-09-24 06:48 PM

2419

In Wild

cve

CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the F...

9.8CVSS

8.4AI Score

0.974EPSS

2014-09-25 01:55 AM

1078

In Wild

cve

CVE-2014-9846

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.

9.8CVSS

7AI Score

0.014EPSS

2017-03-20 04:59 PM

cve

CVE-2016-0718

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

9.8CVSS

8.7AI Score

0.008EPSS

2016-05-26 04:59 PM

272

cve

CVE-2016-5118

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

9.8CVSS

9.5AI Score

0.747EPSS

2016-06-10 03:59 PM

122