Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
GnuBash*

10 matches found

CVE
CVEadded 2014/09/24 6:48 p.m.2728 views

CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cg...

10CVSS9.9AI score0.9422EPSS
CVE
CVEadded 2014/09/25 1:55 a.m.1237 views

CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the F...

10CVSS8.4AI score0.9422EPSS
CVE
CVEadded 2019/03/22 8:29 a.m.412 views

CVE-2019-9924

rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.

7.8CVSS7.8AI score0.002EPSS
CVE
CVEadded 2019/11/28 1:15 a.m.321 views

CVE-2019-18276

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems th...

7.8CVSS7.5AI score0.40022EPSS
CVE
CVEadded 2023/01/05 3:15 p.m.267 views

CVE-2022-3715

A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

7.8CVSS7.4AI score0.00048EPSS
CVE
CVEadded 2019/06/18 6:15 p.m.217 views

CVE-2012-6711

A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may...

7.8CVSS7.6AI score0.00107EPSS
CVE
CVEadded 2017/01/23 9:59 p.m.211 views

CVE-2016-9401

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.

5.5CVSS5.3AI score0.00011EPSS
CVE
CVEadded 2017/01/19 8:59 p.m.175 views

CVE-2016-7543

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

8.4CVSS7.1AI score0.00118EPSS
CVE
CVEadded 2000/06/02 4:0 a.m.42 views

CVE-1999-0491

The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.

4.6CVSS7.3AI score0.00298EPSS
CVE
CVEadded 2001/09/12 4:0 a.m.31 views

CVE-1999-1383

(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable.

4.6CVSS7.6AI score0.00061EPSS