Lucene search
K
GnuBash

6 matches found

CVE
CVE
added 2019/03/22 7:5 a.m.458 views

CVE-2019-9924

CVE-2019-9924 : Bash rbash prior to 4.4-beta2 could allow a shell user to modify BASH_CMDS and thereby execute arbitrary commands with the shell’s permissions. IBM CP4S advisory confirms affected product versions: Cloud Pak for Security (CP4S) 1.8.1.0, 1.8.0.0, and 1.7.2.0. Remediation is to upgr...

7.8CVSS7.8AI score0.00415EPSS
CVE
CVE
added 2019/11/28 12:27 a.m.367 views

CVE-2019-18276

CVE-2019-18276 affects GNU Bash up to 5.0 patch 11, where disable_priv_mode in shell.c incorrectly drops privileges when UID real != effective, leaving the saved UID intact. An attacker with shell command execution can use enable -f to load a new builtin (shared object) that calls setuid(), regai...

7.8CVSS7.5AI score0.02608EPSS
CVE
CVE
added 2023/01/05 12:0 a.m.300 views

CVE-2022-3715

CVE-2022-3715 affects Bash with a heap-based buffer overflow in valid_parameter_transform. The issue allows a local authenticated attacker to overflow a buffer and execute arbitrary code in the context of the current process. Multiple advisories reference Bash fixes/upgrades to mitigate this vuln...

7.8CVSS7.4AI score0.00356EPSS
CVE
CVE
added 2019/06/18 5:34 p.m.236 views

CVE-2012-6711

CVE-2012-6711 describes a heap-based buffer overflow in GNU Bash prior to 4.3. When wide characters not supported by the current LC_CTYPE locale are printed via the echo builtin, ansicstr() mishandles u32cconv() in lib/sh/strtrans.c, potentially allowing a local attacker to crash a script or exec...

7.8CVSS7.6AI score0.0051EPSS
CVE
CVE
added 2017/08/28 3:0 p.m.196 views

CVE-2016-0634

CVE-2016-0634 concerns Bash 4.3 where expansion of '\h' in the prompt string can trigger arbitrary code execution when a hostname contains shell metacharacters. The vulnerability is triggered by a remote attacker with authenticated access (e.g., via DHCP-influenced hostname) and can result in arb...

7.5CVSS6.8AI score0.06019EPSS
CVE
CVE
added 2017/03/27 3:0 p.m.116 views

CVE-2017-5932

CVE-2017-5932 is a Bash local privilege escalation exploiting the path autocompletion feature. A crafted filename that begins with a double quote and includes a command substitution metacharacter can allow a local user to execute arbitrary code with elevated privileges. The vulnerability affects ...

7.8CVSS6.3AI score0.00425EPSS