CVSS: 10.0EPSS: 89%CPEs: 345EXPL: 23CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://packetstorm.news/files/id/128650 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 10.0EPSS: 94%CPEs: 345EXPL: 135CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-3410
https://notcve.org/view.php?id=CVE-2012-3410
27 Aug 2012 — Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix. Desbordamiento de búfer basado en pila en lib/sh/eaccess.c en GNU Bash anterior a v4.2 parche 33 podría permitir a usuarios locales eludir acceso intención shell restringido a través de un nombre de archivo largo en /dev/fd, que no se utilizan con cuidado cuando se ex... • ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-033 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2010-0002 – GNU Bash 4.0 - 'ls' Control Character Command Injection
https://notcve.org/view.php?id=CVE-2010-0002
14 Jan 2010 — The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename. La secuencia de comandos /etc/profile.d/60alias.sh en el paquete Mandriva bash para Bash v2.05b, v3.0, v3.2, v3.2.48, y v4.0 activa la opción --show-control-chars en LS_OPTIONS, lo que permite a usuarios locales enviar ... • https://www.exploit-db.com/exploits/33508 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1CVE-1999-0491 – GNU GNU bash 1.14 - Path Embedded Code Execution
https://notcve.org/view.php?id=CVE-1999-0491
20 Apr 1999 — The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. • https://www.exploit-db.com/exploits/19095 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-1999-1383
https://notcve.org/view.php?id=CVE-1999-1383
13 Sep 1996 — (1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable. • http://marc.info/?l=bugtraq&m=87602167419868&w=2 • CWE-264: Permissions, Privileges, and Access Controls •