CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2010-0002 – GNU Bash 4.0 - 'ls' Control Character Command Injection
https://notcve.org/view.php?id=CVE-2010-0002
14 Jan 2010 — The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename. La secuencia de comandos /etc/profile.d/60alias.sh en el paquete Mandriva bash para Bash v2.05b, v3.0, v3.2, v3.2.48, y v4.0 activa la opción --show-control-chars en LS_OPTIONS, lo que permite a usuarios locales enviar ... • https://www.exploit-db.com/exploits/33508 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1CVE-1999-0491 – GNU GNU bash 1.14 - Path Embedded Code Execution
https://notcve.org/view.php?id=CVE-1999-0491
20 Apr 1999 — The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. • https://www.exploit-db.com/exploits/19095 • CWE-94: Improper Control of Generation of Code ('Code Injection') •