CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0298
https://notcve.org/view.php?id=CVE-2016-0298
29 Jun 2016 — Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL. Vulnerabilidad de salto de directorio en IBM Security Guardium Database Activity Monitor 10 en versiones anteriores a 10.0p100 permite a usuarios remotos autenticados leer archivos arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21981749 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-5043
https://notcve.org/view.php?id=CVE-2015-5043
08 Nov 2015 — diag in IBM Security Guardium 8.2 before p6015, 9.0 before p6015, 9.1, 9.5, and 10.0 before p6015 allows local users to obtain root access via unspecified key sequences. diag en IBM Security Guardium 8.2 en versiones anteriores a p6015, 9.0 en versiones anteriores a p6015, 9.1, 9.5 y 10.0 en versiones anteriores a p6015 permiten a usuarios locales obtener acceso root a través de una secuencia de teclas no especificada. • http://www-01.ibm.com/support/docview.wss?uid=swg21968616 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 90%CPEs: 345EXPL: 20CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://www.exploit-db.com/exploits/34777 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 10.0EPSS: 97%CPEs: 345EXPL: 106CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://github.com/darrenmartyn/visualdoor • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •