CVSS: 10.0EPSS: 90%CPEs: 345EXPL: 23CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://packetstorm.news/files/id/128650 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 10.0EPSS: 97%CPEs: 345EXPL: 134CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 58EXPL: 0CVE-2014-4811
https://notcve.org/view.php?id=CVE-2014-4811
12 Sep 2014 — IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a direct request to the administrative IP address. IBM Storwize 3500, 3700, 5000, y dispositivos 7000 y SAN Volume Controller 6.x y 7.x anterior a 7.2.0.8 permiten a atacantes remotos restablecer la contraseña del superusuario administrador a su valor por defecto a través de una solicitud directa hacia la dirección ... • http://secunia.com/advisories/61075 • CWE-255: Credentials Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 143EXPL: 0CVE-2014-0880
https://notcve.org/view.php?id=CVE-2014-0880
29 Mar 2014 — IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CLI access, and consequently cause a denial of service, via unspecified traffic to the administrative IP address. IBM SAN Volume Controller; Storwize V3500, V3700, V5000 y V7000; y Flex System V7000 con software 6.3 y 6.4 anterior a 6.4.1.8 y 7.1 y 7.2 anterior a 7.2.0.3, permite a atacantes remotos obtener acceso... • http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004570 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2012-6354
https://notcve.org/view.php?id=CVE-2012-6354
19 Feb 2013 — The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets. La interfaz de gestión en el controlador de volumen SAN IBM Storwize V7000 v6.x antes de v6.4.1.3 permite a atacantes remotos evitar la autenticación y obtener acceso de superusuario a través de paquetes IP. • http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004277 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 1CVE-2012-2171 – IBM System Storage DS Storage Manager Profiler - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2171
22 Jun 2012 — SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI. Vulnerabilidad de inyección SQL en ModuleServlet.do en Storage Manager Profiler in IBM System Storage DS Storage Manager antes de v10.83.xx.18 de dispositivos de la Serie DS, permite a usu... • https://www.exploit-db.com/exploits/19321 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 2CVE-2012-2172 – IBM System Storage DS Storage Manager Profiler - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2172
22 Jun 2012 — Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en SoftwareRegistration.do en Storage Manager Profiler en IBM System Storage DS Storage Manager antes de v10.83.xx.18 en dispositivos de la Serie DS, permite a... • https://www.exploit-db.com/exploits/19321 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 17EXPL: 0CVE-2004-1663
https://notcve.org/view.php?id=CVE-2004-1663
04 Sep 2004 — Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets. • http://marc.info/?l=bugtraq&m=109435831811484&w=2 •