bash vulnerabilities and exploits

7.2
HIGH
CVE-2019-3475

A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6....

4
MEDIUM
CVE-2019-3474

A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6....

NA
CVE-2019-34753

Micro Focus Filr version 3.4.0.217 suffers from privilege escalation and path traversal vulnerabilities....

7.5
HIGH
CVE-2019-8341

An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a U...

PocooJinja2
NA
CVE-2019-5376

Exploit for CVE-2019-5736 Usage: build image cd CVE-2019-5376 gcc run.c -o run -static docker build -t testpoc . run docker run -it --privileged --name testpoc_instance testpoc # open another terminal, and run docker exec docker exec -it testpoc_instance bash...

NA
CVE-2019-7304

Local privilege escalation via snapd socket...

9.3
HIGH
CVE-2019-5736

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new conta...

10
HIGH
CVE-2017-7494

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it....

SambaSamba
NA
CVE-2019-6973

Sricam gSOAP is vulnerable to a denial of service, caused by improper validation of user-supplied request. By sending multiple incomplete requests, a remote attacker could exploit this vulnerability to cause a denial of service condition....

NA
CVE-2019-6116

It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system and exec...

4.3
MEDIUM
CVE-2018-15440

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due ...