Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bash vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2024-3094
Malicious code exists in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific fun...
Tukaani Xz 5.6.1
Tukaani Xz 5.6.0
75 Github repositories
6 Articles
7.4
CVSSv3
CVE-2015-7393
dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 up to and including 11.6.0 and 12.0.0 prior to 12.0.0 HF1, BIG-IP AAM 11.4.0 up to and including 11.6.0 and 12.0.0 prior to 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 up to and including 11.6.0 and 12.0.0 prior to 12...
F5 Big-iq Application Delivery Controller 4.5.0
F5 Big-ip Application Security Manager 11.4.0
F5 Big-ip Application Security Manager 11.2.1
F5 Big-ip Application Security Manager 11.2.0
F5 Big-ip Application Security Manager 11.6.0
F5 Big-ip Application Security Manager 12.0.0
F5 Big-ip Application Security Manager 11.5.1
F5 Big-ip Application Security Manager 11.4.1
F5 Big-ip Application Security Manager 11.3.0
F5 Big-iq Security 4.1.0
F5 Big-iq Security 4.3.0
F5 Big-iq Security 4.5.0
F5 Big-iq Security 4.0.0
F5 Big-iq Security 4.2.0
F5 Big-iq Security 4.4.0
F5 Big-ip Wan Optimization Manager 11.2.0
F5 Big-ip Wan Optimization Manager 11.2.1
F5 Big-ip Wan Optimization Manager 11.3.0
F5 Big-ip Global Traffic Manager 11.6.0
F5 Big-ip Global Traffic Manager 11.4.1
F5 Big-ip Global Traffic Manager 11.3.0
F5 Big-ip Global Traffic Manager 11.2.1
9.8
CVSSv3
CVE-2023-33294
An issue exists in KaiOS 3.0 prior to 3.1. The /system/bin/tctweb_server binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted...
Kaiostech Kaios 3.0
Kaiostech Kaios 3.1
9.8
CVSSv3
CVE-2023-26068
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).
Lexmark Cxtpc Firmware
Lexmark Cstpc Firmware
Lexmark Mxtct Firmware
Lexmark Mxtpm Firmware
Lexmark Cxtmm Firmware
Lexmark Mslsg Firmware
Lexmark Mxlsg Firmware
Lexmark Mslbd Firmware
Lexmark Mxlbd Firmware
Lexmark Msngm Firmware
Lexmark Mxngm Firmware
Lexmark Mxtgm Firmware
Lexmark Msngw Firmware
Lexmark Mstgw Firmware
Lexmark Mxtgw Firmware
Lexmark Cslbn Firmware
Lexmark Cslbl Firmware
Lexmark Cxlbn Firmware
Lexmark Cxlbl Firmware
Lexmark Csnzj Firmware
Lexmark Cxtzj Firmware
Lexmark Cxnzj Firmware
7.8
CVSSv3
CVE-2023-52438
In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc->vma pointer isn't safe as it can race with munmap(). As ...
Linux Linux Kernel
NA
CVE-2024-26987
In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled When I did hard offline test with hugetlb pages, below deadlock occurs: ====================================================== WARNING: pos...
9.8
CVSSv3
CVE-2022-1388
On F5 BIG-IP 16.1.x versions before 16.1.2.2, 15.1.x versions before 15.1.5.1, 14.1.x versions before 14.1.4.6, 13.1.x versions before 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reac...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
82 Github repositories
4 Articles
8.8
CVSSv3
CVE-2015-1877
The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote malicious users to execute arbitrary commands via a crafted file.
Freedesktop Xdg-utils 1.1.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
8.8
CVSSv3
CVE-2023-30623
`embano1/wip` is a GitHub Action written in Bash. Prior to version 2, the `embano1/wip` action uses the `github.event.pull_request.title` parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string in...
Wip Project Wip
9.8
CVSSv3
CVE-2017-6900
An issue exists in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Furt...
Riello-ups Netman 204 Firmware 15-2
Riello-ups Netman 204 Firmware 14-2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »