Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bash vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-2104
The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash).
Secheron Sepcos Control And Protection Relay Firmware
7.2
CVSSv3
CVE-2019-16103
Silver Peak EdgeConnect SD-WAN prior to 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.
Silver-peak Unity Edgeconnect Sd-wan Firmware 8.1.4.9 65644
8.8
CVSSv3
CVE-2021-42165
MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path".
Mitrastar Gpt-2541gnac-n1 Firmware Br G3.5 100vnz0b33
1 Github repository
9.8
CVSSv3
CVE-2019-10095
bash command injection vulnerability in Apache Zeppelin allows an malicious user to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
Apache Zeppelin
9.8
CVSSv3
CVE-2023-31446
In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.
Cassianetworks Xc1000 Firmware 2.1.1.2303082218
Cassianetworks Xc2000 Firmware 2.1.1.2303090947
1 Github repository
9.8
CVSSv3
CVE-2023-34111
The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of `${{ github.event.pull_request.title }}` in a bash co...
Tdengine Grafana
9.8
CVSSv3
CVE-2018-11228
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices prior to 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).
Crestron Crestron Toolbox Protocol Firmware
2 Github repositories
8.8
CVSSv3
CVE-2021-37158
An issue exists in OpenGamePanel OGP-Agent-Linux through 2021-08-14. An authenticated attacker could inject OS commands by starting a Counter-Strike server and using the map field to enter a Bash command.
Opengamepanel Opengamepanel
7.5
CVSSv3
CVE-2019-9146
Jamf Self Service 10.9.0 allows man-in-the-middle malicious users to obtain a root shell by leveraging the "publish Bash shell scripts" feature to insert "/Applications/Utilities/Terminal app/Contents/MacOS/Terminal" into the TCP data stream.
Jamf Self Service 10.9.0
8.1
CVSSv3
CVE-2009-4011
dtc-xen 0.5.x prior to 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console.
Dtc-xen Project Dtc-xen
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »