Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bash vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2019-18276
An issue exists in disable_priv_mode in shell.c in GNU Bash up to and including 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Lin...
Gnu Bash
Gnu Bash 5.0
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Oncommand Unified Manager
Oracle Communications Cloud Native Core Policy 1.14.0
3 Github repositories
7.8
CVSSv3
CVE-2012-6711
A heap-based buffer overflow exists in GNU Bash prior to 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo ...
Gnu Bash
Redhat Enterprise Linux 7.0
7.8
CVSSv3
CVE-2019-9924
rbash in Bash prior to 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
Gnu Bash
Gnu Bash 4.4
Debian Debian Linux 8.0
Opensuse Leap 42.3
Netapp Hci Management Node -
Netapp Solidfire -
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
7.8
CVSSv3
CVE-2019-1596
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local malicious user to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability is due to incorrect permissions of...
Cisco Nx-os
7.8
CVSSv3
CVE-2019-1593
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local malicious user to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate with valid user credentials. The vul...
Cisco Nx-os
7.8
CVSSv3
CVE-2013-6876
The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and previous versions allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and previous versions. NOTE: this vulnerability was fixed with commit ad732f0...
S3dvt Project S3dvt
7.8
CVSSv3
CVE-2014-1226
The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and previous versions. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876.
S3dvt Project S3dvt
7.8
CVSSv3
CVE-2018-7738
In util-linux prior to 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount...
Kernel Util-linux
7.8
CVSSv3
CVE-2017-5932
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.
Gnu Bash 4.4
7.5
CVSSv3
CVE-2022-36064
Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells `Bash` and `Dash`, or any not-officially-supported Unix shell; and/or using the `escape` or `escap...
Shescape Project Shescape
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »