Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bash vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-9804
In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with t...
Mozilla Firefox
7.8
CVSSv3
CVE-2019-9924
rbash in Bash prior to 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
Gnu Bash
Gnu Bash 4.4
Debian Debian Linux 8.0
Opensuse Leap 42.3
Netapp Hci Management Node -
Netapp Solidfire -
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
7.8
CVSSv3
CVE-2019-1596
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local malicious user to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability is due to incorrect permissions of...
Cisco Nx-os
7.8
CVSSv3
CVE-2019-1593
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local malicious user to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate with valid user credentials. The vul...
Cisco Nx-os
7.5
CVSSv3
CVE-2019-9146
Jamf Self Service 10.9.0 allows man-in-the-middle malicious users to obtain a root shell by leveraging the "publish Bash shell scripts" feature to insert "/Applications/Utilities/Terminal app/Contents/MacOS/Terminal" into the TCP data stream.
Jamf Self Service 10.9.0
9.8
CVSSv3
CVE-2018-2894
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
Oracle Weblogic Server 12.2.1.2.0
Oracle Weblogic Server 12.2.1.3
Oracle Weblogic Server 12.1.3.0.0
Oracle Weblogic Server 10.3.6.0.0
8 Github repositories
1 Article
9.8
CVSSv3
CVE-2018-2943
Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via ...
Oracle Fusion Middleware Mapviewer 12.2.1.3.0
Oracle Fusion Middleware Mapviewer 12.2.1.2.0
1 Article
8.8
CVSSv3
CVE-2018-10895
qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash...
Qutebrowser Qutebrowser
9.8
CVSSv3
CVE-2018-11228
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices prior to 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).
Crestron Crestron Toolbox Protocol Firmware
2 Github repositories
7.5
CVSSv3
CVE-2017-16202
The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
Cofeescript Project Cofeescript 0.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »