Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bash vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-30623
`embano1/wip` is a GitHub Action written in Bash. Prior to version 2, the `embano1/wip` action uses the `github.event.pull_request.title` parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string in...
Wip Project Wip
NA
CVE-2023-30621
Gipsy is a multi-purpose discord bot which aim to be as modular and user-friendly as possible. In versions before 1.3 users can run command on the host machine with sudoer permission. The `!ping` command when provided with an IP or hostname used to run a bash `ping <IP>` wi...
Gipsy Project Gipsy
NA
CVE-2023-26067
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).
Lexmark Cxtpc Firmware
Lexmark Cstpc Firmware
Lexmark Mxtct Firmware
Lexmark Mxtpm Firmware
Lexmark Cxtmm Firmware
Lexmark Mslsg Firmware
Lexmark Mxlsg Firmware
Lexmark Mslbd Firmware
Lexmark Mxlbd Firmware
Lexmark Msngm Firmware
Lexmark Mxngm Firmware
Lexmark Mxtgm Firmware
Lexmark Msngw Firmware
Lexmark Mstgw Firmware
Lexmark Mxtgw Firmware
Lexmark Cslbn Firmware
Lexmark Cslbl Firmware
Lexmark Cxlbn Firmware
Lexmark Cxlbl Firmware
Lexmark Csnzj Firmware
Lexmark Cxtzj Firmware
Lexmark Cxnzj Firmware
2 Github repositories
NA
CVE-2023-26068
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).
Lexmark Cxtpc Firmware
Lexmark Cstpc Firmware
Lexmark Mxtct Firmware
Lexmark Mxtpm Firmware
Lexmark Cxtmm Firmware
Lexmark Mslsg Firmware
Lexmark Mxlsg Firmware
Lexmark Mslbd Firmware
Lexmark Mxlbd Firmware
Lexmark Msngm Firmware
Lexmark Mxngm Firmware
Lexmark Mxtgm Firmware
Lexmark Msngw Firmware
Lexmark Mstgw Firmware
Lexmark Mxtgw Firmware
Lexmark Cslbn Firmware
Lexmark Cslbl Firmware
Lexmark Cxlbn Firmware
Lexmark Cxlbl Firmware
Lexmark Csnzj Firmware
Lexmark Cxtzj Firmware
Lexmark Cxnzj Firmware
NA
CVE-2022-3715
A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.
Gnu Bash
Redhat Enterprise Linux 9.0
2 Github repositories
NA
CVE-2022-44794
An issue exists in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote malicious user to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary d...
Objectfirst Object First
NA
CVE-2022-36064
Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells `Bash` and `Dash`, or any not-officially-supported Unix shell; and/or using the `escape` or `escap...
Shescape Project Shescape
NA
CVE-2022-37122
Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cg...
Carel Pcoweb Card Firmware
Carel Applica 2.154a
Carel Pcoweb Hvac Bacnet Gateway 2.1.0
Carel Applica 16 13020200
NA
CVE-2022-36633
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a u...
Goteleport Teleport
1 EDB exploit
940
VMScore
CVE-2022-20828
A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote malicious user to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the roo...
Cisco Asa Firepower
1 Metasploit module
1 Github repository
1 Article
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »