National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): bash
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 66 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2018-17793

** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "python $(bash >&2)" and "python $(rbash >&2)" commands. NOTE: the software maintainer disputes this because the Python interpreter in a virtualenv is supposed to be able to execute arbitrary code.

Published: September 30, 2018; 03:29:00 PM -04:00
V3: 10.0 CRITICAL
V2: 10.0 HIGH
CVE-2018-10895

qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution.

Published: July 12, 2018; 08:29:00 AM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-11228

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).

Published: June 07, 2018; 09:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2017-16206

The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

Published: June 06, 2018; 10:29:06 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-16205

The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

Published: June 06, 2018; 10:29:06 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-16204

The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

Published: June 06, 2018; 10:29:06 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-16203

The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

Published: June 06, 2018; 10:29:06 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-16202

The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

Published: June 06, 2018; 10:29:06 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2014-1226

The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876.

Published: April 06, 2018; 01:29:00 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2013-6876

The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the version number was not changed.

Published: April 06, 2018; 01:29:00 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-17743

Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account.

Published: March 22, 2018; 01:29:00 AM -04:00
V3: 6.7 MEDIUM
V2: 6.5 MEDIUM
CVE-2018-7739

antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=>&password=%0a string to the /login URI. This allows obtaining root permissions within the web management console, because the login process uses Java's ProcessBuilder class and a bash script called antsle-auth with insufficient input validation.

Published: March 06, 2018; 09:29:03 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-7738

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.

Published: March 06, 2018; 09:29:03 PM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2015-2981

The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: January 12, 2018; 12:29:00 PM -05:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-12340

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash shell is disabled on the system. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain functions of the Python scripting sandbox of the affected system. An attacker could exploit this vulnerability to escape the scripting sandbox and enter the Bash shell of the operating system with the privileges of the authenticated user for the affected system. To exploit this vulnerability, the attacker must have local access to the affected system and be authenticated to the affected system with administrative or Python execution privileges. Cisco Bug IDs: CSCvd86513.

Published: November 30, 2017; 04:29:00 AM -05:00
V3: 4.2 MEDIUM
V2: 4.6 MEDIUM
CVE-2017-1000083

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

Published: September 05, 2017; 02:29:00 AM -04:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-0634

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.

Published: August 28, 2017; 11:29:01 AM -04:00
V3: 7.5 HIGH
V2: 6.0 MEDIUM
CVE-2016-3704

Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.

Published: June 13, 2017; 01:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-8799

Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users (potentially anonymous) to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved via igetwild. Because igetwild is a Bash script, the part of the pathname following the semicolon would be executed in the user's shell.

Published: May 05, 2017; 02:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-5932

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.

Published: March 27, 2017; 11:59:00 AM -04:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM