Количество 15
Количество 15
CVE-2014-6278
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
CVE-2014-6278
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
CVE-2014-6278
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
CVE-2014-6278
GNU Bash through 4.3 bash43-026 does not properly parse function defin ...
GHSA-6493-28fj-f93w
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
ELSA-2014-3094
ELSA-2014-3094: bash security update (IMPORTANT)
ELSA-2014-3093
ELSA-2014-3093: bash security update (IMPORTANT)
ELSA-2014-3092
ELSA-2014-3092: bash security update (IMPORTANT)
openSUSE-SU-2016:2961-1
Security update for bash
SUSE-SU-2016:2872-1
Security update for bash
BDU:2015-09818
Уязвимости операционной системы Альт Линукс СПТ, позволяющие удаленному злоумышленнику нарушить работоспособность устройства
BDU:2015-09794
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2014-00319
Уязвимость интерпретатора командной строки GNU Bash, позволяющая злоумышленнику вызвать отказ в обслуживании или выполнить произвольный код
SUSE-SU-2017:2699-1
Security update for SLES 12 Docker image
SUSE-SU-2017:2700-1
Security update for SLES 12-SP1 Docker image
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2014-6278 GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. | CVSS2: 10 | 89% Высокий | больше 10 лет назад |
 | CVE-2014-6278 GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. | CVSS2: 7.5 | 89% Высокий | больше 10 лет назад |
 | CVE-2014-6278 GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. | CVSS2: 10 | 89% Высокий | больше 10 лет назад |
| CVE-2014-6278 GNU Bash through 4.3 bash43-026 does not properly parse function defin ... | CVSS2: 10 | 89% Высокий | больше 10 лет назад |
| GHSA-6493-28fj-f93w GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. | 89% Высокий | около 3 лет назад | |
| ELSA-2014-3094 ELSA-2014-3094: bash security update (IMPORTANT) | больше 10 лет назад | ||
| ELSA-2014-3093 ELSA-2014-3093: bash security update (IMPORTANT) | больше 10 лет назад | ||
| ELSA-2014-3092 ELSA-2014-3092: bash security update (IMPORTANT) | больше 10 лет назад | ||
 | openSUSE-SU-2016:2961-1 Security update for bash | больше 8 лет назад | ||
| SUSE-SU-2016:2872-1 Security update for bash | больше 8 лет назад | ||
 | BDU:2015-09818 Уязвимости операционной системы Альт Линукс СПТ, позволяющие удаленному злоумышленнику нарушить работоспособность устройства | CVSS2: 10 | около 10 лет назад | |
| BDU:2015-09794 Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации | CVSS2: 10 | больше 10 лет назад | |
| BDU:2014-00319 Уязвимость интерпретатора командной строки GNU Bash, позволяющая злоумышленнику вызвать отказ в обслуживании или выполнить произвольный код | CVSS2: 10 | больше 10 лет назад | |
| SUSE-SU-2017:2699-1 Security update for SLES 12 Docker image | больше 7 лет назад | ||
| SUSE-SU-2017:2700-1 Security update for SLES 12-SP1 Docker image | больше 7 лет назад |
Уязвимостей на страницу