VYPR

rpm package

suse/bash&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1

pkg:rpm/suse/bash&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1

Vulnerabilities (6)

  • CVE-2012-6711Jun 18, 2019
    affected < 4.2-83.6.1fixed 4.2-83.6.1

    A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" bui

  • CVE-2019-9924Mar 22, 2019
    affected < 4.2-83.3.1fixed 4.2-83.3.1

    rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.

  • CVE-2016-0634HigAug 28, 2017
    affected < 4.2-82.1fixed 4.2-82.1

    The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.

  • CVE-2016-7543HigJan 19, 2017
    affected < 4.2-82.1fixed 4.2-82.1

    Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

  • CVE-2014-6278HigKEVSep 30, 2014
    affected < 4.2-82.1fixed 4.2-82.1

    GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH ssh

  • CVE-2014-6277Sep 27, 2014
    affected < 4.2-82.1fixed 4.2-82.1

    GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations)