Download
| Alert*
|
oval:org.secpod.oval:def:601787
Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was incomplete and could still allow some characters to be injected into another environment . With this update prefix and suffix for environment variable names which con ... oval:org.secpod.oval:def:23394 The host is installed with Apple Mac OS X or Server 10.8.5, 10.9.5 or before 10.10.2 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted content. Successful exploitation allows attackers to execute arbitrary code. oval:org.secpod.oval:def:1500809 GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted envir ... oval:org.secpod.oval:def:52315 bash: GNU Bourne Again SHell Several security issues were fixed in Bash. oval:org.secpod.oval:def:30961 The host is missing a security update according to Apple advisory, APPLE-SA-2015-09-30-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code, dis ... oval:org.secpod.oval:def:23401 The host is missing a security update according to Apple advisory, APPLE-SA-2015-01-27-4. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fails to handle crafted data. Successful exploitation allows attackers to execute arbitrary code or crash ... oval:org.secpod.oval:def:1500850 Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction. oval:org.secpod.oval:def:702239 bash: GNU Bourne Again SHell Several security issues were fixed in Bash. oval:org.secpod.oval:def:1500832 GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and m ... |
