pkg:Debian/bash

All known vulnerabilities

• CRITICAL9.8CVE-2014-7169⚠ KEVbash - security update
  from 0, < 4.2+dfsg-0.1+deb7u3
• CRITICAL9.8CVE-2014-7169⚠ KEVbash - security update
  from 0, < 4.3-9.2
• CRITICAL9.8CVE-2014-7169⚠ KEVbash - security update
  from 0, < 4.1-3+deb6u2
• CRITICAL9.8CVE-2014-6271⚠ KEVbash - security update
  from 0, < 4.2+dfsg-0.1+deb7u1
• CRITICAL9.8CVE-2014-6271⚠ KEVbash - security update
  from 0, < 4.1-3+deb6u1
• CRITICAL9.8CVE-2014-6271⚠ KEVbash - security update
  from 0, < 4.3-9.1
• HIGH8.8CVE-2014-6278⚠ KEVGNU Bash OS Command Injection Vulnerability
  from 0, < 4.3-9.2
• HIGH8.4CVE-2016-7543bash - security update
  from 0, < 4.2+dfsg-0.1+deb7u4
• HIGH8.4CVE-2016-7543bash - security update
  from 0, < 4.4-1
• HIGH7.8CVE-2022-3715A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform.
  from 0
• HIGH7.8CVE-2019-18276An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11.
  from 0, < 5.1~rc1-2
• HIGH7.8CVE-2012-6711A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE en…
  from 0, < 4.3-1
• HIGH7.8CVE-2019-9924rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with…
  from 0, < 4.4-1
• HIGH7.8CVE-2017-5932The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) c…
  from 0, < 4.4-3
• HIGH7.5CVE-2016-0634The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters…
  from 0, < 4.4-1
• MEDIUM5.5CVE-2016-9401bash - security update
  from 0, < 4.4-3
• MEDIUM5.5CVE-2016-9401bash - security update
  from 0, < 4.3-11+deb8u2
• —CVE-2014-7187Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of…
  from 0, < 4.3-9.2
• —CVE-2014-7186The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-b…
  from 0, < 4.3-9.2
• —CVE-2014-6277GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote at…
  from 0, < 4.3-9.2
• —CVE-2012-3410Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell…
  from 0, < 4.2-4
• —CVE-2008-5374bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) al…
  from 0, < 4.0-2