- Home
- CVEs with nessus.description==The remote VMware ESX host is affected by multiple vulnerabilities
in the Bash shell :
- A command injection vulnerability exists in GNU Bash
known as Shellshock. The vulnerability is due to the
processing of trailing strings after function
definitions in the values of environment variables. This
allows a remote attacker to execute arbitrary code via
environment variable manipulation depending on the
configuration of the system. (CVE-2014-6271,
CVE-2014-7169, CVE-2014-6277, CVE-2014-6278)
- A out-of-bounds read error exists in the redirection
implementation in file parse.y when evaluating
untrusted input during stacked redirects handling. A
remote attacker can exploit this to cause a denial of
service or possibly have other unspecified impact.
(CVE-2014-7186)
- An off-by-one overflow condition exists in the
read_token_word() function in file parse.y when handling
deeply nested flow control structures. A remote attacker
can exploit this, by using deeply nested for-loops, to
cause a denial of service or possibly execute arbitrary
code. (CVE-2014-7187)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top