Skip to main content
CVE-2014-6278 HIGH POC KEV PATCH THREAT Act Now

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Apache SSH
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
90.1%
Threat
7.5
CVE-2014-6051 HIGH PATCH This Week

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow Enterprise Linux Server Aus Enterprise Linux Server Eus +4
NVD GitHub
CVSS 2.0
7.5
EPSS
6.6%
CVE-2012-5487 HIGH PATCH This Week

The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Python Privilege Escalation Plone
NVD GitHub
CVSS 2.0
8.5
EPSS
0.7%
CVE-2012-5493 HIGH PATCH This Week

gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Plone
NVD GitHub
CVSS 2.0
8.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy