CVE-2019-14868

HIGH Year: 2019
CVSS v3 Score
7.8
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-77
View all →

Vulnerability Description

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.

Related Vulnerabilities

CVE-2010-4345

HIGH
CVSS:7.8(High)

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary comma...

CWE-772010

CVE-2014-1834

HIGH
CVSS:7.8(High)

The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password.

CWE-772014

CVE-2014-4677

HIGH
CVSS:7.8(High)

The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters ...

CWE-772014

CVE-2014-5220

HIGH
CVSS:7.8(High)

The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.

CWE-772014

CVE-2014-9114

HIGH
CVSS:7.8(High)

Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

CWE-772014

CVE-2015-2210

HIGH
CVSS:7.8(High)

The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command she...

CWE-772015