VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> ZSH
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2022-02-14
CVE-2021-45444
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument.
local
low complexity
zsh
fedoraproject
debian
apple
7.8
7.8
2020-02-24
CVE-2019-20044
Improper Check for Dropped Privileges vulnerability in multiple products
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option.
local
low complexity
zsh
fedoraproject
debian
apple
CWE-273
7.8
7.8
2018-09-05
CVE-2018-13259
Improper Input Validation vulnerability in multiple products
An issue was discovered in zsh before 5.6.
network
low complexity
canonical
zsh
CWE-20
critical
9.8
9.8
2018-09-05
CVE-2018-0502
Improper Input Validation vulnerability in multiple products
An issue was discovered in zsh before 5.6.
network
low complexity
canonical
zsh
CWE-20
critical
9.8
9.8
2018-04-11
CVE-2018-1100
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function.
local
low complexity
zsh
canonical
redhat
7.8
7.8
2018-03-28
CVE-2018-1083
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality.
local
low complexity
zsh
canonical
debian
redhat
CWE-119
7.8
7.8
2018-03-09
CVE-2018-1071
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function.
local
low complexity
zsh
debian
canonical
redhat
5.5
5.5
2018-02-27
CVE-2018-7549
Improper Input Validation vulnerability in multiple products
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.
network
low complexity
zsh
redhat
canonical
CWE-20
7.5
7.5
2018-02-27
CVE-2018-7548
NULL Pointer Dereference vulnerability in multiple products
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.
network
low complexity
zsh
canonical
CWE-476
critical
9.8
9.8
2018-02-27
CVE-2017-18206
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.
network
low complexity
zsh
canonical
CWE-119
critical
9.8
9.8
«
1
(current)
2
»
Next