Vulnerabilities > ZSH > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-05 | CVE-2018-13259 | Improper Input Validation vulnerability in multiple products An issue was discovered in zsh before 5.6. | 9.8 |
| 2018-09-05 | CVE-2018-0502 | Improper Input Validation vulnerability in multiple products An issue was discovered in zsh before 5.6. | 9.8 |
| 2018-02-27 | CVE-2018-7548 | NULL Pointer Dereference vulnerability in multiple products In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. | 9.8 |
| 2018-02-27 | CVE-2017-18206 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. | 9.8 |
| 2018-02-27 | CVE-2016-10714 | Numeric Errors vulnerability in multiple products In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. | 9.8 |
| 2018-02-27 | CVE-2014-10071 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax. | 9.8 |