High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-14	CVE-2021-45444	In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. local low complexity zsh fedoraproject debian apple	7.8
2020-02-24	CVE-2019-20044	Improper Check for Dropped Privileges vulnerability in multiple products In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. local low complexity zsh fedoraproject debian apple CWE-273	7.8
2018-04-11	CVE-2018-1100	zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. local low complexity zsh canonical redhat	7.8
2018-03-28	CVE-2018-1083	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. local low complexity zsh canonical debian redhat CWE-119	7.8
2018-02-27	CVE-2018-7549	Improper Input Validation vulnerability in multiple products In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. network low complexity zsh redhat canonical CWE-20	7.5