Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zsh zsh vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-3769
# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-...
Planetargon Oh My Zsh
7.5
CVSSv2
CVE-2021-3726
# Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in...
Planetargon Oh My Zsh
7.5
CVSSv2
CVE-2021-3727
# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, ...
Planetargon Oh My Zsh
7.5
CVSSv2
CVE-2018-13259
An issue exists in zsh prior to 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Zsh Zsh
7.5
CVSSv2
CVE-2018-0502
An issue exists in zsh prior to 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Zsh Zsh
7.5
CVSSv2
CVE-2018-7548
In subst.c in zsh up to and including 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.
Zsh Zsh
Canonical Ubuntu Linux 17.10
7.5
CVSSv2
CVE-2016-10714
In zsh prior to 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.
Zsh Zsh
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
7.2
CVSSv2
CVE-2019-20044
In Zsh prior to 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid...
Zsh Zsh
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Apple Mac Os X
Apple Iphone Os
Apple Watchos
Apple Tvos
Apple Ipados
Apple Mac Os X 10.14.6
Apple Mac Os X 10.13.6
2 Github repositories
6.8
CVSSv2
CVE-2021-3725
Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then...
Planetargon Oh My Zsh
5.1
CVSSv2
CVE-2021-45444
In zsh prior to 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
Zsh Zsh
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Apple Mac Os X
Apple Mac Os X 10.15.7
Apple Macos
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »