Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zsh zsh vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2014-10070
zsh prior to 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in priv...
Zsh Project Zsh
NA
CVE-2007-6209
Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Zsh Zsh 4.3.4
9.8
CVSSv3
CVE-2018-7548
In subst.c in zsh up to and including 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.
Zsh Zsh
Canonical Ubuntu Linux 17.10
9.8
CVSSv3
CVE-2018-0502
An issue exists in zsh prior to 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Zsh Zsh
9.8
CVSSv3
CVE-2018-13259
An issue exists in zsh prior to 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Zsh Zsh
9.8
CVSSv3
CVE-2016-10714
In zsh prior to 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.
Zsh Zsh
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
9.8
CVSSv3
CVE-2021-3727
# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, ...
Planetargon Oh My Zsh
8.8
CVSSv3
CVE-2021-3725
Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then...
Planetargon Oh My Zsh
9.8
CVSSv3
CVE-2021-3726
# Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in...
Planetargon Oh My Zsh
7.5
CVSSv3
CVE-2021-3934
ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command
Planetargon Oh My Zsh
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »