Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zsh zsh vulnerabilities and exploits
(subscribe to this query)
5.1
CVSSv2
CVE-2021-3934
ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command
Planetargon Oh My Zsh
4.6
CVSSv2
CVE-2014-10070
zsh prior to 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in priv...
Zsh Project Zsh
4.6
CVSSv2
CVE-2007-6209
Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Zsh Zsh 4.3.4
4.6
CVSSv2
CVE-2005-4158
Sudo prior to 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as librar...
Todd Miller Sudo 1.5.6
Todd Miller Sudo 1.5.7
Todd Miller Sudo 1.6.3 P1
Todd Miller Sudo 1.6.3 P2
Todd Miller Sudo 1.6.3 P3
Todd Miller Sudo 1.6.4 P2
Todd Miller Sudo 1.6.5
Todd Miller Sudo 1.6.8 P1
Todd Miller Sudo 1.6.8 P5
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.4
Todd Miller Sudo 1.6.4 P1
Todd Miller Sudo 1.6.7 P5
Todd Miller Sudo 1.6.8
Todd Miller Sudo 1.6
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.3 P6
Todd Miller Sudo 1.6.3 P7
Todd Miller Sudo 1.6.6
Todd Miller Sudo 1.6.7
Todd Miller Sudo 1.6.8 P9
3 EDB exploits
4.6
CVSSv2
CVE-2002-1476
Buffer overflow in setlocale in libc on NetBSD 1.4.x up to and including 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local malicious users to execute arbitrary code via a user-controlled locale string that has more than 6 elements, whic...
Netbsd Netbsd 1.5
Netbsd Netbsd 1.5.1
Netbsd Netbsd 1.5.2
Netbsd Netbsd 1.5.3
Netbsd Netbsd 1.6
Netbsd Netbsd 1.4
1.9
CVSSv2
CVE-2022-24725
Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the `escape` or `escapeAll` functions from the _shescape_ API with the `interpolation` option set to `true`. Other...
Shescape Project Shescape
NA
CVE-2024-27301
Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang `#...
NA
CVE-2022-45063
xterm prior to 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.
Invisible-island Xterm
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2