Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fish fish vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2022-20001
fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration ...
Fishshell Fish
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2021-33982
An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and previous versions, which allows a remote malicious user to reuse, spoof, or steal other user and admin sessions.
Myfwc Fish \\| Hunt Fl
4.3
CVSSv3
CVE-2021-33981
An insecure, direct object vulnerability in hunting/fishing license retrieval function of the "Fish | Hunt FL" iOS app versions 3.8.0 and previous versions allows a remote authenticated malicious user to retrieve other people's personal information and images of th...
Myfwc Fish \\| Hunt Fl
3.3
CVSSv3
CVE-2020-12755
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras up to and including 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password.
Kde Kio-extras
7
CVSSv3
CVE-2014-3856
The funced function in fish (aka fish-shell) 1.23.0 prior to 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name.
Fishshell Fish
9.8
CVSSv3
CVE-2014-2914
fish (aka fish-shell) 2.0.0 prior to 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote malicious users to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt.
Fishshell Fish
7
CVSSv3
CVE-2014-2906
The psub function in fish (aka fish-shell) 1.16.0 prior to 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name.
Fishshell Fish
7.8
CVSSv3
CVE-2014-3219
fish prior to 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.
Fishshell Fish
Fedoraproject Fedora 19
NA
CVE-2014-2905
fish (aka fish-shell) 1.16.0 prior to 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions.
Fishshell Fish 1.16.0
Fishshell Fish 2.0.0
NA
CVE-2013-7049
Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as used in ZNC for Windows (znc-msvc) 0.206 and previous versions, allows remote malicious users to cause a denial of service (crash) via a long string in a DH1080_INIT message.
Znc Znc-msvc
Znc Znc-msvc 0.076
Znc Znc-msvc 0.093
Znc Znc-msvc 0.094
Znc Znc-msvc 0.095
Znc Znc-msvc 0.077
Znc Znc-msvc 0.078
Znc Znc-msvc 0.097
Znc Znc-msvc 0.098
Znc Znc-msvc 0.079
Znc Znc-msvc 0.080
Znc Znc-msvc 0.202
Znc Znc-msvc 0.089
Znc Znc-msvc 0.090
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »