9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.7%
Software: zsh 5.0.2
OS: Cobalt 7.9
CVE-ID: CVE-2014-10070
CVE-Crit: HIGH
CVE-DESC: zsh before 5.0.7 allows the initial values of integer variables imported from the environment to be evaluated (instead of treating them as literal numbers). This may allow local privilege escalation under some specific and atypical conditions when zsh is invoked in the context of privilege escalation when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where env_reset is disabled.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-10714
CVE-Crit: CRITICAL
CVE-DESC: In zsh prior to version 5.3, a single bug caused buffers intended to support PATH_MAX characters to be reduced in size.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-0502
CVE-Crit: CRITICAL
CVE-DESC: a problem was found in zsh before version 5.6. The start #! script file was mishandled, which could cause execve to be called for the program named in the second line.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-7548
CVE-Crit: CRITICAL
CVE-DESC: in subst.c in zsh before 5.4.2 dereferencing a null pointer when using $ {(PA) …} for an empty array result.
CVE-STATUS: default
CVE-REV: default
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.7%