fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...
6.6CVSS
6.6AI Score
0.0004EPSS
fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing.....
7.8CVSS
7.7AI Score
0.002EPSS
An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin...
7.5CVSS
7.2AI Score
0.002EPSS
An insecure, direct object vulnerability in hunting/fishing license retrieval function of the "Fish | Hunt FL" iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other people's personal information and images of their hunting/fishing...
4.3CVSS
4AI Score
0.001EPSS
fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by...
9.8CVSS
9.6AI Score
0.007EPSS
The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable...
7CVSS
8AI Score
0.0004EPSS
The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable...
7CVSS
7.8AI Score
0.0004EPSS
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4)...
7.8CVSS
8.2AI Score
0.0004EPSS
fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user...
8.8AI Score
0.0004EPSS
Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long...
7.5AI Score
0.171EPSS