MiracleLinux 4 : zsh-4.3.11-11.AXS4 (AXSA:2020-4504:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4504:01 advisory. zsh: insecure dropping of privileges when unsetting PRIVILEGED option CVE-2019-20044 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : zsh-5.0.2-34.el7.2 (AXSA:2020-4510:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4510:02 advisory. zsh: insecure dropping of privileges when unsetting PRIVILEGED option CVE-2019-20044 Tenable has extracted the preceding description block directly from the...

Linux Distros Unpatched Vulnerability : CVE-2019-20044

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the...

TencentOS Server 3: zsh (TSSA-2022:0073)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0073 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

RHEL 5 : zsh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - zsh: buffer overrun in symlinks CVE-2017-18206 - In builtin.c in zsh before 5.4, when sh compatibility mo...

Rocky Linux 8 : zsh (RLSA-2020:0903)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:0903 advisory. - In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the...

K000134672: Zsh vulnerability CVE-2019-20044

Security Advisory Description In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULEPATH=/dir/with/module zmodload with a module that...

SUSE SLES11 Security Update : zsh (SUSE-SU-2022:14910-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14910-1 advisory. - zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment instead of treating them as...

SUSE: Security Advisory (SUSE-SU-2022:14910-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5325-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5325-1: Zsh vulnerabilities

Sam Foxman discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to regain dropped privileges. CVE-2019-20044 It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-45...

USN-5325-1 zsh vulnerabilities

Sam Foxman discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to regain dropped privileges. CVE-2019-20044 It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-45...

SUSE SLES12 Security Update : zsh (SUSE-SU-2022:0733-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0733-1 advisory. - zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker...

openSUSE: Security Advisory for zsh (openSUSE-SU-2022:0735-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2022:0732-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : zsh (openSUSE-SU-2022:0735-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0735-1 advisory. - In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite...

Security update for zsh (important)

openSUSE Security Update: Security update for zsh Announcement ID: openSUSE-SU-2022:0735-1 Rating: important References: 1163882 1196435 Cross-References: CVE-2019-20044 CVE-2021-45444 CVSS scores: CVE-2019-20044 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-20044 SUSE: 7...

AlmaLinux 8 : zsh (ALSA-2020:0903)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:0903 advisory. - In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the...

NewStart CGSL CORE 5.05 / MAIN 5.05 : zsh Vulnerability (NS-SA-2020-0108)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has zsh packages installed that are affected by a vulnerability: - In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the...

NewStart CGSL CORE 5.04 / MAIN 5.04 : zsh Vulnerability (NS-SA-2020-0041)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has zsh packages installed that are affected by a vulnerability: - In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the...