449 matches found
DEBIAN-CVE-2014-2906
The psub function in fish aka fish-shell 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name...
CVE-2014-3856
The funced function in fish aka fish-shell 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name...
DEBIAN-CVE-2014-3856
The funced function in fish aka fish-shell 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name...
CVE-2014-2914
fish aka fish-shell 2.0.0 before 2.1.1 does not restrict access to the configuration service aka fishconfig, which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by setprompt...
CVE-2014-2906
The psub function in fish aka fish-shell 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name...
CVE-2014-3856
The funced function in fish aka fish-shell 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name...
CVE-2014-2914
fish aka fish-shell 2.0.0 before 2.1.1 does not restrict access to the configuration service aka fishconfig, which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by setprompt...
Design/Logic Flaw
The psub function in fish aka fish-shell 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name...
Design/Logic Flaw
The funced function in fish aka fish-shell 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name...
Code injection
fish aka fish-shell 2.0.0 before 2.1.1 does not restrict access to the configuration service aka fishconfig, which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by setprompt...
CVE-2014-2906
The psub function in fish aka fish-shell 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name...
CVE-2014-3856
The funced function in fish aka fish-shell 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name...
CVE-2014-2906
The psub function in fish aka fish-shell 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name...
CVE-2014-2906
CVE-2014-2906 affects fish-shell (psub) up to version 2.1.1, where the temporary file creation is mishandled, allowing a local attacker to execute commands via a predictable temporary file name. Affected product is the fish-shell line, with the root cause described as improper temporary file hand...
CVE-2014-2906
The psub function in fish aka fish-shell 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name...
CVE-2014-3856
The funced function in fish aka fish-shell 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name...
CVE-2014-3856
The CVE-2014-3856 entry pertains to fish-shell (fish) 1.23.0 prior to 2.1.1, where temporary files are created improperly, allowing local privilege elevation via a predictable-named temporary file. The vulnerability is a local impact issue (high severity per CVSS v3.1 in the connected data) and i...
CVE-2014-3856
The funced function in fish aka fish-shell 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name...
CVE-2014-2914
CVE-2014-2914 affects fish-shell up to version 2.0.0; versions before 2.1.1 do not restrict access to the configuration service (fish_config), enabling remote code execution via unspecified vectors (demonstrated by set_prompt). The NVD entry lists a CVSS‑3.1 base score of 9.8 (CRITICAL) and CVSS‑...
CVE-2014-2914
fish aka fish-shell 2.0.0 before 2.1.1 does not restrict access to the configuration service aka fishconfig, which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by setprompt...