120 matches found
AZL-32081 CVE-2023-49284 affecting package fish for versions less than 3.6.2-1
fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...
Information disclosure
fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...
UBUNTU-CVE-2023-49284
fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...
CVE-2023-49284
CVE-2023-49284 affects the fish shell (macOS, Linux, and related platforms). The vulnerability arises from Unicode non-characters used internally for marking wildcards and expansions, which can be read in command substitution output instead of being safely transformed. This can cause unexpected b...
CVE-2023-49284 Command substitution output can trigger shell expansion in fish shell
fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...
CVE-2023-49284
fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...
CVE-2023-49284 Command substitution output can trigger shell expansion in fish shell
fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...
SUSE CVE-2017-5932
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...
Ian Dunn: Double evaluation in .bash_prompt of dotfiles allows a malicious repository to execute arbitrary commands
Summary Due to the improper usage of the PS1 environment variable in .bashprompt of dotfiles, a malicious repository can execute arbitrary commands when changed the current directory to it. Description The PS1 environment variable of bash supports command substitutions. For example, setting PS1 t...
Comtrend-AR-5310 - Restricted Shell Escape
Comtrend-AR-5310 - Restricted Shell Escape Exploit Title: Comtrend-AR-5310 - Restricted Shell Escape Date: 2019-07-20 Exploit Author: AMRI Amine Vendor Homepage: https://www.comtrend.com/ Version: GE31-412SSG-C01R10.A2pG039u.d24k Tested on: Linux busybox TL;DR: A local user can bypass the...
Comtrend-AR-5310 - Restricted Shell Escape Vulnerability
Exploit for linux platform in category local exploits Exploit Title: Comtrend-AR-5310 - Restricted Shell Escape Date: 2019-07-20 Exploit Author: AMRI Amine Vendor Homepage: https://www.comtrend.com/ Version: GE31-412SSG-C01R10.A2pG039u.d24k Tested on: Linux busybox TL;DR: A local user can bypass...
Comtrend AR-5310 Restricted Shell Escape
Exploit Title: Comtrend-AR-5310 - Restricted Shell Escape Date: 2019-07-20 Exploit Author: AMRI Amine Vendor Homepage: https://www.comtrend.com/ Version: GE31-412SSG-C01R10.A2pG039u.d24k Tested on: Linux busybox TL;DR: A local user can bypass the restricted shell using the command substitution...
Comtrend-AR-5310 - Restricted Shell Escape
Exploit Title: Comtrend-AR-5310 - Restricted Shell Escape Date: 2019-07-20 Exploit Author: AMRI Amine Vendor Homepage: https://www.comtrend.com/ Version: GE31-412SSG-C01R10.A2pG039u.d24k Tested on: Linux busybox TL;DR: A local user can bypass the restricted shell using the command substitution...
openSUSE Security Update : zsh (openSUSE-2019-501)
This update for zsh to version 5.5 fixes the following issues : Security issues fixed : - CVE-2018-1100: Fixes a buffer overflow in utils.c:checkmailpath that can lead to local arbitrary code execution bsc1089030 - CVE-2018-1071: Fixed a stack-based buffer overflow in exec.c:hashcmd bsc1084656 -...
openSUSE Security Update : zsh (openSUSE-2018-699)
This update for zsh to version 5.5 fixes the following issues : Security issues fixed : - CVE-2018-1100: Fixes a buffer overflow in utils.c:checkmailpath that can lead to local arbitrary code execution bsc1089030 - CVE-2018-1071: Fixed a stack-based buffer overflow in exec.c:hashcmd bsc1084656 -...
Security update for zsh (moderate)
This update for zsh to version 5.5 fixes the following issues: Security issues fixed: - CVE-2018-1100: Fixes a buffer overflow in utils.c:checkmailpath that can lead to local arbitrary code execution bsc1089030 - CVE-2018-1071: Fixed a stack-based buffer overflow in exec.c:hashcmd bsc1084656 -...
Authentication flaw
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...
DEBIAN-CVE-2017-5932
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...
CVE-2017-5932
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...
CVE-2017-5932
CVE-2017-5932 is a Bash local privilege escalation exploiting the path autocompletion feature. A crafted filename that begins with a double quote and includes a command substitution metacharacter can allow a local user to execute arbitrary code with elevated privileges. The vulnerability affects ...