14 matches found
Linux Distros Unpatched Vulnerability : CVE-2014-10070
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment instead of treating them as literal numbers. That...
RHEL 5 : zsh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - zsh: buffer overrun in symlinks CVE-2017-18206 - zsh before 5.0.7 allows evaluation of the initial values...
RHEL 7 : zsh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - zsh: privilege escalation via environment variables CVE-2014-10070 Note that Nessus has not tested for this issue b...
RHEL 6 : zsh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - zsh: Improper handling of shebang line longer than 64 CVE-2018-13259 - zsh before 5.0.7 allows evaluation...
SUSE SLES11 Security Update : zsh (SUSE-SU-2022:14910-1)
The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14910-1 advisory. - zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment instead of treating them as...
SUSE: Security Advisory (SUSE-SU-2022:14910-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for zsh (EulerOS-SA-2018-1090)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for zsh (EulerOS-SA-2018-1091)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for zsh (openSUSE-SU-2018:1093-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : zsh (openSUSE-2018-399)
This update for zsh fixes the following issues : - CVE-2014-10070: environment variable injection could lead to local privilege escalation bnc1082885 - CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. bnc1082977 - CVE-2014-10072: buffer overflow In utils.c when scanning...
Debian: Security Advisory (DLA-1304-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2014-10070
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment instead of treating them as literal numbers. That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation...
CVE-2014-10070
Mode C: CVE-2014-10070 affects zsh prior to 5.0.7, where environment-imported initial values of integer variables may be evaluated instead of literals when zsh is invoked in privilege-elevation contexts with unsanitized env (e.g., sudo with env_reset disabled). This can enable local privilege esc...
CVE-2014-10070
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment instead of treating them as literal numbers. That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation...