8 matches found
CentOS 9 : zsh-5.8-9.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the zsh-5.8-9.el9 build changelog. - In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This...
Amazon Linux 2023 : zsh, zsh-html (ALAS2023-2023-035)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-035 advisory. A vulnerability was found in zsh in the parsecolorchar function of prompt.c file. This flaw allows an attacker to perform code execution if they control a command output inside the prompt, as stated by ...
Amazon Linux 2022 : zsh, zsh-html (ALAS2022-2022-117)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-117 advisory. A vulnerability was found in zsh in the parsecolorchar function of prompt.c file. This flaw allows an attacker to perform code execution if they control a command output inside the prompt, as stated by ...
EulerOS 2.0 SP3 : zsh (EulerOS-SA-2022-1778)
According to the versions of the zsh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. Th...
EulerOS 2.0 SP8 : zsh (EulerOS-SA-2022-1594)
According to the versions of the zsh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. Th...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Zsh vulnerabilities (USN-5325-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5325-1 advisory. Sam Foxman discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to regain dropped...
CVE-2021-45444
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPTSUBST expansion...
FreeBSD : zsh -- Arbitrary command execution vulnerability (d923fb0c-8c2f-11ec-aa85-0800270512f4)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d923fb0c-8c2f-11ec-aa85-0800270512f4 advisory. - In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside t...