Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-3593-1
HistoryMar 08, 2018 - 12:00 a.m.

Zsh vulnerabilities

2018-03-0800:00:00
ubuntu.com
31

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.4%

JSON

Releases

  • Ubuntu 17.10
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • zsh - shell with lots of features

Details

It was discovered that Zsh incorrectly handled certain enviroment variables.
An attacker could possibly use this issue to gain privileged access to the
system. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10070)

It was discovered that Zsh incorrectly handled certain inputs.
An attacker could possibly use this to execute arbitrary code. This
issue only affected Ubuntu 14.04 LTS. (CVE-2014-10071)

It was discovered that Zsh incorrectly handled some symbolic links.
An attacker could possibly use this to execute arbitrary code. This issue
only affected Ubuntu 14.04 LTS. (CVE-2014-10072)

It was discovered that Zsh incorrectly handled certain errors. An attacker
could possibly use this issue to cause a denial of service. (CVE-2016-10714)

It was discovered that Zsh incorrectly handled certain commands. An attacker
could possibly use this to execute arbitrary code. (CVE-2017-18205)

It was discovered that Zsh incorrectly handled certain symlinks. An attacker
could possibly use this to execute arbitrary code. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-18206)

It was discovered that Zsh incorrectly handled certain inputs. An attacker could
possible use to execute arbitrary code. This issue only affected Ubuntu 17.10.
(CVE-2018-7548)

It was discovered that Zsh incorrectly handled certain inputs. An attacker
could possibly use this to cause a denial of service. (CVE-2018-7549)

OSVersionArchitecturePackageVersionFilename
Ubuntu17.10noarchzsh< 5.2-5ubuntu1.1UNKNOWN
Ubuntu17.10noarchzsh-common< 5.2-5ubuntu1.1UNKNOWN
Ubuntu17.10noarchzsh-dbgsym< 5.2-5ubuntu1.1UNKNOWN
Ubuntu17.10noarchzsh-dev< 5.2-5ubuntu1.1UNKNOWN
Ubuntu17.10noarchzsh-doc< 5.2-5ubuntu1.1UNKNOWN
Ubuntu17.10noarchzsh-static< 5.2-5ubuntu1.1UNKNOWN
Ubuntu17.10noarchzsh-static-dbgsym< 5.2-5ubuntu1.1UNKNOWN
Ubuntu16.04noarchzsh< 5.1.1-1ubuntu2.1UNKNOWN
Ubuntu16.04noarchzsh-common< 5.1.1-1ubuntu2.1UNKNOWN
Ubuntu16.04noarchzsh-dbg< 5.1.1-1ubuntu2.1UNKNOWN
Rows per page:
1-10 of 211

Related

nessus 34
openvas 19
osv 6
debian 2
suse 2
fedora 5
mageia 1
amazon 2
oraclelinux 2
centos 2
redhat 2
rosalinux 1
slackware 1
gentoo 1
archlinux 1
prion 8
cve 8
redhatcve 6
debiancve 8
ubuntucve 8
veracode 2
photon 8
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : Zsh vulnerabilities (USN-3593-1)
2018-03-09 00:00:00
Debian DLA-1304-1 : zsh security update
2018-03-12 00:00:00
EulerOS 2.0 SP1 : zsh (EulerOS-SA-2018-1090)
2018-05-02 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3593-1)
2018-10-26 00:00:00
Debian: Security Advisory (DLA-1304-1)
2018-03-26 00:00:00
Huawei EulerOS: Security Advisory for zsh (EulerOS-SA-2018-1091)
2020-01-23 00:00:00
osv
osv
zsh - security update
2018-03-09 00:00:00
CVE-2016-10714
2018-02-27 22:29:00
CVE-2017-18206
2018-02-27 22:29:00
debian
debian
[SECURITY] [DLA 1304-1] zsh security update
2018-03-09 17:01:41
[SECURITY] [DLA 2470-1] zsh security update
2020-12-01 03:35:30
suse
suse
Security update for zsh (important)
2018-04-25 18:07:15
Security update for zsh (important)
2018-04-27 00:07:15
fedora
fedora
[SECURITY] Fedora 26 Update: zsh-5.3.1-7.fc26
2018-03-20 17:37:50
[SECURITY] Fedora 28 Update: zsh-5.4.2-7.fc28
2018-03-30 13:27:49
[SECURITY] Fedora 27 Update: zsh-5.4.1-2.fc27
2018-03-13 23:26:03
mageia
mageia
Updated zsh packages fix security vulnerabilities
2018-03-14 19:21:20
amazon
amazon
Low: zsh
2018-04-05 16:13:00
Medium: zsh
2018-12-06 00:20:00
oraclelinux
oraclelinux
zsh security and bug fix update
2018-11-05 00:00:00
zsh security update
2018-06-25 00:00:00
centos
centos
zsh security update
2018-11-15 18:54:22
zsh security update
2018-06-21 11:56:17
redhat
redhat
(RHSA-2018:3073) Moderate: zsh security and bug fix update
2018-10-30 04:16:11
(RHSA-2018:1932) Moderate: zsh security update
2018-06-19 02:12:48
rosalinux
rosalinux
Advisory ROSA-SA-2021-2005
2021-07-02 18:22:15
slackware
slackware
[slackware-security] zsh
2019-01-14 04:33:07
gentoo
gentoo
Zsh: Multiple vulnerabilities
2018-05-26 00:00:00
archlinux
archlinux
[ASA-201804-7] zsh: denial of service
2018-04-19 00:00:00
prion
prion
Input validation
2018-02-27 22:29:00
Null pointer dereference
2018-02-27 22:29:00
Code injection
2018-02-27 22:29:00
cve
cve
CVE-2014-10070
2018-02-27 22:29:00
CVE-2016-10714
2018-02-27 22:29:00
CVE-2017-18205
2018-02-27 22:29:00
redhatcve
redhatcve
CVE-2014-10070
2018-03-02 06:49:25
CVE-2016-10714
2018-03-05 22:48:53
CVE-2017-18205
2018-03-02 06:48:52
debiancve
debiancve
CVE-2014-10071
2018-02-27 22:29:00
CVE-2014-10070
2018-02-27 22:29:00
CVE-2017-18205
2018-02-27 22:29:00
ubuntucve
ubuntucve
CVE-2014-10071
2018-02-27 00:00:00
CVE-2016-10714
2018-02-27 00:00:00
CVE-2017-18205
2018-02-27 00:00:00
veracode
veracode
Privilege Escalation
2019-05-16 03:01:47
Denial Of Service (DoS)
2019-01-15 09:24:27
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0028
2018-03-21 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0222
2020-03-27 00:00:00
Critical Photon OS Security Update - PHSA-2018-0028
2018-03-24 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.4%

JSON
Related for USN-3593-1
nessus34openvas19osv6debian2suse2fedora5mageia1amazon2oraclelinux2centos2redhat2rosalinux1slackware1gentoo1archlinux1prion8cve8redhatcve6debiancve8ubuntucve8veracode2photon8