rpm package
opensuse/fish&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/fish&distro=openSUSE%20Tumbleweed
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-49284 | — | < 3.6.4-1.1 | 3.6.4-1.1 | Dec 4, 2023 | fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, ra | ||
| CVE-2014-2906 | — | < 2.4.0-1.1 | 2.4.0-1.1 | Jan 28, 2020 | The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name. | ||
| CVE-2014-3856 | — | < 2.4.0-1.1 | 2.4.0-1.1 | Jan 28, 2020 | The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name. | ||
| CVE-2014-2914 | — | < 2.4.0-1.1 | 2.4.0-1.1 | Jan 28, 2020 | fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt. | ||
| CVE-2014-3219 | Hig | 7.8 | < 2.4.0-1.1 | 2.4.0-1.1 | Feb 9, 2018 | fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. | |
| CVE-2014-2905 | — | < 2.4.0-1.1 | 2.4.0-1.1 | May 2, 2014 | fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions. |
- CVE-2023-49284Dec 4, 2023affected < 3.6.4-1.1fixed 3.6.4-1.1
fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, ra
- CVE-2014-2906Jan 28, 2020affected < 2.4.0-1.1fixed 2.4.0-1.1
The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name.
- CVE-2014-3856Jan 28, 2020affected < 2.4.0-1.1fixed 2.4.0-1.1
The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name.
- CVE-2014-2914Jan 28, 2020affected < 2.4.0-1.1fixed 2.4.0-1.1
fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt.
- affected < 2.4.0-1.1fixed 2.4.0-1.1
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.
- CVE-2014-2905May 2, 2014affected < 2.4.0-1.1fixed 2.4.0-1.1
fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions.