rpm package
opensuse/fish3&distro=openSUSE Leap 15.1
pkg:rpm/opensuse/fish3&distro=openSUSE%20Leap%2015.1
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-2906 | — | < 3.0.0-lp151.2.1 | 3.0.0-lp151.2.1 | Jan 28, 2020 | The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name. | ||
| CVE-2014-3856 | — | < 3.0.0-lp151.2.1 | 3.0.0-lp151.2.1 | Jan 28, 2020 | The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name. | ||
| CVE-2014-2914 | — | < 3.0.0-lp151.2.1 | 3.0.0-lp151.2.1 | Jan 28, 2020 | fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt. | ||
| CVE-2014-3219 | Hig | 7.8 | < 3.0.0-lp151.2.1 | 3.0.0-lp151.2.1 | Feb 9, 2018 | fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. | |
| CVE-2014-2905 | — | < 3.0.0-lp151.2.1 | 3.0.0-lp151.2.1 | May 2, 2014 | fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions. |
- CVE-2014-2906Jan 28, 2020affected < 3.0.0-lp151.2.1fixed 3.0.0-lp151.2.1
The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name.
- CVE-2014-3856Jan 28, 2020affected < 3.0.0-lp151.2.1fixed 3.0.0-lp151.2.1
The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name.
- CVE-2014-2914Jan 28, 2020affected < 3.0.0-lp151.2.1fixed 3.0.0-lp151.2.1
fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt.
- affected < 3.0.0-lp151.2.1fixed 3.0.0-lp151.2.1
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.
- CVE-2014-2905May 2, 2014affected < 3.0.0-lp151.2.1fixed 3.0.0-lp151.2.1
fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions.