Every CVE whose affected-product data names Fishshell Fish, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2014-2914 — CVSS 9.8 (critical): fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote…
CVE-2014-3219 — CVSS 7.8 (high): fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER…
CVE-2022-20001 — CVSS 7.8 (high): fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can…
CVE-2014-3856 — CVSS 7.0 (high): The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain…
CVE-2014-2906 — CVSS 7.0 (high): The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to…
CVE-2014-2905 — CVSS 6.9 (medium): fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the…
CVE-2023-49284 — CVSS 3.9 (low): fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode…