Lucene search
K

8 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:39 a.m.3 views

SUSE CVE-2017-14176

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117...

4.8CVSS8.4AI score0.05978EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:36 a.m.4 views

SUSE CVE-2017-17459

httptransport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176,...

7.5CVSS8.5AI score0.02805EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:43 a.m.17 views

Bazaar allows remote attackers to execute arbitrary commands via a bzr+ssh URL with initial dash character in hostname

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117...

9.3CVSS7.1AI score0.05978EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2017/12/21 6:29 a.m.5 views

UBUNTU-CVE-2017-17831

GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository...

8.8CVSS7.6AI score0.03677EPSS
Exploits1References5
OSV
OSV
added 2017/12/07 6:29 p.m.0 views

DEBIAN-CVE-2017-17459

httptransport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176,...

8.8CVSS8.4AI score0.02805EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/31 12:0 a.m.3 views

Dulwich Arbitrary Command Execution Vulnerability

Dulwich is a Python implementation of the file format and protocols of the Git version control system developed by software developer Jelmer Vernooij. A security vulnerability exists in versions of Dulwich prior to 0.18.5. The vulnerability can be exploited by a remote attacker to execute arbitra...

9.8CVSS7.6AI score0.03394EPSS
Exploits0References1
PyPA
PyPA
added 2017/10/29 8:29 p.m.5 views

PYSEC-2017-12

Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117...

9.8CVSS7.8AI score0.03394EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2017/08/21 12:0 a.m.1 views

git-annex Arbitrary Command Execution Vulnerability

git-annex is a distributed file synchronization system. A security vulnerability exists in git-annex versions prior to 6.20170818. A remote attacker can use an ssh URL with an initial dash in the hostname to execute arbitrary commands...

8.8CVSS9.4AI score0.0267EPSS
Exploits0References1
Rows per page
Query Builder