1801 matches found
[SECURITY] [DSA 3984-1] git security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3984-1 [email protected] https://www.debian.org/security/ Florian Weimer September 26, 2017 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-3984-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1104-1 : newsbeuter security update
It was discovered that podbeuter, the podcast fetcher in newsbeuter, a text-mode RSS feed reader, did not properly escape the name of the media enclosure the podcast file, allowing a remote attacker to run an arbitrary shell command on the client machine. This is only exploitable if the file is...
mysql: Incorrect input validation allowing code execution via mysqldump
It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database...
[SECURITY] [DSA 3977-1] newsbeuter security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3977-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 18, 2017 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-3977-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[ASA-201709-11] newsbeuter: arbitrary command execution
Arch Linux Security Advisory ASA-201709-11 ========================================== Severity: High Date : 2017-09-16 CVE-ID : CVE-2017-12904 CVE-2017-14500 Package : newsbeuter Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-401 Summary ======= The...
Amazon Linux AMI : mercurial (ALAS-2017-893)
A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a 'checkout' or 'update' action on a sub-repository...
Important: mercurial
Issue Overview: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a "checkout" or "update" action on a...
EulerOS 2.0 SP2 : mercurial (EulerOS-SA-2017-1218)
According to the versions of the mercurial package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a serie...
EulerOS 2.0 SP1 : mercurial (EulerOS-SA-2017-1217)
According to the versions of the mercurial package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a serie...
EulerOS 2.0 SP1 : git (EulerOS-SA-2017-1187)
According to the versions of the git package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially craft...
EulerOS 2.0 SP2 : subversion (EulerOS-SA-2017-1176)
According to the version of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A shell command injection flaw related to the handling of 'svn+ssh' URLs has been discovered in Subversion. An attacker could use this flaw to...
CVE-2017-14100
In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The appminivm module has an "externnotify" program configuration option that is executed by the...
CVE-2017-14100
In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The appminivm module has an "externnotify" program configuration option that is executed by the...
Command injection
In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The appminivm module has an "externnotify" program configuration option that is executed by the...
CVE-2017-14100
In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The appminivm module has an "externnotify" program configuration option that is executed by the...
emacs, mercurial security update
CentOS Errata and Security Advisory CESA-2017:2489 An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...
asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm
The Asterisk project reports: AST-2017-005 - A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support this introduced an avenue where media could be hijacked. Instead of only learning a new...
CentOS 7 : git (CESA-2017:2484)
An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...