MGASA-2017-0331 Updated mercurial package fixes security vulnerabilities

Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand...

openSUSE Security Update : git (openSUSE-2017-988)

This update for git fixes the following issues : - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed bsc1052481 This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C...

openSUSE: Security Advisory for git (openSUSE-SU-2017:2331-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for git (important)

This update for git fixes the following issues: - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed bsc1052481 This update was imported from the SUSE:SLE-12:Update update project...

UBUNTU-CVE-2017-14100

In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The appminivm module has an "externnotify" program configuration option that is executed by the...

Debian DLA-1072-1 : mercurial security update

Two significant vulnerabilities were found in the Mercurial version control system which could lead to shell injection attacks and out-of-tree file overwrite. CVE-2017-1000115 Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository...

SUSE-SU-2017:2320-1 Security update for git

This update for git fixes the following issues: - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed bsc1052481...

[SECURITY] [DLA 1072-1] mercurial security update

Package : mercurial Version : 2.2.2-4+deb7u5 CVE ID : CVE-2017-1000115 CVE-2017-1000116 Debian Bug : 871709 871710 Two significant vulnerabilities were found in the Mercurial version control system which could lead to shell injection attacks and out-of-tree file overwrite. CVE-2017-1000115...

Updated mercurial packages fix security vulnerabilities

Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand...

MGASA-2017-0282 Updated mercurial packages fix security vulnerabilities

Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand...

PT-2017-3011

Name of the Vulnerable Software and Affected Versions Mercurial versions prior to 4.3 git-annex versions prior to 6.20170818 Description The issue is related to inadequate sanitization of hostnames passed to ssh, leading to possible shell-injection attacks. This could allow a remote attacker to...

[ASA-201708-7] mercurial: multiple issues

Arch Linux Security Advisory ASA-201708-7 ========================================= Severity: Critical Date : 2017-08-12 CVE-ID : CVE-2017-1000115 CVE-2017-1000116 Package : mercurial Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-378 Summary ======= The package...

Mercurial -- multiple vulnerabilities

Mercurial Release Notes: CVE-2017-1000115 Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository. CVE-2017-1000116 Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks on clients by specifying a...

CVE-2017-1000009

Akeneo PIM CE and EE 1.6.6, 1.5.15, 1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution...

CVE-2017-1000009

Akeneo PIM CE and EE 1.6.6, 1.5.15, 1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution...

Design/Logic Flaw

Akeneo PIM CE and EE 1.6.6, 1.5.15, 1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution...

OS Command Injection

Akeneo PIM is vulnerable to shell injection in the mass edition, resulting in remote code execution...

CVE-2017-1000009

Akeneo PIM CE and EE are affected by a shell injection vulnerability in the mass edition feature for versions < 1.6.6, < 1.5.15, and

CVE-2017-1000009

Akeneo PIM CE and EE 1.6.6, 1.5.15, 1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution...

FreeBSD : smarty3 -- shell injection in math (6e4e35c3-5fd1-11e7-9def-b499baebfeaf)

The smarty project reports : bugfix math shell injection vulnerability %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors Redistribution a...