934 matches found
mercurial -- multiple issues
mercurial developers reports: Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks...
CVE-2017-1000116
Mercurial prior to 4.3 is affected by CVE-2017-1000116 due to inadequate sanitization of SSH hostnames, enabling possible shell-injection via crafted ssh URLs. This is a network‑based, high‑impact issue (per CVSS), with references noting fixes in Mercurial 4.3.1/4.3.2 (see release notes in the re...
CVE-2017-1000116
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks...
CVE-2017-1000116
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks...
CVE-2017-1000116
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks...
TerraMaster TOS shell metacharacter injection vulnerability
TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization. A security vulnerability exists in the /usr/www/include/ajax/GetTest.php file in...
CVE-2017-9328
Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root...
Updated mercurial package fixes security vulnerabilities
Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand...
MGASA-2017-0331 Updated mercurial package fixes security vulnerabilities
Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand...
openSUSE Security Update : git (openSUSE-2017-988)
This update for git fixes the following issues : - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed bsc1052481 This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C...
openSUSE: Security Advisory for git (openSUSE-SU-2017:2331-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for git (important)
This update for git fixes the following issues: - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed bsc1052481 This update was imported from the SUSE:SLE-12:Update update project...
UBUNTU-CVE-2017-14100
In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The appminivm module has an "externnotify" program configuration option that is executed by the...
Debian DLA-1072-1 : mercurial security update
Two significant vulnerabilities were found in the Mercurial version control system which could lead to shell injection attacks and out-of-tree file overwrite. CVE-2017-1000115 Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository...
SUSE-SU-2017:2320-1 Security update for git
This update for git fixes the following issues: - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed bsc1052481...
[SECURITY] [DLA 1072-1] mercurial security update
Package : mercurial Version : 2.2.2-4+deb7u5 CVE ID : CVE-2017-1000115 CVE-2017-1000116 Debian Bug : 871709 871710 Two significant vulnerabilities were found in the Mercurial version control system which could lead to shell injection attacks and out-of-tree file overwrite. CVE-2017-1000115...
MGASA-2017-0282 Updated mercurial packages fix security vulnerabilities
Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand...
Updated mercurial packages fix security vulnerabilities
Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand...
PT-2017-3011
Name of the Vulnerable Software and Affected Versions Mercurial versions prior to 4.3 git-annex versions prior to 6.20170818 Description The issue is related to inadequate sanitization of hostnames passed to ssh, leading to possible shell-injection attacks. This could allow a remote attacker to...
[ASA-201708-7] mercurial: multiple issues
Arch Linux Security Advisory ASA-201708-7 ========================================= Severity: Critical Date : 2017-08-12 CVE-ID : CVE-2017-1000115 CVE-2017-1000116 Package : mercurial Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-378 Summary ======= The package...