CVE-2022-21187

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...

Command Injection in meta-git

All versions of meta-git are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The clone command is vulnerable through the branch name. Recommendation No fix is currently...

GHSA-QCFF-FFX3-M25C Command Injection in meta-git

All versions of meta-git are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The clone command is vulnerable through the branch name. Recommendation No fix is currently...

Command Injection

Overview All versions of meta-git are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The clone command is vulnerable through the branch name. Recommendation No fix is...

CVE-2019-13139

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git...

ALPINE-CVE-2017-1000117

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim...

CVE-2017-1000117

CVE-2017-1000117 is a command-injection vulnerability in Git caused by insufficient validation of ssh:// URL handling, enabling arbitrary code execution when a malicious URL is processed (e.g., via git clone --recurse-submodules or a crafted .gitmodules). The connected advisories confirm the issu...

PYSEC-2016-29

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

CVE-2014-9462

The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command...

DEBIAN-CVE-2014-9462

The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command...

CVE-2014-9462

The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command...

Command injection

The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command...

PYSEC-2015-14

The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command...

CVE-2014-9462

The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command...

Ubuntu Update for linux-mvl-dove USN-1415-1

Ubuntu Update for Linux kernel vulnerabilities USN-1415-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN14151.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for linux-mvl-dove USN-1415-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.n...

Ubuntu Update for linux-mvl-dove USN-1415-1

Ubuntu Update for Linux kernel vulnerabilities USN-1415-1 SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Ubuntu 10.10 : linux-mvl-dove vulnerability (USN-1415-1)

Louis Rilling discovered a flaw in Linux kernel's clone command when CLONEIO is specified. An unprivileged local user could exploit this to cause a denial of service. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Ubuntu Security Notice...

Ubuntu Update for linux-ec2 USN-1410-1

Ubuntu Update for Linux kernel vulnerabilities USN-1410-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN14101.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for linux-ec2 USN-1410-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net Th...

Ubuntu Update for linux USN-1411-1

Ubuntu Update for Linux kernel vulnerabilities USN-1411-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN14111.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for linux USN-1411-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu: Security Advisory (USN-1411-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...