29 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-1000116
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell- injection attacks. CVE-2017-1000116 Note that Nessus reli...
Photon OS 1.0: Mercurial PHSA-2017-0038
An update of the mercurial package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0038. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
SUSE CVE-2017-1000116
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks...
Huawei EulerOS: Security Advisory for mercurial (EulerOS-SA-2017-1218)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-1072-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Design/Logic Flaw
httptransport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176,...
Design/Logic Flaw
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117...
Arbitrary Command Execution
Dulwich is vulnerable to arbitrary command execution. When using the SSH subprocess, an attacker can use an ssh URL with the - dash character in the hostname.This is related to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117...
Debian DLA-1144-1 : git-annex security update
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117. For Debian 7...
CVE-2017-1000116
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks...
Fedora Update for mercurial FEDORA-2017-fa1d8ad61a
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-1000116
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks...
CVE-2017-1000116
Mercurial prior to 4.3 is affected by CVE-2017-1000116 due to inadequate sanitization of SSH hostnames, enabling possible shell-injection via crafted ssh URLs. This is a network‑based, high‑impact issue (per CVSS), with references noting fixes in Mercurial 4.3.1/4.3.2 (see release notes in the re...
Fedora 25 : mercurial (2017-fa1d8ad61a)
Security fix for CVE-2017-1000115, CVE-2017-1000116 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
EulerOS 2.0 SP1 : mercurial (EulerOS-SA-2017-1217)
According to the versions of the mercurial package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a serie...
EulerOS 2.0 SP2 : mercurial (EulerOS-SA-2017-1218)
According to the versions of the mercurial package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a serie...
Debian DSA-3963-1 : mercurial - security update
Several issues were discovered in Mercurial, a distributed revision control system. - CVE-2017-9462 fixed in stretch only Jonathan Claudius of Mozilla discovered that repositories served over stdio could be tricked into granting authorized users access to the Python debugger. - CVE-2017-1000115...
[SECURITY] [DSA 3963-1] mercurial security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3963-1 [email protected] https://www.debian.org/security/ Sebastien Delafond September 04, 2017 https://www.debian.org/security/faq -...
Debian DLA-1072-1 : mercurial security update
Two significant vulnerabilities were found in the Mercurial version control system which could lead to shell injection attacks and out-of-tree file overwrite. CVE-2017-1000115 Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository...
CentOS 7 : mercurial (CESA-2017:2489)
An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...