Lucene search
K

29 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2017-1000116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell- injection attacks. CVE-2017-1000116 Note that Nessus reli...

10CVSS6.9AI score0.05734EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/07/22 12:0 a.m.23 views

Photon OS 1.0: Mercurial PHSA-2017-0038

An update of the mercurial package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0038. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

10CVSS7.7AI score0.05734EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.2 views

SUSE CVE-2017-1000116

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks...

8.5CVSS9.5AI score0.05734EPSS
Exploits1References11
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.31 views

Huawei EulerOS: Security Advisory for mercurial (EulerOS-SA-2017-1218)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.9AI score0.05734EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2018/02/06 12:0 a.m.86 views

Debian: Security Advisory (DLA-1072-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.1AI score0.05734EPSS
Exploits1References3
Prion
Prion
added 2017/12/07 6:29 p.m.41 views

Design/Logic Flaw

httptransport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176,...

9.3CVSS8.6AI score0.77823EPSS
Exploits12References4Affected Software1
Prion
Prion
added 2017/11/27 10:29 a.m.38 views

Design/Logic Flaw

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117...

9.3CVSS8.6AI score0.77823EPSS
Exploits12References7Affected Software3
Veracode
Veracode
added 2017/10/30 12:47 a.m.39 views

Arbitrary Command Execution

Dulwich is vulnerable to arbitrary command execution. When using the SSH subprocess, an attacker can use an ssh URL with the - dash character in the hostname.This is related to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117...

9.8CVSS8.4AI score0.77823EPSS
Exploits12References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/10/30 12:0 a.m.51 views

Debian DLA-1144-1 : git-annex security update

git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117. For Debian 7...

10CVSS7.3AI score0.77823EPSS
Exploits12References3
UbuntuCve
UbuntuCve
added 2017/10/05 1:29 a.m.40 views

CVE-2017-1000116

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks...

10CVSS6.8AI score0.05734EPSS
Exploits1References13
OpenVAS
OpenVAS
added 2017/10/05 12:0 a.m.73 views

Fedora Update for mercurial FEDORA-2017-fa1d8ad61a

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.9AI score0.05734EPSS
Exploits1References2
Cvelist
Cvelist
added 2017/10/04 1:0 a.m.32 views

CVE-2017-1000116

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks...

9.2AI score0.05734EPSS
Exploits1References5
CVE
CVE
added 2017/10/04 1:0 a.m.158 views

CVE-2017-1000116

Mercurial prior to 4.3 is affected by CVE-2017-1000116 due to inadequate sanitization of SSH hostnames, enabling possible shell-injection via crafted ssh URLs. This is a network‑based, high‑impact issue (per CVSS), with references noting fixes in Mercurial 4.3.1/4.3.2 (see release notes in the re...

10CVSS9AI score0.05734EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/09/29 12:0 a.m.32 views

Fedora 25 : mercurial (2017-fa1d8ad61a)

Security fix for CVE-2017-1000115, CVE-2017-1000116 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

10CVSS7AI score0.05734EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2017/09/11 12:0 a.m.44 views

EulerOS 2.0 SP1 : mercurial (EulerOS-SA-2017-1217)

According to the versions of the mercurial package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a serie...

10CVSS7.2AI score0.05734EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2017/09/11 12:0 a.m.34 views

EulerOS 2.0 SP2 : mercurial (EulerOS-SA-2017-1218)

According to the versions of the mercurial package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a serie...

10CVSS7.2AI score0.05734EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2017/09/05 12:0 a.m.45 views

Debian DSA-3963-1 : mercurial - security update

Several issues were discovered in Mercurial, a distributed revision control system. - CVE-2017-9462 fixed in stretch only Jonathan Claudius of Mozilla discovered that repositories served over stdio could be tricked into granting authorized users access to the Python debugger. - CVE-2017-1000115...

10CVSS7.2AI score0.21512EPSS
Exploits2References12
Debian
Debian
added 2017/09/04 7:5 a.m.42 views

[SECURITY] [DSA 3963-1] mercurial security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3963-1 [email protected] https://www.debian.org/security/ Sebastien Delafond September 04, 2017 https://www.debian.org/security/faq -...

10CVSS9.6AI score0.21512EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2017/09/01 12:0 a.m.33 views

Debian DLA-1072-1 : mercurial security update

Two significant vulnerabilities were found in the Mercurial version control system which could lead to shell injection attacks and out-of-tree file overwrite. CVE-2017-1000115 Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository...

10CVSS7.2AI score0.18892EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2017/09/01 12:0 a.m.34 views

CentOS 7 : mercurial (CESA-2017:2489)

An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

10CVSS7AI score0.05734EPSS
Exploits1References3
Rows per page
Query Builder