17 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-14176
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the...
CVE-2017-14176 affecting package bzr 2.7.0-
CVE-2017-14176 affecting package bzr 2.7.0-. No patch is available currently...
RHEL 6 : bzr (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - bzr: does not strip bzr+ssh SSH options CVE-2017-14176 Note that Nessus has not tested for this issue but has inste...
Ubuntu: Security Advisory (USN-3411-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for bzr (EulerOS-SA-2021-1283)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for bzr (EulerOS-SA-2021-1180)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : bzr (EulerOS-SA-2021-1180)
According to the version of the bzr package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash charact...
SUSE-SU-2018:1489-1 Security update for bzr
Bzr was updated to fix a security issue: - CVE-2017-14176: Avoid code execution using ssh:// url injection boo1058214...
Debian: Security Advisory (DLA-1107-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Design/Logic Flaw
httptransport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176,...
Debian DSA-4052-1 : bzr - security update
Adam Collard discovered that Bazaar, an easy to use distributed version control system, did not correctly handle maliciously constructed bzr+ssh URLs, allowing a remote attacker to run an arbitrary shell command. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packag...
[SECURITY] [DSA 4052-1] bzr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4052-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 29, 2017 https://www.debian.org/security/faq -...
CVE-2017-14176
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117...
CVE-2017-14176
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117...
CVE-2017-14176
CVE-2017-14176 affects Bazaar (bzr) 2.7.0 and earlier, via a vulnerability in subprocess SSH handling when using bzr+ssh URLs with an initial dash in the hostname. Connected data confirms the issue impacts the bzr 2.7.0- series; no patch is available currently. Exploitation details are not provid...
[SECURITY] [DLA 1107-1] bzr security update
Package : bzr Version : 2.6.0bzr6526-1+deb7u1 CVE ID : CVE-2013-2099 CVE-2017-14176 Debian Bug : 709068 874429 CVE-2013-2099 Bazaar bundles SSL certificate checking code from Python, which had a bug that could cause a denial of service via resource consumption through multiple wildcards in...
CVE-2017-14176
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117...