Lucene search
K

11 matches found

vulnersOsv
vulnersOsv
added 2022/05/13 1:44 a.m.8 views

kyber-k8s (>=0.0.0 <=0.8.0rc2) potentially affected by CVE-2017-16228 via dulwich (=0.16.3)

dulwich PYPI version =0.16.3 is affected by a known vulnerability. The following packages have a transitive dependency on dulwich and may be impacted: - kyber-k8s =0.0.0, =0.8.0rc2 Source cves: CVE-2017-16228 Source advisory: OSV:GHSA-CWWH-4382-6FWR...

9.8CVSS7.2AI score0.03394EPSS
Exploits0
Mageia
Mageia
added 2018/11/11 9:39 p.m.41 views

Updated python-dulwich packages fix security vulnerability

Dulwich, when an SSH subprocess is used, allowed remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname CVE-2017-16228...

9.8CVSS6.8AI score0.03394EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/08/07 12:0 a.m.23 views

openSUSE Security Update : python-dulwich (openSUSE-2018-801)

This update for python-dulwich to version 0.18.5 fixes this security issue : - CVE-2017-16228: Dulwich, when an SSH subprocess is used, allowed remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname bsc1066430. For detailed changes please see...

9.8CVSS7.5AI score0.03394EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2018/08/06 3:16 p.m.96 views

Security update for python-dulwich (moderate)

This update for python-dulwich to version 0.18.5 fixes this security issue: - CVE-2017-16228: Dulwich, when an SSH subprocess is used, allowed remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname bsc1066430. For detailed changes please see...

7.5CVSS3.5AI score0.03394EPSS
Exploits0References1
OSV
OSV
added 2018/07/24 7:20 a.m.3 views

SUSE-SU-2018:2047-1 Security update for python-dulwich

This update for python-dulwich to version 0.18.5 fixes this security issue: - CVE-2017-16228: Dulwich, when an SSH subprocess is used, allowed remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname bsc1066430. For detailed changes please see...

9.8CVSS9.8AI score0.03394EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/01/15 12:0 a.m.30 views

Fedora 27 : python-dulwich (2017-5dd9b12179)

Update to 0.18.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

9.8CVSS7AI score0.03394EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2017/12/16 12:0 a.m.18 views

Fedora Update for python-dulwich FEDORA-2017-5dd9b12179

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.3AI score0.03394EPSS
Exploits0References2
Prion
Prion
added 2017/12/07 6:29 p.m.41 views

Design/Logic Flaw

httptransport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176,...

9.3CVSS8.6AI score0.77823EPSS
Exploits12References4Affected Software1
Prion
Prion
added 2017/11/27 10:29 a.m.38 views

Design/Logic Flaw

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117...

9.3CVSS8.6AI score0.77823EPSS
Exploits12References7Affected Software3
RedhatCVE
RedhatCVE
added 2017/11/03 2:19 p.m.39 views

CVE-2017-16228

Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117...

10CVSS7.3AI score0.77823EPSS
Exploits12References1
CVE
CVE
added 2017/10/29 8:0 p.m.192 views

CVE-2017-16228

Summary (CVE-2017-16228) : Dulwich up to version 0.18.5 is vulnerable when an SSH subprocess is used and an ssh URL with an initial dash in the hostname is processed, allowing remote command execution. The issue stems from inadequate validation of ssh URLs, enabling an attacker-controlled hostnam...

9.8CVSS9.2AI score0.03394EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder