37 matches found
EUVD-2017-4494
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-9800
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrar...
RHEL 5 : subversion (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - subversion: Command injection through clients via malicious svn+ssh URLs CVE-2017-9800 - The...
Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2017-1176)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM QRadar Network Security is affected by vulnerability in subversion (CVE-2017-9800)
Summary IBM QRadar Network Security has addressed vulnerability in subversion. Vulnerability Details CVEID: CVE-2017-9800 DESCRIPTION: Apache Subversion could allow a remote attacker to execute arbitrary commands on the system, caused by the connection to URLs provided by the repository. By...
Design/Logic Flaw
httptransport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176,...
Design/Logic Flaw
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117...
Arbitrary Command Execution
Dulwich is vulnerable to arbitrary command execution. When using the SSH subprocess, an attacker can use an ssh URL with the - dash character in the hostname.This is related to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117...
Debian DLA-1144-1 : git-annex security update
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117. For Debian 7...
CVE-2017-14176
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117...
EulerOS 2.0 SP1 : subversion (EulerOS-SA-2017-1175)
According to the version of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A shell command injection flaw related to the handling of 'svn+ssh' URLs has been discovered in Subversion. An attacker could use this flaw to...
Amazon Linux AMI : subversion / mod_dav_svn (ALAS-2017-883)
Command injection through clients via malicious svn+ssh URLs A shell command injection flaw related to the handling of 'svn+ssh' URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, for...
Important: subversion, mod_dav_svn
Issue Overview: Command injection through clients via malicious svn+ssh URLs A shell command injection flaw related to the handling of "svn+ssh" URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion...
CentOS 7 : subversion (CESA-2017:2480)
An update for subversion is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Fedora 25 : subversion (2017-1d1a38bdd1)
This update includes the latest stable release of Apache Subversion, version 1.9.7. Client-side bugfixes : - Fix arbitrary code execution vulnerability CVE-2017-9800 See for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...
Scientific Linux Security Update : subversion on SL7.x x86_64 (20170816)
Security Fixes : - A shell command injection flaw related to the handling of 'svn+ssh' URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, for example when performing a 'checkout' or...
CVE-2017-12976
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117...
openSUSE Security Update : subversion (openSUSE-2017-940)
This update for subversion to 1.9.7 fixes security issues and bugs. The following vulnerabilities were fixed : - CVE-2017-9800: A remote attacker could have caused svn clients to execute arbitrary code via specially crafted URLs in svn:externals and svn:sync-from-url properties. boo1051362 -...
Security update for subversion (important)
This update for subversion to 1.9.7 fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2017-9800: A remote attacker could have caused svn clients to execute arbitrary code via specially crafted URLs in svn:externals and svn:sync-from-url properties. boo1051362 -...
openSUSE: Security Advisory for subversion (openSUSE-SU-2017:2183-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...