835 matches found
Design/Logic Flaw
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...
CVE-2017-12836
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...
CVE-2017-12836
CVE-2017-12836 affects CVS 1.12.x when configured to use SSH for remote repositories. A remote attacker can supply a repository URL with a crafted hostname (for example, a string that triggers -oProxyCommand) to cause arbitrary code execution on the target. This is evidenced by cross-references i...
CVE-2017-12836
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...
Ubuntu 14.04 LTS / 16.04 LTS : cvs vulnerability (USN-3399-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3399-1 advisory. Hank Leininger discovered that cvs did not properly handle SSH for remote repositories. A remote attacker could use this to construct a cvs repository...
USN-3399-1: cvs vulnerability
Hank Leininger discovered that cvs did not properly handle SSH for remote repositories. A remote attacker could use this to construct a cvs repository that when accessed could run arbitrary code with the privileges of the user...
Updated cvs package fixes security vulnerability
It was discovered that CVS, a centralised version control system, did not correctly handle maliciously constructed repository URLs, which allowed an attacker to run an arbitrary shell command CVE-2017-12836...
MGASA-2017-0284 Updated cvs package fixes security vulnerability
It was discovered that CVS, a centralised version control system, did not correctly handle maliciously constructed repository URLs, which allowed an attacker to run an arbitrary shell command CVE-2017-12836...
[SECURITY] Fedora 26 Update: subversion-1.9.7-1.fc26
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...
Debian DSA-3940-1 : cvs - security update
It was discovered that CVS, a centralised version control system, did not correctly handle maliciously constructed repository URLs, which allowed an attacker to run an arbitrary shell command. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
Debian DLA-1056-1 : cvs security update
It was discovered that there was a command injection vulnerability in the CVS revision control system. For Debian 7 'Wheezy', this issue has been fixed in cvs version 2:1.12.13+real-9+deb7u1. We recommend that you upgrade your cvs packages. Thanks to Thorsten Glaser for preparing and testing this...
[SECURITY] [DLA 1056-1] cvs security update
Package : cvs Version : 2:1.12.13+real-9+deb7u1 CVE ID : CVE-2017-12836 Debian Bug : 871810 It was discovered that there was a command injection vulnerability in the CVS revision control system. For Debian 7 "Wheezy", this issue has been fixed in cvs version 2:1.12.13+real-9+deb7u1. We recommend...
[SECURITY] [DSA 3940-1] cvs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3940-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 13, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3940-1] cvs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3940-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 13, 2017 https://www.debian.org/security/faq -...
DLA-1056-1 cvs - security update
Bulletin has no description...
DSA-3940-1 cvs - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3940-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-12836
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...
cvs -- Remote code execution via ssh command injection
Hank Leininger reports: Bugs in Git, Subversion, and Mercurial were just announced and patched which allowed arbitrary local command execution if a malicious name was used for the remote server, such as starting with - to pass options to the ssh client: git clone...
AIX NTP v3 Advisory : ntp_advisory7.asc (IV87614) (IV87419) (IV87615) (IV87420) (IV87939)
The version of NTP installed on the remote AIX host is affected by the following vulnerabilities : - A time serving flaw exists in the trusted key system due to improper key checks. An authenticated, remote attacker can exploit this to perform impersonation attacks between authenticated peers...