Lucene search
+L

835 matches found

Prion
Prion
added 2017/08/24 2:29 p.m.23 views

Design/Logic Flaw

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...

5.1CVSS8.2AI score0.05968EPSS
Exploits1References8Affected Software3
Cvelist
Cvelist
added 2017/08/24 2:0 p.m.44 views

CVE-2017-12836

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...

7.9AI score0.05968EPSS
Exploits1References8
CVE
CVE
added 2017/08/24 2:0 p.m.135 views

CVE-2017-12836

CVE-2017-12836 affects CVS 1.12.x when configured to use SSH for remote repositories. A remote attacker can supply a repository URL with a crafted hostname (for example, a string that triggers -oProxyCommand) to cause arbitrary code execution on the target. This is evidenced by cross-references i...

7.5CVSS7.8AI score0.05968EPSS
Exploits1References8Affected Software1
AlpineLinux
AlpineLinux
added 2017/08/24 2:0 p.m.90 views

CVE-2017-12836

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...

7.5CVSS8AI score0.05968EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2017/08/22 12:0 a.m.30 views

Ubuntu 14.04 LTS / 16.04 LTS : cvs vulnerability (USN-3399-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3399-1 advisory. Hank Leininger discovered that cvs did not properly handle SSH for remote repositories. A remote attacker could use this to construct a cvs repository...

7.5CVSS7.1AI score0.05968EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2017/08/21 2:19 p.m.68 views

USN-3399-1: cvs vulnerability

Hank Leininger discovered that cvs did not properly handle SSH for remote repositories. A remote attacker could use this to construct a cvs repository that when accessed could run arbitrary code with the privileges of the user...

7.5CVSS6.8AI score0.05968EPSS
Exploits1
Mageia
Mageia
added 2017/08/19 10:16 a.m.40 views

Updated cvs package fixes security vulnerability

It was discovered that CVS, a centralised version control system, did not correctly handle maliciously constructed repository URLs, which allowed an attacker to run an arbitrary shell command CVE-2017-12836...

7.5CVSS4.7AI score0.05968EPSS
Exploits1References2
OSV
OSV
added 2017/08/19 10:16 a.m.9 views

MGASA-2017-0284 Updated cvs package fixes security vulnerability

It was discovered that CVS, a centralised version control system, did not correctly handle maliciously constructed repository URLs, which allowed an attacker to run an arbitrary shell command CVE-2017-12836...

7.5CVSS8.6AI score0.05968EPSS
Exploits1References3
Fedora
Fedora
added 2017/08/14 9:55 p.m.39 views

[SECURITY] Fedora 26 Update: subversion-1.9.7-1.fc26

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

9.8CVSS2.5AI score0.18892EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2017/08/14 12:0 a.m.30 views

Debian DSA-3940-1 : cvs - security update

It was discovered that CVS, a centralised version control system, did not correctly handle maliciously constructed repository URLs, which allowed an attacker to run an arbitrary shell command. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

7.5CVSS6.9AI score0.05968EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2017/08/14 12:0 a.m.32 views

Debian DLA-1056-1 : cvs security update

It was discovered that there was a command injection vulnerability in the CVS revision control system. For Debian 7 'Wheezy', this issue has been fixed in cvs version 2:1.12.13+real-9+deb7u1. We recommend that you upgrade your cvs packages. Thanks to Thorsten Glaser for preparing and testing this...

7.5CVSS6.6AI score0.05968EPSS
Exploits1References3
Debian
Debian
added 2017/08/13 6:28 p.m.64 views

[SECURITY] [DLA 1056-1] cvs security update

Package : cvs Version : 2:1.12.13+real-9+deb7u1 CVE ID : CVE-2017-12836 Debian Bug : 871810 It was discovered that there was a command injection vulnerability in the CVS revision control system. For Debian 7 "Wheezy", this issue has been fixed in cvs version 2:1.12.13+real-9+deb7u1. We recommend...

7.5CVSS8AI score0.05968EPSS
Exploits1
Debian
Debian
added 2017/08/13 9:10 a.m.35 views

[SECURITY] [DSA 3940-1] cvs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3940-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 13, 2017 https://www.debian.org/security/faq -...

7.5CVSS8.1AI score0.05968EPSS
Exploits1
Debian
Debian
added 2017/08/13 9:10 a.m.29 views

[SECURITY] [DSA 3940-1] cvs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3940-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 13, 2017 https://www.debian.org/security/faq -...

5.1CVSS2.5AI score0.05968EPSS
Exploits1
OSV
OSV
added 2017/08/13 12:0 a.m.29 views

DLA-1056-1 cvs - security update

Bulletin has no description...

7.5CVSS7.6AI score0.05968EPSS
Exploits1
OSV
OSV
added 2017/08/13 12:0 a.m.33 views

DSA-3940-1 cvs - security update

Bulletin has no description...

7.5CVSS7.6AI score0.05968EPSS
Exploits1
OpenVAS
OpenVAS
added 2017/08/12 12:0 a.m.17 views

Debian: Security Advisory (DSA-3940-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.05968EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2017/08/11 10:48 p.m.37 views

CVE-2017-12836

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...

7.5CVSS6.9AI score0.05968EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2017/08/10 12:0 a.m.45 views

cvs -- Remote code execution via ssh command injection

Hank Leininger reports: Bugs in Git, Subversion, and Mercurial were just announced and patched which allowed arbitrary local command execution if a malicious name was used for the remote server, such as starting with - to pass options to the ssh client: git clone...

7.5CVSS7.8AI score0.05968EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2017/08/03 12:0 a.m.58 views

AIX NTP v3 Advisory : ntp_advisory7.asc (IV87614) (IV87419) (IV87615) (IV87420) (IV87939)

The version of NTP installed on the remote AIX host is affected by the following vulnerabilities : - A time serving flaw exists in the trusted key system due to improper key checks. An authenticated, remote attacker can exploit this to perform impersonation attacks between authenticated peers...

7.7CVSS6.3AI score0.15081EPSS
Exploits3References7
Rows per page
Query Builder