Important: Red Hat Security Advisory: subversion security update

An update for subversion is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

FreeBSD : subversion -- Arbitrary code execution vulnerability (6e80bd9b-7e9b-11e7-abfe-90e2baa3bafc)

subversion team reports : A Subversion client sometimes connects to URLs provided by the repository. This happens in two primary cases: during 'checkout', 'export', 'update', and 'switch', when the tree being downloaded contains svn:externals properties; and when using 'svnsync sync' with one URL...

Debian DSA-3942-1 : supervisor - security update

Calum Hutton reported that the XML-RPC server in supervisor, a system for controlling process state, does not perform validation on requested XML-RPC methods, allowing an authenticated client to send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server a...

MGASA-2017-0266 Updated git packages fix security vulnerability

Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules CVE-2017-1000117...

Debian: Security Advisory (DSA-3940-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server to attack another...

CVE-2017-9800

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server to attack another...

CVE-2017-9800

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server to attack another...

CVE-2017-9800

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server to attack another...

CVE-2017-1000116

A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a "checkout" or "update" action on a sub-repository...

[SECURITY] [DSA 3934-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3934-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 10, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3932-1] subversion security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3932-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 10, 2017 https://www.debian.org/security/faq -...

UBUNTU-CVE-2017-9800

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server to attack another...

CVE-2017-11566

AppUse 4.0 allows shell command injection via a proxy field...

CVE-2017-11566

AppUse 4.0 allows shell command injection via a proxy field...

Command injection

AppUse 4.0 allows shell command injection via a proxy field...

CVE-2017-11566

AppUse 4.0 allows shell command injection via a proxy field...

CVE-2017-11566

CVE-2017-11566 concerns AppUse 4.0, where a vulnerability exists in a proxy field that enables shell command injection. The issue is documented with CVSS scores (2.0/3.1) indicating a high-severity, locally exploitable flaw that could allow complete confidentiality, integrity, and availability im...

F5 Networks BIG-IP : SSHD session.c vulnerability (K93532943)

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the 1 doauthenticated1 and 2 sessionx11req functions. CVE-2016-3115 C Tenable Network...

Fedora 26 : php-pear-PHP-CodeSniffer (2017-b85d51cc47)

Version 3.0.1 - This release contains a fix for a security advisory related to the improper handling of a shell command - A properly crafted filename would allow for arbitrary code execution when using the --filter=gitmodified command line option - All version 3 users are encouraged to upgrade to...