RHEL 9 : openssh (RHSA-2026:0693)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0693 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

EulerOS Virtualization 2.13.1 : openssh (EulerOS-SA-2025-2626)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources,...

OPENSUSE-SU-2025:20122-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2025-61984: code execution via control characters in usernames when a ProxyCommand is used bsc1251198. - CVE-2025-61985: code execution via '\0' character in ssh:// URI when a ProxyCommand is used bsc1251199...

RHEL 5 : subversion (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - subversion: Command injection through clients via malicious svn+ssh URLs CVE-2017-9800 - Svnserve in Apac...

RHEL 6 : cvs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - cvs: Command injection via malicious ssh URLs CVE-2017-12836 Note that Nessus has not tested for this issue but has...

GO-2021-0073 Arbitrary command execution in github.com/git-lfs/git-lfs

Arbitrary command execution can be triggered by improperly sanitized SSH URLs in LFS configuration files. This can be triggered by cloning a malicious repository...

SUSE SLES12 Security Update : git (SUSE-SU-2020:0992-1)

This update for git fixes the following issues : Security issue fixed : CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host bsc1168930. Non-security issue fixed : git was updated to 2.26.0 f...

Security update for git (important)

openSUSE Security Update: Security update for git Announcement ID: openSUSE-SU-2020:0123-1 Rating: important References: 1082023 1149792 1158785 1158787 1158788 1158789 1158790 1158791 1158792 1158793 1158795 Cross-References: CVE-2019-1348 CVE-2019-1349 CVE-2019-1350 CVE-2019-1351 CVE-2019-1352...

Huawei EulerOS: Security Advisory for mercurial (EulerOS-SA-2017-1217)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL MAIN 4.05 : git Vulnerability (NS-SA-2019-0120)

The remote NewStart CGSL host, running version MAIN 4.05, has git packages installed that are affected by a vulnerability: - A shell command injection flaw related to the handling of ssh URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges...

Fedora 30 : fossil (2019-f350634b40)

Update to 2.8 fixes rhbz1581180 rhbz1603993 rhbz1674893 and rhbz1524335 - Removed upstreamed patch - Bug 1524335 - CVE-2017-17459 fossil: Command injection via malicious ssh URLs fedora-all - Bug 1581180 - Update fossil version to 2.6 currently is 2.2 - Bug 1603993 - fossil: FTBFS in Fedora...

EulerOS Virtualization for ARM 64 3.0.1.0 : git (EulerOS-SA-2019-1385)

According to the versions of the git packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote...

Security update for obs-service-tar_scm (important)

openSUSE Security Update: Security update for obs-service-tarscm Announcement ID: openSUSE-SU-2019:0329-1 Rating: important References: 1076410 1082696 1105361 1107507 1107944 Cross-References: CVE-2018-12473 CVE-2018-12474 CVE-2018-12476 Affected Products: openSUSE Backports SLE-15 An update tha...

Debian: Security Advisory (DLA-1068-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2018-0042 Updated fossil packages fix security vulnerability

Client-side code execution via crafted "ssh://" URLs CVE-2017-17459...

Updated fossil packages fix security vulnerability

Client-side code execution via crafted "ssh://" URLs CVE-2017-17459...

Remote Command Execution (RCE)

github.com/git-lfs/git-lfs is vulnerable to remote code execution RCE attacks. The application does not sanitize ssh:// URLs passed to it, allowing a malicious user to execute arbitrary commands...

GitHub Git LFS Arbitrary Command Execution Vulnerability

GitHub Git LFS is a U.S. GitHub company developed an open source project . GitHub Git LFS for version control of large files in the open source Git extension . An arbitrary command execution vulnerability exists in GitHub Git LFS versions prior to 2.1.1. The vulnerability can be exploited by remo...

openSUSE Security Update : fossil (openSUSE-2017-1365)

This update for fossil to version 2.4 fixes the following issues : - CVE-2017-17459: Client-side code execution via crafted 'ssh://' URLs bsc1071709 The impact of this vulnerability is more limited than similar vectors fixed in other SCMs, as there is no known way to mask the repository URL or...

[SECURITY] [DSA 4010-1] git-annex security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4010-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 30, 2017 https://www.debian.org/security/faq -...