Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mercurial mercurial vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2008-4297
Mercurial prior to 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote malicious users to read arbitrary files from a repository via an "hg pull" request.
Mercurial Mercurial
7.5
CVSSv2
CVE-2018-13347
mpatch.c in Mercurial prior to 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
Mercurial Mercurial
6.4
CVSSv2
CVE-2018-17983
cext/manifest.c in Mercurial prior to 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
Mercurial Mercurial
4.3
CVSSv2
CVE-2010-4237
Mercurial prior to 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.
Mercurial Mercurial
5
CVSSv2
CVE-2018-13346
The mpatch_apply function in mpatch.c in Mercurial prior to 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
Mercurial Mercurial
5
CVSSv2
CVE-2018-13348
The mpatch_decode function in mpatch.c in Mercurial prior to 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.
Mercurial Mercurial
6.8
CVSSv2
CVE-2008-2942
Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted malicious users to modify arbitrary files via ".." (dot dot) sequences in a patch file.
Mercurial Mercurial 1.0.1
6.8
CVSSv2
CVE-2016-3105
The convert extension in Mercurial prior to 3.8 might allow context-dependent malicious users to execute arbitrary code via a crafted git repository name.
Debian Debian Linux 8.0
Mercurial Mercurial
7.5
CVSSv2
CVE-2014-9462
The _validaterepo function in sshpeer in Mercurial prior to 3.2.4 allows remote malicious users to execute arbitrary commands via a crafted repository name in a clone command.
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Mercurial Mercurial
5.8
CVSSv2
CVE-2019-3902
A flaw was found in Mercurial prior to 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
Mercurial Mercurial
Redhat Enterprise Linux 7.0
Debian Debian Linux 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »