Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mercurial mercurial vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2018-13346
The mpatch_apply function in mpatch.c in Mercurial prior to 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
Mercurial Mercurial
668
VMScore
CVE-2018-13347
mpatch.c in Mercurial prior to 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
Mercurial Mercurial
445
VMScore
CVE-2018-13348
The mpatch_decode function in mpatch.c in Mercurial prior to 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.
Mercurial Mercurial
445
VMScore
CVE-2008-4297
Mercurial prior to 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote malicious users to read arbitrary files from a repository via an "hg pull" request.
Mercurial Mercurial
383
VMScore
CVE-2010-4237
Mercurial prior to 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.
Mercurial Mercurial
570
VMScore
CVE-2018-17983
cext/manifest.c in Mercurial prior to 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
Mercurial Mercurial
605
VMScore
CVE-2008-2942
Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted malicious users to modify arbitrary files via ".." (dot dot) sequences in a patch file.
Mercurial Mercurial 1.0.1
605
VMScore
CVE-2016-3105
The convert extension in Mercurial prior to 3.8 might allow context-dependent malicious users to execute arbitrary code via a crafted git repository name.
Debian Debian Linux 8.0
Mercurial Mercurial
668
VMScore
CVE-2014-9462
The _validaterepo function in sshpeer in Mercurial prior to 3.2.4 allows remote malicious users to execute arbitrary commands via a crafted repository name in a clone command.
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Mercurial Mercurial
570
VMScore
CVE-2018-1000132
Mercurial version 4.5 and previous versions contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in ...
Mercurial Mercurial
Debian Debian Linux 7.0
Debian Debian Linux 8.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »