Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mercurial vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2008-4297
Mercurial prior to 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote malicious users to read arbitrary files from a repository via an "hg pull" request.
Mercurial Mercurial
445
VMScore
CVE-2018-13346
The mpatch_apply function in mpatch.c in Mercurial prior to 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
Mercurial Mercurial
668
VMScore
CVE-2018-13347
mpatch.c in Mercurial prior to 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
Mercurial Mercurial
445
VMScore
CVE-2018-13348
The mpatch_decode function in mpatch.c in Mercurial prior to 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.
Mercurial Mercurial
570
VMScore
CVE-2018-17983
cext/manifest.c in Mercurial prior to 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
Mercurial Mercurial
383
VMScore
CVE-2010-4237
Mercurial prior to 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.
Mercurial Mercurial
605
VMScore
CVE-2008-2942
Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted malicious users to modify arbitrary files via ".." (dot dot) sequences in a patch file.
Mercurial Mercurial 1.0.1
605
VMScore
CVE-2016-3105
The convert extension in Mercurial prior to 3.8 might allow context-dependent malicious users to execute arbitrary code via a crafted git repository name.
Debian Debian Linux 8.0
Mercurial Mercurial
668
VMScore
CVE-2014-9462
The _validaterepo function in sshpeer in Mercurial prior to 3.2.4 allows remote malicious users to execute arbitrary commands via a crafted repository name in a clone command.
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Mercurial Mercurial
516
VMScore
CVE-2019-3902
A flaw was found in Mercurial prior to 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
Mercurial Mercurial
Redhat Enterprise Linux 7.0
Debian Debian Linux 8.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »