Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mercurial mercurial vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-13347
mpatch.c in Mercurial prior to 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
Mercurial Mercurial
7.5
CVSSv3
CVE-2018-13348
The mpatch_decode function in mpatch.c in Mercurial prior to 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.
Mercurial Mercurial
7.5
CVSSv3
CVE-2018-13346
The mpatch_apply function in mpatch.c in Mercurial prior to 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
Mercurial Mercurial
8.8
CVSSv3
CVE-2018-5226
There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code...
Atlassian Sourcetree
7.2
CVSSv3
CVE-2018-5223
Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on...
Atlassian Fisheye
Atlassian Crucible
8.8
CVSSv3
CVE-2018-5224
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Merc...
Atlassian Bamboo
9.1
CVSSv3
CVE-2018-1000132
Mercurial version 4.5 and previous versions contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in ...
Mercurial Mercurial
Debian Debian Linux 7.0
Debian Debian Linux 8.0
5.3
CVSSv3
CVE-2018-1000112
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and previous versions in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.
Jenkins Mercurial
8.8
CVSSv3
CVE-2017-14592
Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4...
Atlassian Sourcetree 1.0
Atlassian Sourcetree
8.8
CVSSv3
CVE-2017-14593
Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version...
Atlassian Sourcetree
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »