Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mercurial mercurial vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2016-3105
The convert extension in Mercurial prior to 3.8 might allow context-dependent malicious users to execute arbitrary code via a crafted git repository name.
Debian Debian Linux 8.0
Mercurial Mercurial
6.8
CVSSv2
CVE-2016-3630
The binary delta decoder in Mercurial prior to 3.7.3 allows remote malicious users to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Opensuse Leap 42.1
Mercurial Mercurial
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Suse Linux Enterprise Software Development Kit 12
Suse Linux Enterprise Software Development Kit 11
Suse Linux Enterprise Debuginfo 11
Opensuse Opensuse 13.2
6.8
CVSSv2
CVE-2008-2942
Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted malicious users to modify arbitrary files via ".." (dot dot) sequences in a patch file.
Mercurial Mercurial 1.0.1
6.5
CVSSv2
CVE-2022-29184
GoCD is a continuous delivery server. In GoCD versions before 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configuration repositories to get remote code execution capability on the GoCD server via co...
Thoughtworks Gocd
6.5
CVSSv2
CVE-2022-23915
The package weblate from 0 and prior to 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution.
Weblate Weblate
6.5
CVSSv2
CVE-2021-29472
Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. ...
Getcomposer Composer
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
6.5
CVSSv2
CVE-2018-5226
There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code...
Atlassian Sourcetree
6.5
CVSSv2
CVE-2018-5223
Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on...
Atlassian Fisheye
Atlassian Crucible
6.4
CVSSv2
CVE-2018-17983
cext/manifest.c in Mercurial prior to 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
Mercurial Mercurial
6.4
CVSSv2
CVE-2018-1000132
Mercurial version 4.5 and previous versions contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in ...
Mercurial Mercurial
Debian Debian Linux 7.0
Debian Debian Linux 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »