Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mercurial mercurial vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2010-4237
Mercurial prior to 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.
Mercurial Mercurial
5.9
CVSSv3
CVE-2019-3902
A flaw was found in Mercurial prior to 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
Mercurial Mercurial
Redhat Enterprise Linux 7.0
Debian Debian Linux 8.0
5.3
CVSSv3
CVE-2022-43410
Jenkins Mercurial Plugin 1251.va_b_121f184902 and previous versions provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access.
Jenkins Mercurial
5.3
CVSSv3
CVE-2018-1000112
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and previous versions in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.
Jenkins Mercurial
4.3
CVSSv3
CVE-2020-2306
A missing permission check in Jenkins Mercurial Plugin 2.11 and previous versions allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations.
Jenkins Mercurial
3.3
CVSSv3
CVE-2023-5752
When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mer...
Pypa Pip
6 Github repositories
NA
CVE_2022_40684
Official Writeup - Simple CTF 2.0 Created: April 23, 2024 7:50 PM Today I completed an other room on TryHackMe with a simple file-upload vulnerability which I built. I have tried for dancing around this whole CTF machine and getting a lot of walls of challenges in the end it co...
1 Github repository
NA
CVE-2014-9462
The _validaterepo function in sshpeer in Mercurial prior to 3.2.4 allows remote malicious users to execute arbitrary commands via a crafted repository name in a clone command.
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Mercurial Mercurial
NA
CVE-2013-0757
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox prior to 18.0, Firefox ESR 17.x prior to 17.0.2, Thunderbird prior to 17.0.2, Thunderbird ESR 17.x prior to 17.0.2, and SeaMonkey prior to 2.15 does not prevent modifications to the prototype of an object, which al...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Thunderbird Esr
Opensuse Opensuse 11.4
Opensuse Opensuse 12.1
Opensuse Opensuse 12.2
Suse Linux Enterprise Desktop 10
Suse Linux Enterprise Desktop 11
Suse Linux Enterprise Server 10
Suse Linux Enterprise Server 11
Suse Linux Enterprise Software Development Kit 10
Suse Linux Enterprise Software Development Kit 11
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
2 EDB exploits
2 Metasploit modules
1 Github repository
NA
CVE-2013-0758
Mozilla Firefox prior to 18.0, Firefox ESR 10.x prior to 10.0.12 and 17.x prior to 17.0.2, Thunderbird prior to 17.0.2, Thunderbird ESR 10.x prior to 10.0.12 and 17.x prior to 17.0.2, and SeaMonkey prior to 2.15 allow remote malicious users to execute arbitrary JavaScript code wi...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Thunderbird Esr
Opensuse Opensuse 11.4
Opensuse Opensuse 12.1
Opensuse Opensuse 12.2
Suse Linux Enterprise Desktop 10
Suse Linux Enterprise Desktop 11
Suse Linux Enterprise Server 10
Suse Linux Enterprise Server 11
Suse Linux Enterprise Software Development Kit 10
Suse Linux Enterprise Software Development Kit 11
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Eus 5.9
Redhat Enterprise Linux Eus 6.3
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Server Aus 5.9
Redhat Enterprise Linux Workstation 5.0
2 EDB exploits
2 Metasploit modules
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »