Show filters
24 Total Results
Displaying 21-24 of 24
Sort by:
Attacker Value
Unknown

CVE-2016-3069

Disclosure Date: April 13, 2016 (last updated November 25, 2024)
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
0
0
Attacker Value
Unknown

CVE-2014-9462

Disclosure Date: March 31, 2015 (last updated October 05, 2023)
The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.
0
0
Attacker Value
Unknown

CVE-2008-4297

Disclosure Date: September 27, 2008 (last updated October 04, 2023)
Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.
0
0
Attacker Value
Unknown

CVE-2008-2942

Disclosure Date: June 30, 2008 (last updated October 04, 2023)
Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file.
0
0
View More Topics  < Previous