Download
| Alert*
oval:org.secpod.oval:def:205349
Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * mercurial: Buffer underflow in mpatch.c:mpatch_apply * mercurial: HTTP server permissions bypass * mercurial: Missing check for fragment start posit ... oval:org.secpod.oval:def:1800491 mercurial is installed oval:org.secpod.oval:def:503238 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * mercurial: Buffer underflow in mpatch.c:mpatch_apply * mercurial: HTTP server permissions bypass * mercurial: Missing check for fragment start posit ... oval:org.secpod.oval:def:110388 mercurial is installed oval:org.secpod.oval:def:204535 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use ... oval:org.secpod.oval:def:203924 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a sp ... oval:org.secpod.oval:def:41289 mercurial sub packages are installed oval:org.secpod.oval:def:113274 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects oval:org.secpod.oval:def:1501971 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:113103 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects oval:org.secpod.oval:def:1600772 A shell command injection flaw related to the handling of quot;sshquot; URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a quot;checkoutquot; or quot;updatequot; action on ... oval:org.secpod.oval:def:1800490 CVE-2017-9462: Python debugger accessible to authorized users In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. oval:org.secpod.oval:def:502128 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a series of com ... oval:org.secpod.oval:def:1800673 CVE-2017-1000115: Mercurial"s symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository. oval:org.secpod.oval:def:1800652 CVE-2017-9462: Python debugger accessible to authorized users In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. oval:org.secpod.oval:def:1600368 It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code. The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to exe ... oval:org.secpod.oval:def:110390 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects oval:org.secpod.oval:def:1501444 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a sp ... oval:org.secpod.oval:def:501814 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a sp ... oval:org.secpod.oval:def:1501907 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501908 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502056 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use ... oval:org.secpod.oval:def:204532 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use ... oval:org.secpod.oval:def:112497 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects oval:org.secpod.oval:def:1600730 Python debugger accessible to authorized users:A flaw was found in the way hg serve --stdio command in Mercurial handled command-line options. A remote, authenticated attacker could use this flaw to execute arbitrary code on the Mercurial server by using specially crafted command-line options oval:org.secpod.oval:def:112490 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects |