CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

DEBIAN-CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

PYSEC-2016-29

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

Command injection

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

PYSEC-2016-29

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

UBUNTU-CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

CVE-2016-3630

CVE-2016-3630 : Mercurial versions before 3.7.3 are affected by a binary delta decoder vulnerability that could allow remote code execution via clone, push, or pull due to a list sizing rounding error and short records. Connected advisories indicate the fix is to upgrade Mercurial to 3.7.3 or new...

Debian DSA-3542-1 : mercurial - security update

Several vulnerabilities have been discovered in Mercurial, a distributed version control system. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2016-3068 Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories that could result in...

mercurial: arbitrary code execution

CVE-2016-3068 arbitrary code execution It was reported that in mercurial, there is similar vulnerability as CVE-2015-7545 in git. Git's git-remote-ext remote helper provides an ext:: URL scheme that allows running arbitrary shell commands. Mercurial allows specifying git repositories as...

[SECURITY] [DSA 3542-1] mercurial security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3542-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 05, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3542-1 (mercurial - security update)

Several vulnerabilities have been discovered in Mercurial, a distributed version control system. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-3068 Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories that could result in...

FreeBSD : Botan BER Decoder vulnerabilities (2004616d-f66c-11e5-b94c-001999f8d30b)

The botan developers reports : Excess memory allocation in BER decoder - The BER decoder would allocate a fairly arbitrary amount of memory in a length field, even if there was no chance the read request would succeed. This might cause the process to run out of memory or invoke the OOM killer...

SUSE-SU-2016:0872-1 Security update for fetchmail

This update for fetchmail fixes the following issues: - CVE-2012-3482: A denial of service vulnerability in the base64 decoder during processing server NTLM protocol exchange was fixed bsc775988...

Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks

Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=763 The LZMA specification says the following about the memory usage of decompression: "The size of the probability model counter arrays is calculated with the...

Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=763 The LZMA specification says the following about the memory usage of decompression: "The size of the probability model counter arrays is calculated with the following formula:...

Memory corruption

The Machine::Code::decoder::analysis::setref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service stack memory corruption via a crafted Graphite smart font...

CVE-2016-1977

The Machine::Code::decoder::analysis::setref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service stack memory corruption via a crafted Graphite smart font...

Memory corruption

mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, related to decoder/ih264dparseislice.c and decoder/ih264dparsepslice.c, aka internal bug 25928803...

CVE-2016-0816

mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, related to decoder/ih264dparseislice.c and decoder/ih264dparsepslice.c, aka internal bug 25928803...