Lucene search
+L

21 matches found

euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-17009

Malware in sbrugna...

8.8CVSS8.8AI score0.01463EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-5330

Malware in sbrugna...

8.1CVSS8.2AI score0.01591EPSS
Exploits1References2
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-12801

Malware in sbrugna...

9CVSS8.8AI score0.06686EPSS
Exploits0References5
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-17007

Malware in sbrugna...

9CVSS8.8AI score0.02822EPSS
Exploits1References4
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0829

Malware in sbrugna...

8.8CVSS8.8AI score0.04849EPSS
Exploits1References18
bdu_fstec
bdu_fstec
added 2024/06/28 12:0 a.m.6 views

The vulnerability of the Branch Name Handler component of the PHP Composer dependency manager allows a attacker to execute arbitrary commands.

The vulnerability of the Branch Name Handler component in the PHP Composer dependency manager is related to the use of the composer install command executed within the git/hg repository. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS8AI score0.03282EPSS
Exploits0References10Affected Software4
osv
osv
added 2024/06/10 10:15 p.m.3 views

DEBIAN-CVE-2024-35242

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are availab...

8.8CVSS7.9AI score0.03282EPSS
Exploits0References1
debiancve
debiancve
added 2024/06/10 9:23 p.m.22 views

CVE-2024-35242

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are availab...

8.8CVSS7.3AI score0.03282EPSS
Exploits0
redhat
redhat
added 2024/06/10 6:41 p.m.5 views

pip: Mercurial configuration injectable in repo revision when installing via pip

A flaw was found in the Python pip package. The pip could allow a local authenticated attacker to bypass security restrictions due to a flaw when installing a package from a Mercurial VCS URL. By sending a specially crafted request, an attacker can inject arbitrary configuration options to the "h...

5.5CVSS7.2AI score0.00476EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2022/03/04 12:0 a.m.3 views

PT-2022-16834 · Weblate · Weblate

Name of the Vulnerable Software and Affected Versions: Weblate versions prior to 4.11.1 Description: Weblate is a web-based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn't properly sanitize some arguments passed to Git and Mercurial, allowing them...

8.8CVSS8.8AI score0.02927EPSS
Exploits0References21
nessus
nessus
added 2019/04/04 12:0 a.m.168 views

Atlassian Fisheye for Windows < 4.4.6, 4.5.x < 4.5.3 Remote Code Execution Vulnerability

According to its self-reported version, the installation of Atlassian Fisheye running on the remote Windows host is prior to 4.4.6 or 4.5.x prior to 4.5.3. It is, therefore, affected by a remote command execution vulnerability due to improper sanitization of characters in a Mercurial repository U...

7.2CVSS7.7AI score0.02203EPSS
Exploits1References2
nessus
nessus
added 2019/04/04 12:0 a.m.28 views

Atlassian Crucible for Windows < 4.4.6, 4.5.x < 4.5.3 Remote Code Execution Vulnerability

According to its self-reported version, the installation of Atlassian Crucible running on the remote Windows host is prior to 4.4.6 or 4.5.x prior to 4.5.3. It is, therefore, affected by a remote command execution vulnerability due to improper sanitization of characters in a Mercurial repository...

7.2CVSS7.7AI score0.02203EPSS
Exploits1References2
nessus
nessus
added 2019/03/14 12:0 a.m.67 views

Atlassian SourceTree 0.5a < 3.0.17 Multiple remote code execution vulnerabilities

The version of Atlassian SourceTree installed on the remote Windows host is version 0.5a prior to 3.0.17. It is, therefore, affected by multiple remote code execution vulnerabilities. - An option injection vulnerability exists in the git submodule component. An unauthenticated, remote attacker ca...

9.8CVSS8.3AI score0.97356EPSS
Exploits12References5
cnvd
cnvd
added 2018/11/06 12:0 a.m.2 views

Sourcetree for Windows Parameter Injection Vulnerability (CNVD-2019-09133)

Sourcetree is a free Mercurial and Git client for Windows and Mac. Sourcetree for Windows suffers from a parameter injection vulnerability that can be exploited by an attacker to execute code on a system via a Git subrepository in a Mercurial repository...

9CVSS8.9AI score0.02112EPSS
Exploits1References1
cnvd
cnvd
added 2018/11/06 12:0 a.m.3 views

Sourcetree for macOS parameter injection vulnerability (CNVD-2019-09132)

Sourcetree is a free Mercurial and Git client for Windows and Mac. Sourcetree for macOS suffers from a parameter injection vulnerability that can be exploited by an attacker to execute code on a system via a Git subrepository in a Mercurial repository...

9CVSS8.8AI score0.01946EPSS
Exploits1References1
nvd
nvd
added 2018/04/25 9:29 p.m.21 views

CVE-2018-5226

There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the...

8.8CVSS9AI score0.01463EPSS
Exploits0References1
zdt
zdt
added 2018/04/07 12:0 a.m.278 views

Atlassian Fisheye / Crucible 4.5.2 Code Execution Vulnerability

Atlassian Fisheye and Crucible versions 4.5.0 through 4.5.2 suffer from a code execution vulnerability. This email refers to the advisory found at https://confluence.atlassian.com/x/aS5sO and https://confluence.atlassian.com/x/Zi5sO . CVE ID: CVE-2018-5223. Product: Fisheye and Crucible. Affected...

7.3AI score0.02203EPSS
Exploits1
osv
osv
added 2018/03/29 1:29 p.m.5 views

CVE-2018-5224

Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository,...

8.8CVSS5.9AI score0.02822EPSS
Exploits1References3
prion
prion
added 2018/03/29 1:29 p.m.25 views

Design/Logic Flaw

Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository,...

9CVSS8.7AI score0.02822EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2018/03/29 1:0 p.m.28 views

CVE-2018-5223

Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on systems that run...

7AI score0.02203EPSS
Exploits1References5
Rows per page
Query Builder