52 matches found
Astra Linux – Vulnerability in Composer
Composer is a dependency manager for the PHP programming language. Integrators who use Composer code to call VcsDriver::getFileContent may encounter a code injection vulnerability if the user can control the $file or $identifier arguments. This vulnerability is documented on packagist.org, where...
AZL-78939 CVE-2025-68119 affecting package golang 1.25.7-1
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...
MiracleLinux 7 : mercurial-2.6.2-7.el7 (AXEA:2017-1725:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXEA:2017-1725:01 advisory. - In Mercurial before 4.1.3, hg serve --stdio allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by...
EUVD-2016-0017
Malware in sbrugna...
EUVD-2008-4280
Malware in sbrugna...
EUVD-2018-0094
Malware in sbrugna...
EUVD-2018-0098
Malware in sbrugna...
EUVD-2015-0029
Malware in sbrugna...
EUVD-2018-0097
Malware in sbrugna...
EUVD-2016-0015
Malware in sbrugna...
EUVD-2016-0016
Malware in sbrugna...
EUVD-2018-0096
Malware in sbrugna...
EUVD-2017-0070
Malware in sbrugna...
EUVD-2022-1665
Malicious code in bioql PyPI...
EUVD-2017-0072
Malicious code in bioql PyPI...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for August 2025.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 25.0.0-IF001 Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be us...
ROS-20250624-07
A vulnerability in the Mercurial version control software tool is related to insufficient data cleansing, provided by the user. Exploitation of the vulnerability could allow an attacker acting remotely to perform cross-site scripting XSS attacks. remotely to perform cross-site scripting XSS attac...
SUSE CVE-2023-5752
When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...
AZL-39958 CVE-2023-5752 affecting package python3 for versions less than 3.12.3-1
When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...
AZL-60006 CVE-2023-5752 affecting package python3 for versions less than 3.9.19-14
When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...