19 matches found
Linux Distros Unpatched Vulnerability : CVE-2014-9462
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone...
RHEL 7 : mercurial (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mercurial: arbitrary command execution in mercurial repo with a git submodule CVE-2017-17458 - The...
EulerOS 2.0 SP3 : mercurial (EulerOS-SA-2022-1747)
According to the versions of the mercurial package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository...
Huawei EulerOS: Security Advisory for mercurial (EulerOS-SA-2022-1747)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for mercurial (EulerOS-SA-2022-1331)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2015-0129)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Advisory ROSA-SA-2021-1918
Software: mercurial 2.6.2 OS: Cobalt 7.9 CVE-ID: CVE-2014-9462 CVE-Crit: CRITICAL CVE-DESC: The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via the created repository name in the clone command. CVE-STATUS: default CVE-REV: defau...
[SECURITY] [DLA 237-1] mercurial security update
Package : mercurial Version : 1.6.4-1+deb6u1 CVE ID : CVE-2014-9390 CVE-2014-9462 CVE-2014-9462 Jesse Hertz of Matasano Security discovered that Mercurial, a distributed version control system, is prone to a command injection vulnerability via a crafted repository name in a clone command...
Debian DSA-3257-1 : mercurial - security update
Jesse Hertz of Matasano Security discovered that Mercurial, a distributed version control system, is prone to a command injection vulnerability via a crafted repository name in a clone command. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
[SECURITY] [DSA 3257-1] mercurial security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3257-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 11, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3257-1] mercurial security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3257-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 11, 2015 http://www.debian.org/security/faq -...
MGASA-2015-0129 Updated mercurial packages fix CVE-2014-9462
Updated mercurial packages fix security vulnerability: The mercurial source code management system suffers from a code-injection flaw due to insufficient shell quoting in sshpeer.validaterepo CVE-2014-9462...
CVE-2014-9462
The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command...
CVE-2014-9462
The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command...
UBUNTU-CVE-2014-9462
The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command...
CVE-2014-9462
The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command...
CVE-2014-9462
CVE-2014-9462 affects Mercurial prior to 3.2.4, via the _validaterepo function in sshpeer, allowing remote attackers to execute arbitrary commands in a clone operation by crafting the repository name. Impact: remote command execution with partial confidentiality/integrity/availability implication...
openSUSE Security Update : mercurial (openSUSE-2015-268)
mercurial was updated to fix a command Injection via sshpeer.validaterepo CVE-2014-9462, bnc923070. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2015-268. The text description of...
SUSE-SU-2015:0817-1 Security update for mercurial
mercurial was updated to fix a potential command injection via sshpeer.validaterepo CVE-2014-9462 Security Issues: CVE-2014-9462...