Lucene search
+L

23 matches found

nessus
nessus
added 2026/01/19 12:0 a.m.4 views

MiracleLinux 7 : mercurial-2.6.2-7.el7 (AXEA:2017-1725:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXEA:2017-1725:01 advisory. - In Mercurial before 4.1.3, hg serve --stdio allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by...

9CVSS7.9AI score0.21512EPSS
Exploits1References2
susecve
susecve
added 2023/02/15 4:44 a.m.6 views

SUSE CVE-2017-9462

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name...

9CVSS9.6AI score0.21512EPSS
Exploits1References6
openvas
openvas
added 2022/01/28 12:0 a.m.22 views

Mageia: Security Advisory (MGASA-2017-0182)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS8.7AI score0.21512EPSS
Exploits1References5
openvas
openvas
added 2020/01/23 12:0 a.m.27 views

Huawei EulerOS: Security Advisory for mercurial (EulerOS-SA-2017-1133)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS8.8AI score0.21512EPSS
Exploits1References2
github
github
added 2018/07/13 3:17 p.m.68 views

Mercurial has Incorrect Permission Assignment for Critical Resource

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name...

9CVSS8.6AI score0.21512EPSS
Exploits1References11Affected Software1
osv
osv
added 2018/07/13 3:17 p.m.31 views

GHSA-GHJX-3JG5-H6R2 Mercurial has Incorrect Permission Assignment for Critical Resource

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name...

8.8CVSS8.6AI score0.21512EPSS
Exploits1References11
debian
debian
added 2017/09/04 7:5 a.m.49 views

[SECURITY] [DSA 3963-1] mercurial security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3963-1 [email protected] https://www.debian.org/security/ Sebastien Delafond September 04, 2017 https://www.debian.org/security/faq -...

10CVSS2.5AI score0.21512EPSS
Exploits2
debian
debian
added 2017/06/29 7:14 p.m.43 views

[SECURITY] [DLA 1005-1] mercurial security update

Package : mercurial Version : 2.2.2-4+deb7u4 CVE ID : CVE-2017-9462 Debian Bug : 861243 In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. For Debian 7...

9CVSS7.1AI score0.21512EPSS
Exploits1
mageia
mageia
added 2017/06/26 9:28 a.m.37 views

Updated mercurial packages fix security vulnerability

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name...

9CVSS6.2AI score0.21512EPSS
Exploits1References3
osv
osv
added 2017/06/26 9:28 a.m.6 views

MGASA-2017-0182 Updated mercurial packages fix security vulnerability

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name...

9CVSS8.6AI score0.21512EPSS
Exploits1References4
veracode
veracode
added 2017/06/07 5:4 a.m.31 views

Remote Code Execution (RCE)

Mecurial is vulnerable to remote code execution RCE. The hg serve --stdio command allows a malicious user to launch the python debugger to execute arbitrary python code by using --debugger as the target repository...

9CVSS9.8AI score0.21512EPSS
Exploits1References8Affected Software1
pypa
pypa
added 2017/06/06 9:29 p.m.10 views

PYSEC-2017-91

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name...

9CVSS7.3AI score0.21512EPSS
Exploits1References9Affected Software1
osv
osv
added 2017/06/06 9:29 p.m.6 views

CVE-2017-9462

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name...

8.8CVSS8.6AI score
Exploits0References8
osv
osv
added 2017/06/06 9:29 p.m.8 views

UBUNTU-CVE-2017-9462

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name...

8.8CVSS7.2AI score0.21512EPSS
Exploits1References5
osv
osv
added 2017/06/06 9:29 p.m.5 views

DEBIAN-CVE-2017-9462

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name...

8.8CVSS7.3AI score0.21512EPSS
Exploits1References1
cvelist
cvelist
added 2017/06/06 9:0 p.m.28 views

CVE-2017-9462

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name...

8.6AI score0.21512EPSS
Exploits1References8
cve
cve
added 2017/06/06 9:0 p.m.177 views

CVE-2017-9462

CVE-2017-9462 affects Mercurial prior to 4.1.3. When using the hg serve --stdio server, remote authenticated users could trigger the Python debugger by passing a repository name that uses --debugger, enabling execution of arbitrary code. Public advisories confirm this vulnerability and reference ...

9CVSS8.5AI score0.21512EPSS
Exploits1References8Affected Software1
exploitdb
exploitdb
added 2017/04/27 12:0 a.m.45 views

Mercurial - Custom hg-ssh Wrapper Remote Code Exec (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mercurial Custom hg-ssh Wrapper Remote Code Exec", 'Description' = %q This module takes advantage of custom hg-ssh wrapper implementations that...

7.4AI score
Exploits0
zdt
zdt
added 2017/04/26 12:0 a.m.27 views

Mercurial Custom hg-ssh Wrapper Remote Code Execution Exploit

This Metasploit module takes advantage of custom hg-ssh wrapper implementations that don't adequately validate parameters passed to the hg binary, allowing users to trigger a Python Debugger session, which allows arbitrary Python code execution. This module requires Metasploit:...

7.4AI score
Exploits0
packetstorm
packetstorm
added 2017/04/26 12:0 a.m.35 views

Mercurial Custom hg-ssh Wrapper Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mercurial Custom hg-ssh Wrapper Remote Code Exec", 'Description' = %q This module takes advantage of custom hg-ssh wrapper implementations that...

Exploits0
Rows per page
Query Builder