CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2016-0014

Malware in sbrugna...

8.8CVSS8.6AI score0.05001EPSS

Exploits0References24

SUSE CVE•added 2023/02/15 4:17 a.m.•2 views

SUSE CVE-2019-3902

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...

5CVSS8.5AI score0.00541EPSS

Exploits0References8

Fedora•added 2022/07/04 1:35 a.m.•12 views

[SECURITY] Fedora 36 Update: golang-x-exp-0-0.43.20220330git053ad81.fc36

This subrepository holds experimental and deprecated packages. The idea for this subrepository originated as the pkg/exp directory of the ma in repository, but its presence there made it unavailable to users of the binary downloads of the Go installation. The subrepository has therefore been...

9.3CVSS8AI score0.00963EPSS

Exploits4

OSV•added 2022/05/14 2:8 a.m.•4 views

GHSA-J7C2-RQM3-C97M Mercurial arbitrary code execution via a crafted git ext:: URL

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository...

8.8CVSS8.8AI score0.05001EPSS

Exploits0References16

Github Security Blog•added 2022/05/14 2:8 a.m.•21 views

Mercurial arbitrary code execution via a crafted git ext:: URL

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository...

8.8CVSS8.2AI score0.05001EPSS

Exploits0References17Affected Software1

Fedora•added 2022/05/07 5:6 a.m.•25 views

[SECURITY] Fedora 36 Update: golang-x-exp-0-0.42.20220330git053ad81.fc36

7.5CVSS9.2AI score0.00089EPSS

Exploits0

OSV•added 2022/02/15 1:13 a.m.•6 views

GHSA-MQ66-VCFC-8246 Mercurial Path Traversal/Link Following vulnerability

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...

5.9CVSS5.8AI score0.00541EPSS

Exploits0References7

OSV•added 2019/04/22 4:29 p.m.•27 views

PYSEC-2019-188

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...

5.9CVSS1.6AI score0.00541EPSS

Exploits0References5

AlpineLinux•added 2019/04/22 3:29 p.m.•43 views

CVE-2019-3902

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...

5.9CVSS6AI score0.00541EPSS

Exploits0

CNVD•added 2018/11/06 12:0 a.m.•1 views

Sourcetree for Windows Parameter Injection Vulnerability (CNVD-2019-09133)

Sourcetree is a free Mercurial and Git client for Windows and Mac. Sourcetree for Windows suffers from a parameter injection vulnerability that can be exploited by an attacker to execute code on a system via a Git subrepository in a Mercurial repository...

9CVSS8.9AI score0.00447EPSS

Exploits1References1

CNVD•added 2018/11/06 12:0 a.m.•1 views

Sourcetree for macOS parameter injection vulnerability (CNVD-2019-09132)

Sourcetree is a free Mercurial and Git client for Windows and Mac. Sourcetree for macOS suffers from a parameter injection vulnerability that can be exploited by an attacker to execute code on a system via a Git subrepository in a Mercurial repository...

9CVSS8.8AI score0.00432EPSS

Exploits1References1

OSV•added 2017/12/07 6:29 p.m.•1 views

DEBIAN-CVE-2017-17458

In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be...

9.8CVSS9.3AI score0.17249EPSS

Exploits0References1

RedHat Linux•added 2017/08/17 11:6 a.m.•2 views

mercurial: command injection on clients through malicious ssh URLs

A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a "checkout" or "update" action on a sub-repository...

10CVSS7.4AI score0.04585EPSS

Exploits1References5

RedHat Linux•added 2016/05/02 12:57 p.m.•2 views

mercurial: command injection via git subrepository urls

It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code...

8.8CVSS6AI score0.05001EPSS

Exploits0References5

OSV•added 2016/04/13 4:59 p.m.•6 views

CVE-2016-3068

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository...

8.8CVSS8.8AI score

Exploits0References14