mercurial (SUSE:Linux Enterprise Software Development Kit 11 SP4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Software Development Kit 11 SP4 package mercurial, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2017-1000116 — CVSS 9.8 (critical): Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
CVE-2017-17458 — CVSS 9.8 (critical): In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the…
CVE-2016-3630 — CVSS 8.8 (high): The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull…
CVE-2017-9462 — CVSS 8.8 (high): In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute…
CVE-2016-3068 — CVSS 8.8 (high): Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
CVE-2016-3069 — CVSS 8.8 (high): Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
CVE-2016-3105 — CVSS 8.8 (high): The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git…
CVE-2018-13346 — CVSS 7.5 (high): The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of…
CVE-2017-1000115 — CVSS 7.5 (high): Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the…
CVE-2018-13348 — CVSS 7.5 (high): The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes…