mercurial (SUSE:Linux Enterprise Software Development Kit 12 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Software Development Kit 12 SP3 package mercurial, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2017-1000116 — CVSS 9.8 (critical): Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
CVE-2017-17458 — CVSS 9.8 (critical): In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the…
CVE-2018-1000132 — CVSS 9.1 (critical): Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in…
CVE-2018-13346 — CVSS 7.5 (high): The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of…
CVE-2017-1000115 — CVSS 7.5 (high): Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the…
CVE-2018-13348 — CVSS 7.5 (high): The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes…