mercurial (SUSE:Linux Enterprise Software Development Kit 12) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Software Development Kit 12 package mercurial, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2016-3068 — CVSS 8.8 (high): Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
CVE-2016-3069 — CVSS 8.8 (high): Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
CVE-2016-3105 — CVSS 8.8 (high): The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git…
CVE-2016-3630 — CVSS 8.8 (high): The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull…
CVE-2014-9462 — CVSS 7.5 (high): The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted…