| Max CVSS | 7.5 | Min CVSS | 6.8 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-3630 | 6.8 |
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.
|
21-06-2023 - 15:19 | 13-04-2016 - 16:59 | |
| CVE-2014-9462 | 7.5 |
The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.
|
30-10-2018 - 16:27 | 31-03-2015 - 14:59 | |
| CVE-2016-3069 | 6.8 |
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
|
30-10-2018 - 16:27 | 13-04-2016 - 16:59 | |
| CVE-2016-3068 | 6.8 |
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
|
30-10-2018 - 16:27 | 13-04-2016 - 16:59 | |
| CVE-2016-3105 | 6.8 |
The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.
|
01-07-2017 - 01:29 | 09-05-2016 - 20:59 |