CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 1CVE-2014-9462
https://notcve.org/view.php?id=CVE-2014-9462
The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command. La función _validaterepo en sshpeer en Mercurial anterior a 3.2.4 permite a atacantes remotos ejecutar comandos arbitrarios a través de un nombre de repositorio manipulado en un comando clon. • http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00085.html http://mercurial.selenic.com/wiki/WhatsNew http://www.debian.org/security/2015/dsa-3257 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.osvdb.org/119816 https://security.gentoo.org/glsa/201612-19 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 94%CPEs: 17EXPL: 1CVE-2014-9390 – Malicious Git and Mercurial HTTP Server For CVE-2014-9390
https://notcve.org/view.php?id=CVE-2014-9390
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. Git versiones anteriores a 1.8.5.6, versiones 1.9.x anteriores a 1.9.5, versiones 2.0.x anteriores a 2.0.5, versiones 2.1.x anteriores a 2.1.4 y versiones 2.2.x anteriores a 2.2.1 en Windows y OS X; Mercurial versiones anteriores a 3.2.3 en Windows y OS X; Apple Xcode versiones anteriores a 6.2 beta 3; mine todas las versiones antes del 08-12-2014; libgit2 todas las versiones hasta 0.21. 2; Egit todas las versiones anteriores al 08-12-2014; y JGit todas las versiones anteriores al 08-12-2014 permiten a los servidores Git remotos ejecutar comandos arbitrarios por medio de un árbol que contiene un archivo .git/config diseñado con (1) un punto de código Unicode ignorable, (2) una representación git~1/config, o (3) mayúsculas y minúsculas que no son manejadas apropiadamente en un sistema de archivos insensible a mayúsculas y minúsculas • http://article.gmane.org/gmane.linux.kernel/1853266 http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html http://mercurial.selenic.com/wiki/WhatsNew http://securitytracker.com/id?1031404 http://support.apple.com/kb/HT204147 https://github.com/blog/1938-git-client-vulnerability-announced https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915 https://libgit2.org/security https://news.ycombinator.com/item?id=8769667 https://www.rapid7.com/blo • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4297
https://notcve.org/view.php?id=CVE-2008-4297
Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request. Mercurial anterior a 1.0.2 no hace cumplir la configuración de permisos para una operación pull del hgweb, la cual permite a atacantes remotos leer arbitrariamente archivos de un repositorio a través de una petición "hg pull". • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html http://marc.info/?l=oss-security&m=122169840003798&w=2 http://secunia.com/advisories/32182 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0276 http://www.securityfocus.com/archive/1/496488/100/0/threaded http://www.securityfocus.com/bid/31223 http://www.selenic.com/mercurial/wiki/index.cgi/WhatsNew#head-905b8adb3420a77d92617e06590055bd8952e02b http://www.vupen.com/english/advisories/2008/2604 https://exchange.xforc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2008-2942
https://notcve.org/view.php?id=CVE-2008-2942
Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file. Vulnerabilidad de salto de directorio en patch.py de Mercurial 1.0.1 permite a atacantes ayudados por el usuario a modificar archivos de su elección mediante secuencias ".." (punto punto) en un archivo patch. • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html http://secunia.com/advisories/31108 http://secunia.com/advisories/31110 http://secunia.com/advisories/31167 http://security.gentoo.org/glsa/glsa-200807-09.xml http://wiki.rpath.com/Advisories:rPSA-2008-0211 http://www.openwall.com/lists/oss-security/2008/06/30/1 http://www.openwall.com/lists/oss-security/2008/07/01/1 http://www.securityfocus.com/archive/1/493881/100/0/threaded http://www& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •