CPE-38576C07-8908-44C3-851A-F4DFD392F2B0 Detail

CPE Details

Mercurial 4.2

Vendor

mercurial

Product

mercurial

Version

4.2

Created

2019-04-30
15h18 +00:00

Modified

2019-04-30
15h18 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:mercurial:mercurial:4.2:::::::*

Informations

Vendor

mercurial

Product

mercurial

Version

4.2

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2019-3902	2019-04-22 13h29 +00:00	A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.	5.9	Medium
CVE-2018-17983	2018-10-04 21h00 +00:00	cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.	9.1	Critical
CVE-2018-13346	2018-07-05 22h00 +00:00	The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.	7.5	High
CVE-2018-13347	2018-07-05 22h00 +00:00	mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.	9.8	Critical
CVE-2018-13348	2018-07-05 22h00 +00:00	The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.	7.5	High
CVE-2018-1000132	2018-03-14 12h00 +00:00	Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.	9.1	Critical
CVE-2017-17458	2017-12-07 17h00 +00:00	In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.	9.8	Critical
CVE-2017-1000115	2017-10-03 23h00 +00:00	Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository	7.5	High
CVE-2017-1000116	2017-10-03 23h00 +00:00	Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.	9.8	Critical

Mercurial 4.2

CPE Details

CPE Name: cpe:2.3:a:mercurial:mercurial:4.2:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:mercurial:mercurial:4.2:::::::*