CVE-2022-43410

<= 1251.va_b_121f184902

Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for po

5.3MEDIUM

CVE-2022-30948

< 2.16.1

Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored o

7.5HIGH

CVE-2020-2306

<= 2.11

A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a

4.3MEDIUM

CVE-2020-2305

<= 2.11

Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

6.5MEDIUM

CVE-2014-9390

< 3.2.3

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercur

9.8CRITICAL

CVE-2010-4237

< 1.6.4

Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certi

5.9MEDIUM

CVE-2019-3902

< 4.9

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking

5.1MEDIUM

CVE-2018-17983

< 4.7.2

cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.

9.1CRITICAL

CVE-2018-13348

< 4.6.1

The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 b

7.5HIGH

CVE-2018-13347

< 4.6.1

mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.

9.8CRITICAL

CVE-2018-13346

< 4.6.1

The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the

7.5HIGH

CVE-2018-1000132

< 4.5.1

Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result i

9.1CRITICAL

CVE-2018-1000112

<= 2.2

An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that al

5.3MEDIUM

CVE-2017-17458

< 4.4.1

In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary cod

9.8CRITICAL

CVE-2017-1000116

< 4.3

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.

9.8CRITICAL

CVE-2017-1000115

< 4.3

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside th

7.5HIGH

CVE-2017-9462

< 4.1.3

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently ex

8.8HIGH

CVE-2016-3105

<= 3.7.3

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git

8.8HIGH

CVE-2016-3630

<= 3.7.2

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or

8.8HIGH

CVE-2016-3069

<= 3.7.2

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

8.8HIGH

CVE-2016-3068

<= 3.7.2

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

8.8HIGH

CVE-2014-9462

<= 3.2.3

The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafte

CVE-2008-4297

<= 1.0.1

Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote atta

CVE-2008-2942

all versions

Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".."