Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201612-19
HistoryDec 07, 2016 - 12:00 a.m.

Mercurial: Multiple vulnerabilities

2016-12-0700:00:00
Gentoo Foundation
security.gentoo.org
43

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.944 High

EPSS

Percentile

99.2%

JSON

Background

Mercurial is a distributed source control management system.

Description

Multiple vulnerabilities have been discovered in Mercurial. Please review the CVE identifier and bug reports referenced for details.

Impact

A remote attacker could possibly execute arbitrary code with the privileges of the process.

Workaround

There is no known workaround at this time.

Resolution

All mercurial users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-vcs/mercurial-3.8.4"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-vcs/mercurial<Β 3.8.4UNKNOWN

Related

nessus 45
openvas 31
fedora 5
freebsd 3
slackware 2
mageia 5
amazon 1
suse 4
debian 8
osv 12
archlinux 2
securityvulns 4
photon 1
redhat 1
oraclelinux 2
centos 1
cvelist 6
cve 6
nvd 6
rosalinux 1
prion 6
ubuntucve 6
github 6
debiancve 6
ubuntu 1
metasploit 1
packetstorm 1
checkpoint_advisories 1
veracode 2
ibm 1
gentoo 1
seebug 1
exploitdb 1
nessus
nessus
GLSA-201612-19 : Mercurial: Multiple vulnerabilities
2016-12-07 00:00:00
Photon OS 1.0: Mercurial PHSA-2016-0011
2019-02-07 00:00:00
openSUSE Security Update : mercurial (openSUSE-2016-452)
2016-04-13 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2016-0138)
2016-05-09 00:00:00
Amazon Linux: Security Advisory (ALAS-2016-697)
2016-05-09 00:00:00
openSUSE: Security Advisory for mercurial (openSUSE-SU-2016:1016-1)
2016-04-13 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: mercurial-3.5.2-1.fc23
2016-04-07 15:54:29
[SECURITY] Fedora 24 Update: mercurial-3.7.3-1.fc24
2016-04-20 15:30:41
[SECURITY] Fedora 22 Update: mercurial-3.5.2-1.fc22
2016-04-07 15:51:07
freebsd
freebsd
mercurial -- multiple vulnerabilities
2016-03-29 00:00:00
git -- Arbitrary command execution on case-insensitive filesystems
2014-12-19 00:00:00
mercurial -- arbitrary code execution vulnerability
2016-05-01 00:00:00
slackware
slackware
[slackware-security] mercurial
2016-04-01 21:39:16
[slackware-security] mercurial
2016-05-02 20:39:44
mageia
mageia
Updated mercurial packages fix security vulnerabilities
2016-04-13 20:39:04
Updated mercurial packages fix CVE-2014-9462
2015-04-03 16:11:23
Updated cgit package fixes security vulnerability
2015-08-26 23:36:28
amazon
amazon
Important: mercurial
2016-05-03 10:30:00
suse
suse
Security update for mercurial (important)
2016-04-12 14:08:54
Security update for mercurial (important)
2016-04-12 14:08:19
Security update for mercurial (important)
2016-04-12 19:08:03
debian
debian
[SECURITY] [DSA 3542-1] mercurial security update
2016-04-05 14:06:55
[SECURITY] [DSA 3542-1] mercurial security update
2016-04-05 14:06:55
[SECURITY] [DLA 237-1] mercurial security update
2015-06-04 07:24:39
osv
osv
mercurial - security update
2016-04-05 00:00:00
mercurial - security update
2015-06-04 00:00:00
mercurial - security update
2015-05-11 00:00:00
archlinux
archlinux
mercurial: arbitrary code execution
2016-04-06 00:00:00
mercurial: arbitrary code execution
2016-05-06 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3257-1] mercurial security update
2015-05-12 00:00:00
mercurial code execution
2015-05-12 00:00:00
Apple Xcode git client unauthorized files access
2014-12-22 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2016-0011
2016-11-29 00:00:00
redhat
redhat
(RHSA-2016:0706) Important: mercurial security update
2016-05-02 12:16:03
oraclelinux
oraclelinux
mercurial security update
2016-05-02 00:00:00
git19-git security update
2016-02-04 00:00:00
centos
centos
emacs, mercurial security update
2016-05-02 15:13:40
cvelist
cvelist
CVE-2014-9462
2015-03-31 14:00:00
CVE-2014-9390
2020-02-12 01:58:27
CVE-2016-3068
2016-04-13 16:00:00
cve
cve
CVE-2014-9462
2015-03-31 14:59:03
CVE-2014-9390
2020-02-12 02:15:10
CVE-2016-3068
2016-04-13 16:59:16
nvd
nvd
CVE-2014-9462
2015-03-31 14:59:03
CVE-2014-9390
2020-02-12 02:15:10
CVE-2016-3068
2016-04-13 16:59:16
rosalinux
rosalinux
Advisory ROSA-SA-2021-1918
2021-07-02 17:29:24
prion
prion
Command injection
2015-03-31 14:59:00
Command injection
2020-02-12 02:15:00
Code injection
2016-05-09 20:59:00
ubuntucve
ubuntucve
CVE-2014-9462
2015-03-31 00:00:00
CVE-2014-9390
2014-12-19 00:00:00
CVE-2016-3068
2016-04-13 00:00:00
github
github
Mercurial vulnerable to arbitrary command execution via a crafted repository name in a clone command
2022-05-14 02:05:56
JGit Improper Input Validation vulnerability
2022-05-17 19:57:29
Mercurial arbitrary code execution vulnerability
2022-05-14 02:08:55
debiancve
debiancve
CVE-2014-9462
2015-03-31 14:59:03
CVE-2014-9390
2020-02-12 02:15:10
CVE-2016-3068
2016-04-13 16:59:16
ubuntu
ubuntu
Git vulnerability
2015-01-14 00:00:00
metasploit
metasploit
Malicious Git and Mercurial HTTP Server For CVE-2014-9390
2015-01-01 19:03:17
packetstorm
packetstorm
Malicious Git And Mercurial HTTP Server For CVE-2014-9390
2015-01-02 00:00:00
checkpoint_advisories
checkpoint_advisories
Git Client Path Validation Command Execution (CVE-2014-9390)
2015-01-19 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-09-21 06:21:42
Arbitrary Code Execution
2024-05-03 07:05:18
ibm
ibm
Security Bulletin: Security vulnerability with Eclipse Git Team Provider affects Rational Application Developer (CVE-2014-9390)
2020-02-05 00:09:48
gentoo
gentoo
Git: Arbitrary command execution
2015-09-24 00:00:00
seebug
seebug
Git η‰ˆζœ¬<=2.7.1 θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž
2016-03-16 00:00:00
exploitdb
exploitdb
GIT 1.8.5.6/1.9.5/2.0.5/2.1.4/2.2.1 &amp; Mercurial &lt; 3.2.3 - Multiple Vulnerabilities (Metasploit)
2014-12-18 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.944 High

EPSS

Percentile

99.2%

JSON
Related for GLSA-201612-19
nessus45openvas31fedora5freebsd3slackware2mageia5amazon1suse4debian8osv12archlinux2securityvulns4photon1redhat1oraclelinux2centos1cvelist6cve6nvd6rosalinux1prion6ubuntucve6github6debiancve6ubuntu1metasploit1packetstorm1checkpoint_advisories1veracode2ibm1gentoo1seebug1exploitdb1