| Bug | Description |
|---|
| CVE-2019-3902 | A flaw was found in Mercurial before 4.9. It was possible to use symli ... |
| CVE-2018-1000132 | Mercurial version 4.5 and earlier contains a Incorrect Access Control ... |
| CVE-2018-13348 | The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 misha ... |
| CVE-2018-13347 | mpatch.c in Mercurial before 4.6.1 mishandles integer addition and sub ... |
| CVE-2018-13346 | The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorr ... |
| CVE-2017-1000116 | Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ... |
| CVE-2017-1000115 | Mercurial prior to version 4.3 is vulnerable to a missing symlink chec ... |
| CVE-2017-17458 | In Mercurial before 4.4.1, it is possible that a specially malformed r ... |
| CVE-2017-9462 | In Mercurial before 4.1.3, "hg serve --stdio" allows remote authentica ... |
| CVE-2016-3630 | The binary delta decoder in Mercurial before 3.7.3 allows remote attac ... |
| CVE-2016-3105 | The convert extension in Mercurial before 3.8 might allow context-depe ... |
| CVE-2016-3069 | Mercurial before 3.7.3 allows remote attackers to execute arbitrary co ... |
| CVE-2016-3068 | Mercurial before 3.7.3 allows remote attackers to execute arbitrary co ... |
| CVE-2014-9462 | The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows ... |
| CVE-2014-9390 | Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x befo ... |
| CVE-2010-4237 | Mercurial before 1.6.4 fails to verify the Common Name field of SSL ce ... |
| CVE-2008-4297 | Mercurial before 1.0.2 does not enforce the allowpull permission setti ... |
| CVE-2008-2942 | Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allow ... |