Vulnerabilities > Fossil SCM
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-28 | CVE-2022-34009 | Cross-site Scripting vulnerability in Fossil-Scm Fossil 2.18 Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. | 5.5 |
2021-07-12 | CVE-2021-36377 | Improper Certificate Validation vulnerability in multiple products Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. | 7.5 |
2020-08-25 | CVE-2020-24614 | Missing Authorization vulnerability in multiple products Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. | 8.8 |
2017-12-07 | CVE-2017-17459 | Unspecified vulnerability in Fossil SCM Fossil http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117. | 8.8 |