Vulnerabilities > Fossil SCM

DATE CVE VULNERABILITY TITLE RISK
2022-07-28 CVE-2022-34009 Cross-site Scripting vulnerability in Fossil-Scm Fossil 2.18
Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket.
local
low complexity
fossil-scm CWE-79
5.5
2021-07-12 CVE-2021-36377 Improper Certificate Validation vulnerability in multiple products
Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.
network
low complexity
fossil-scm fedoraproject CWE-295
7.5
2020-08-25 CVE-2020-24614 Missing Authorization vulnerability in multiple products
Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code.
network
low complexity
fossil-scm fedoraproject opensuse CWE-862
8.8
2017-12-07 CVE-2017-17459 Unspecified vulnerability in Fossil SCM Fossil
http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.
network
low complexity
fossil-scm
8.8