Vulnerabilities > Fossil SCM

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-28	CVE-2022-34009	Cross-site Scripting vulnerability in Fossil-Scm Fossil 2.18 Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. local low complexity fossil-scm CWE-79	5.5
2021-07-12	CVE-2021-36377	Improper Certificate Validation vulnerability in multiple products Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. network low complexity fossil-scm fedoraproject CWE-295	7.5
2020-08-25	CVE-2020-24614	Missing Authorization vulnerability in multiple products Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. network low complexity fossil-scm fedoraproject opensuse CWE-862	8.8
2017-12-07	CVE-2017-17459	Unspecified vulnerability in Fossil SCM Fossil http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117. network low complexity fossil-scm	8.8

Vulnerabilities > Fossil SCM {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Fossil SCM"}]}