Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fossil scm fossil vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-24614
Fossil prior to 2.10.2, 2.11.x prior to 2.11.2, and 2.12.x prior to 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.
Fossil-scm Fossil
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
8.8
CVSSv3
CVE-2017-17459
http_transport.c in Fossil prior to 2.4, when the SSH sync protocol is used, allows user-assisted remote malicious users to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, ...
Fossil Scm Fossil
7.5
CVSSv3
CVE-2021-36377
Fossil prior to 2.14.2 and 2.15.x prior to 2.15.2 often skips the hostname check during TLS certificate validation.
Fossil-scm Fossil
Fedoraproject Fedora 34
5.5
CVSSv3
CVE-2022-34009
Fossil 2.18 on Windows allows malicious users to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender ha...
Fossil-scm Fossil 2.18
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started