Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fossil-scm fossil vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-24614
Fossil prior to 2.10.2, 2.11.x prior to 2.11.2, and 2.12.x prior to 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.
Fossil-scm Fossil
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
8.8
CVSSv3
CVE-2017-17459
http_transport.c in Fossil prior to 2.4, when the SSH sync protocol is used, allows user-assisted remote malicious users to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, ...
Fossil Scm Fossil
7.5
CVSSv3
CVE-2021-36377
Fossil prior to 2.14.2 and 2.15.x prior to 2.15.2 often skips the hostname check during TLS certificate validation.
Fossil-scm Fossil
Fedoraproject Fedora 34
5.5
CVSSv3
CVE-2022-34009
Fossil 2.18 on Windows allows malicious users to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender ha...
Fossil-scm Fossil 2.18
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started