Fossil

fossil

Vendor: Fossil Scm • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-34009 1Fossil Scm 1Fossil Nov 21, 2024 Jul 28, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly han...Show more Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender has flagged it as malware.Show less
CVE-2021-36377 2Fedoraproject Fossil Scm 2Fedora Fossil Nov 21, 2024 Jul 12, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.
CVE-2020-24614 3Fedoraproject Fossil ScmOpensuse 4Backports Sle FedoraFossil+1 more Nov 21, 2024 Aug 25, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.
CVE-2017-17459 1Fossil Scm 1Fossil May 13, 2026 Dec 7, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issu...Show more http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.Show less